[opensuse] checking if patches for spectre, meltdown etc are applied or not ?
We have a customer for whom we manage a number of boxes - they are used for some hpc app, molecular modelling or some such, I'm not sure. This morning I was asked if these systems have the mitigation patches for Spectre, Meltdown etc applied. Apparently these patches have measureable performance impact - the next question was: if they are applied, can we have them un-applied? Does anyone know? -- Per Jessen, Zürich (7.9°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, Feb 14, 2020 at 11:18:40AM +0100, Per Jessen wrote:
We have a customer for whom we manage a number of boxes - they are used for some hpc app, molecular modelling or some such, I'm not sure.
This morning I was asked if these systems have the mitigation patches for Spectre, Meltdown etc applied. Apparently these patches have measureable performance impact - the next question was: if they are applied, can we have them un-applied?
Does anyone know?
We include the "spectre-meltdown-checker" script that can be run and gives very detailed summaries. (Can also be downloaded from github if not on older openSUSE/SLES) For short you can already start with for i in /sys/devices/system/cpu/vulnerabilities/*; do echo $i; cat $i; done Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Marcus Meissner wrote:
On Fri, Feb 14, 2020 at 11:18:40AM +0100, Per Jessen wrote:
We have a customer for whom we manage a number of boxes - they are used for some hpc app, molecular modelling or some such, I'm not sure.
This morning I was asked if these systems have the mitigation patches for Spectre, Meltdown etc applied. Apparently these patches have measureable performance impact - the next question was: if they are applied, can we have them un-applied?
Does anyone know?
We include the "spectre-meltdown-checker" script that can be run and gives very detailed summaries. (Can also be downloaded from github if not on older openSUSE/SLES)
For short you can already start with
for i in /sys/devices/system/cpu/vulnerabilities/*; do echo $i; cat $i; done
Ciao, Marcus
Thanks Marcus - that's very helpful, much appreciated! -- Per Jessen, Zürich (9.1°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 14/02/2020 11.35, Marcus Meissner wrote:
On Fri, Feb 14, 2020 at 11:18:40AM +0100, Per Jessen wrote:
We have a customer for whom we manage a number of boxes - they are used for some hpc app, molecular modelling or some such, I'm not sure.
This morning I was asked if these systems have the mitigation patches for Spectre, Meltdown etc applied. Apparently these patches have measureable performance impact - the next question was: if they are applied, can we have them un-applied?
Does anyone know?
There is a boot option(s) to un-apply them.
We include the "spectre-meltdown-checker" script that can be run and gives very detailed summaries. (Can also be downloaded from github if not on older openSUSE/SLES)
Where is it included? I don't have it on Leap. Telcontar:~ # spectre-meltdown-checker If 'spectre-meltdown-checker' is not a typo you can use command-not-found to lookup the package that contains it, like this: cnf spectre-meltdown-checker Telcontar:~ # cnf spectre-meltdown-checker spectre-meltdown-checker: command not found Telcontar:~ # - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXkaPHgAKCRC1MxgcbY1H 1VNtAJ96pEHkOo3StuamOsaJ1g4BWrf0dQCcDVr5nZjcybRqRkvOfNjEU0bLRzY= =0j4i -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, Feb 14, 2020 at 01:49:14PM +0100, Peter Suetterlin wrote:
Carlos E. R. wrote:
Where is it included? I don't have it on Leap.
Same (non)-result for Tumbleweed....
Did you spell it correctly, it is there openSUSE:Factory spectre-meltdown-checker Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2/14/20 12:16 PM, Marcus Meissner wrote:
Where is it included? I don't have it on Leap.
fwiw, it's a trivial install from the source https://github.com/speed47/spectre-meltdown-checker.git last commit there was 8 days ago ... the distro release packages, atm, v0.43, from mid Dec. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, Feb 14, 2020 at 12:54:18PM -0800, PGNet Dev wrote:
On 2/14/20 12:16 PM, Marcus Meissner wrote:
Where is it included? I don't have it on Leap.
This quote was not from me. The tool is on Tumbleweed and on Leap 15.1 FWIW.
fwiw, it's a trivial install from the source
Yes Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Marcus Meissner wrote:
On Fri, Feb 14, 2020 at 01:49:14PM +0100, Peter Suetterlin wrote:
Carlos E. R. wrote:
Where is it included? I don't have it on Leap.
Same (non)-result for Tumbleweed....
Did you spell it correctly, it is there
I did copy&paste from your mail. I can find the package if I look for it: lux:~% zypper se spectre-meltdown-checker S | Name | Summary | Type --+--------------------------+-----------------------------------------+-------- | spectre-meltdown-checker | Spectre & Meltdown Vulnerability Chec-> | package But as a user, if you are pointed at some script, the usual way is to use the (really helpful) 'cnf' command, and that one doesn't find it. So the script probably is installed in some non-bin directory? lux:~ # cnf spectre-meltdown-checker spectre-meltdown-checker: command not found Ah no, I just installed it, and the name is actually spectre-meltdown-checker.sh. And yes, it indeed is very .... verbose :D -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/02/2020 21.16, Marcus Meissner wrote:
On Fri, Feb 14, 2020 at 01:49:14PM +0100, Peter Suetterlin wrote:
Carlos E. R. wrote:
Where is it included? I don't have it on Leap.
