I got massive Performance Problems with Meltdown/Spectre Patches for Virtuozzo Virtualization. (Container)
Since Meltdown/Spectre Patches the Performance dropped to unuseable levels. I patched one of our Root Servers which is running 1 (ONE) productive Container with EZ CMS (Apache 2.4.6, PHP 5.6.32) and MySQL/MariaDB DB (5.5.56) to latest VZ Kernel (3.10.0-693.11.6.vz7.40.4)
Root Server is HPE Gen9 Blade Server (Xeon CPU E5-2640 v3 @ 2.60GHz), Storage is Virtuozzo Storage running on SSD only (1-2GB/s Performance) - so rather good Hardware Specs ... ;-)
So here what happened when I bootet to patched Kernel + CPU Microcode Update:https://static.spiceworks.com/shared/post/0028/9646/vz.jpg
completely unusable ... Load AVG spiked up to 150 and more (peaks up to over 200)
Disabling the Security Patches brings the Load down to normal:
tee /sys/kernel/debug/x86/*enabled <<< 0
Answer from Virtuozzo Support:
Essentially this means I can either patch System against Spectre and cripple the Performance that much that the Server is unuseable - or I decide to not patch the Server - keep good Performance but stay vulnerable to Spectre ...
Both options not really satisfactory ...
According to Virtuozzo Support this isn't correctable without another Microcode Update from intel_corp ... will there be optimizations that will help with those Problems? And if yes ... when to expect them?
thx, bye from sunny Austria
Thank you for joining the Processors Community. I am sorry to hear you are having issues with this matter.
From my end the full details on this topic can be found on this Intel public website: https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysi... Side-Channel Analysis Facts and Intel® Products. The FAQ posted there should address your concern.
Hello Amy, intel_corp,
unfortunately the FAQs doesn't address my concern.
They don't cover anything about bringing Performance down from "fast" (Load Average ~4-5) to "unuseable" (Load Average ~200) with latest Microcode Update + Indirect Branch Restricted Speculation (ibrs) activated.
And they don't cover my Question (raised by Virtuozzo Support Staff) if there will me another modified Microcode Update with less massive Performance degradation regarding Indirect Branch Restricted Speculation (ibrs).
FAQ just cover Standard Marketing bla bla and leave us standing in the Rain ...
greetings from snowy Austria
I understand your concern, currently the information posted there is information that our investigation department is disclosing. I am aware that all new information will be posted here https://newsroom.intel.com/ Intel Newsroom | Intel Official News and Information, hopefully once available it can address your concerns. My apologies.