Meltdown and Spectre Security Patches:
Intel has released new microcodes to fix the Spectre v2 security issue for a lot of processor architectures (Nehalem, Sandy Bridge, Ivy Bridge, Haswell, Broadwell, ...). Download the 'microcode-20180312.tgz' tarball from https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?v=t, unpack it into /lib/firmware, and reload the microcode (reboot is not required). Example (Sandy Bridge host, SL6):
# ls /lib/firmware/intel-ucode/
06-3f-02 06-4f-01 06-55-04
# (cd /lib/firmware ; tar xzf /root/microcode-20180312.tgz)
# ls /lib/firmware/intel-ucode/
06-03-02 06-06-05 06-08-01 06-0a-01 06-0f-02 06-16-01 06-1c-02 06-26-01 06-3c-03 06-3f-04 06-55-03 06-5c-09 06-9e-0a 0f-02-05 0f-03-04 0f-04-09 06-05-00 06-06-0a 06-08-03 06-0b-01 06-0f-06 06-17-06 06-1c-0a 06-2a-07 06-3d-04 06-45-01 06-55-04 06-5e-03 06-9e-0b 0f-02-06 0f-04-01 0f-04-0a 06-05-01 06-06-0d 06-08-06 06-0b-04 06-0f-07 06-17-07 06-1d-01 06-2d-06 06-3e-04 06-46-01 06-56-02 06-7a-01 0f-00-07 0f-02-07 0f-04-03 0f-06-02 06-05-02 06-07-01 06-08-0a 06-0d-06 06-0f-0a 06-17-0a 06-1e-05 06-2d-07 06-3e-06 06-47-01 06-56-03 06-8e-09 0f-00-0a 0f-02-09 0f-04-04 0f-06-04 06-05-03 06-07-02 06-09-05 06-0e-08 06-0f-0b 06-1a-04 06-25-02 06-2f-02 06-3e-07 06-4e-03 06-56-04 06-8e-0a 0f-01-02 0f-03-02 0f-04-07 0f-06-05 06-06-00 06-07-03 06-0a-00 06-0e-0c 06-0f-0d 06-1a-05 06-25-05 06-3a-09 06-3f-02 06-4f-01 06-56-05 06-9e-09 0f-02-04 0f-03-03 0f-04-08 0f-06-08
# grep microcode /proc/cpuinfo | uniq
microcode : 1808
# echo 1 > /sys/devices/system/cpu/cpu0/microcode/reload
# grep microcode /proc/cpuinfo | uniq
microcode : 1811
#
Remarks:
- If the final 'grep microcode /proc/cpuinfo | uniq' command prints the new release as well as the old one, then reload the new microcode to all cores, until only the new microcode revision appears in the output
- Warning: some systems at GridKa hanging after reload - run update on idle host if possible
- Software vendors (SL, SLC, CentOS) are not providing updated RPM files so far, because they are preferring Retpoline. However, there was rumor that Retpoline is not sufficient; therefore also microcode updates are still recommended. (You can also ask your silicon vendor for latest BIOS release implementing the microcode updates.)
ACTION ITEM: Can site admins apply the microcode patches, rerun the benchmarks, and present results at one of the next meetings, please?
- GridKa: no significant impact on performance found, fluctuations in the HS06 scores as usual
- Other sites?
- Reference workloads, and user jobs?