Meltdown and Spectre Security Patches:

Intel has released new microcodes to fix the Spectre v2 security issue for a lot of processor architectures (Nehalem, Sandy Bridge, Ivy Bridge, Haswell, Broadwell, ...). Download the 'microcode-20180312.tgz' tarball from https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?v=t, unpack it into /lib/firmware, and reload the microcode (reboot is not required). Example (Sandy Bridge host, SL6):

# ls /lib/firmware/intel-ucode/
06-3f-02  06-4f-01  06-55-04
# (cd /lib/firmware ; tar xzf /root/microcode-20180312.tgz)
# ls /lib/firmware/intel-ucode/                         
06-03-02  06-06-05  06-08-01  06-0a-01  06-0f-02  06-16-01  06-1c-02  06-26-01  06-3c-03  06-3f-04  06-55-03  06-5c-09  06-9e-0a  0f-02-05  0f-03-04  0f-04-09  06-05-00  06-06-0a  06-08-03  06-0b-01  06-0f-06  06-17-06  06-1c-0a  06-2a-07  06-3d-04  06-45-01  06-55-04  06-5e-03  06-9e-0b  0f-02-06  0f-04-01  0f-04-0a  06-05-01  06-06-0d  06-08-06  06-0b-04  06-0f-07  06-17-07  06-1d-01  06-2d-06  06-3e-04  06-46-01  06-56-02  06-7a-01  0f-00-07  0f-02-07  0f-04-03  0f-06-02  06-05-02  06-07-01  06-08-0a  06-0d-06  06-0f-0a  06-17-0a  06-1e-05  06-2d-07  06-3e-06  06-47-01  06-56-03  06-8e-09  0f-00-0a  0f-02-09  0f-04-04  0f-06-04  06-05-03  06-07-02  06-09-05  06-0e-08  06-0f-0b  06-1a-04  06-25-02  06-2f-02  06-3e-07  06-4e-03  06-56-04  06-8e-0a  0f-01-02  0f-03-02  0f-04-07  0f-06-05  06-06-00  06-07-03  06-0a-00  06-0e-0c  06-0f-0d  06-1a-05  06-25-05  06-3a-09  06-3f-02  06-4f-01  06-56-05  06-9e-09  0f-02-04  0f-03-03  0f-04-08  0f-06-08
# grep microcode /proc/cpuinfo | uniq
microcode       : 1808
# echo 1 > /sys/devices/system/cpu/cpu0/microcode/reload
# grep microcode /proc/cpuinfo | uniq
microcode       : 1811
#

Remarks:

1. If the final 'grep microcode /proc/cpuinfo | uniq' command prints the new release as well as the old one, then reload the new microcode to all cores, until only the new microcode revision appears in the output
2. Warning: some systems at GridKa hanging after reload - run update on idle host if possible
3. Software vendors (SL, SLC, CentOS) are not providing updated RPM files so far, because they are preferring Retpoline. However, there was rumor that Retpoline is not sufficient; therefore also microcode updates are still recommended. (You can also ask your silicon vendor for latest BIOS release implementing the microcode updates.)

ACTION ITEM: Can site admins apply the microcode patches, rerun the benchmarks, and present results at one of the next meetings, please?

• GridKa: no significant impact on performance found, fluctuations in the HS06 scores as usual
• Other sites?
• Reference workloads, and user jobs?