Same (non)-result for Tumbleweed....
Did you spell it correctly, it is there
openSUSE:Factory spectre-meltdown-checker
Yes, I copy pasted from your mail. cer@Telcontar:~> cnf spectre-meltdown-checker spectre-meltdown-checker: command not found cer@Telcontar:~> It is not available for Leap, according to "cnf". However, the software search page says it is there: <https://software.opensuse.org/package/spectre-meltdown-checker?search_term=spectre-meltdown-checker> --> <https://download.opensuse.org/repositories/openSUSE:/Leap:/15.1:/Update/standard/x86_64/spectre-meltdown-checker-0.43-lp151.3.3.1.x86_64.rpm> or <https://download.opensuse.org/update/leap/15.1/oss/x86_64/> It is in the OSS repo as well: <https://download.opensuse.org/distribution/leap/15.1/repo/oss/x86_64/spectre-meltdown-checker-0.40-lp151.2.1.x86_64.rpm> So why does not cnf find it? Ah, because spectre-meltdown-checker is the package name, while the command is "spectre-meltdown-checker.sh". -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On Tue, Feb 18, 2020 at 09:37:13AM +0100, Carlos E. R. wrote:
On 14/02/2020 21.16, Marcus Meissner wrote:
On Fri, Feb 14, 2020 at 01:49:14PM +0100, Peter Suetterlin wrote:
Carlos E. R. wrote:
Where is it included? I don't have it on Leap.
Same (non)-result for Tumbleweed....
Did you spell it correctly, it is there
openSUSE:Factory spectre-meltdown-checker
Yes, I copy pasted from your mail.
cer@Telcontar:~> cnf spectre-meltdown-checker spectre-meltdown-checker: command not found
cer@Telcontar:~>
It is not available for Leap, according to "cnf". However, the software search page says it is there:
<https://software.opensuse.org/package/spectre-meltdown-checker?search_term=spectre-meltdown-checker>
or
<https://download.opensuse.org/update/leap/15.1/oss/x86_64/>
It is in the OSS repo as well:
Hmm. Do you have the Update repo for 15.1 enabled? It is only in the update repo, not in the original GA media. Does "zypper in spectre-meltdown-checker" see it? Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 18/02/2020 09.48, Marcus Meissner wrote:
On Tue, Feb 18, 2020 at 09:37:13AM +0100, Carlos E. R. wrote:
On 14/02/2020 21.16, Marcus Meissner wrote:
On Fri, Feb 14, 2020 at 01:49:14PM +0100, Peter Suetterlin wrote:
Carlos E. R. wrote:
Where is it included? I don't have it on Leap.
Same (non)-result for Tumbleweed....
Did you spell it correctly, it is there
openSUSE:Factory spectre-meltdown-checker
Yes, I copy pasted from your mail.
cer@Telcontar:~> cnf spectre-meltdown-checker spectre-meltdown-checker: command not found
cer@Telcontar:~>
It is not available for Leap, according to "cnf". However, the software search page says it is there:
<https://software.opensuse.org/package/spectre-meltdown-checker?search_term=spectre-meltdown-checker>
or
<https://download.opensuse.org/update/leap/15.1/oss/x86_64/>
It is in the OSS repo as well:
Hmm.
Do you have the Update repo for 15.1 enabled? It is only in the update repo, not in the original GA media.
Does "zypper in spectre-meltdown-checker" see it?
Yes, no problem :-) "cnf" does not find it because the name was the package name, not the command name. Thus zypper finds it instantly. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
Carlos E. R. wrote:
On 14/02/2020 11.35, Marcus Meissner wrote:
On Fri, Feb 14, 2020 at 11:18:40AM +0100, Per Jessen wrote:
We have a customer for whom we manage a number of boxes - they are used for some hpc app, molecular modelling or some such, I'm not sure.
This morning I was asked if these systems have the mitigation patches for Spectre, Meltdown etc applied. Apparently these patches have measureable performance impact - the next question was: if they are applied, can we have them un-applied?
Does anyone know?
There is a boot option(s) to un-apply them.
I see "nospec" and "noopti". Will have to look into those.
We include the "spectre-meltdown-checker" script that can be run and gives very detailed summaries. (Can also be downloaded from github if not on older openSUSE/SLES)
Where is it included? I don't have it on Leap.
I didn't see it either, but I just downloaded it from meltdown.ovh. nice TLD :-) -- Per Jessen, Zürich (10.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
I see "nospec" and "noopti". Will have to look into those.
I found some interesting pages: https://www.suse.com/support/kb/doc/?id=7022512 https://www.suse.com/c/meltdown-spectre-performance/ -- Per Jessen, Zürich (10.4°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (5)
-
Carlos E. R. -
Marcus Meissner -
Per Jessen -
Peter Suetterlin -
PGNet Dev