best approach to set mitigations=off cluster wide?

I

ilia987

Active Member
Sep 9, 2019
275
13
38
37
I use around 80% of the nodes in the cluster as a compute grid,
i can freely disable the mitigation on them and gain some performance, what is the best approach?

can it be done to a group of nodes (like based on name pattern) or it must be done one by one in grub ?

do i need to do something special for each vm\lxc as well?
 
should i set mitigations=off
in the line:
Code: 
GRUB_CMDLINE_LINUX_DEFAULT="quiet mitigations=off"
both on proxmox and vm

is it enough?
 
I had done this and was surprised to see it didn't seem to work:

Code: 
[12:32:08] root@mini:~# cat /etc/default/grub
...
GRUB_CMDLINE_LINUX_DEFAULT="quiet mitigations=off intel_iommu=on iommu=pt"

Code: 
Vulnerabilities:
[12:39:15] root@mini:~# lscpu
...        
  Gather data sampling:  Vulnerable: No microcode
  Itlb multihit:         KVM: Mitigation: VMX disabled
  L1tf:                  Mitigation; PTE Inversion; VMX conditional cache flushes, SMT vulnerable
  Mds:                   Mitigation; Clear CPU buffers; SMT vulnerable
  Meltdown:              Mitigation; PTI
  Mmio stale data:       Mitigation; Clear CPU buffers; SMT vulnerable
  Retbleed:              Mitigation; IBRS
  Spec rstack overflow:  Not affected
  Spec store bypass:     Mitigation; Speculative Store Bypass disabled via prctl
  Spectre v1:            Mitigation; usercopy/swapgs barriers and __user pointer sanitization
  Spectre v2:            Mitigation; IBRS, IBPB conditional, STIBP conditional, RSB filling, PBRSB-eIBRS Not affected
  Srbds:                 Mitigation; Microcode
  Tsx async abort:       Mitigation; TSX disabled

i had to do
Code: 
[12:45:38] root@mini:~# cat /etc/kernel/cmdline
root=ZFS=rpool/ROOT/pve-1 boot=zfs mitigations=off
[12:45:47] root@mini:~# proxmox-boot-tool refresh
 
Yes I am aware and there is a reboot in-between there, it didn't work until I changed the kernel cmdline file
 
katbyte said:
Yes I am aware and there is a reboot in-between there, it didn't work until I changed the kernel cmdline file
Click to expand...
changing grub defaults worked for me. maybe you forgot to update-grub after the change?
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back