CoreOS device only uses half the processor threads? How can I enable the others? Aka is kernel parameter `nosmt` really needed? (HYperthreading?)

Problem

This is how htop shows me stuff:

As you can see now CPU threads 0-3 are in use, while 4-7 are not.

The full story can be read in the forum of the device producer and in the one of the AI application I am actually wanting to run with more performance.

System

Specs of CPU: https://ark.intel.com/content/www/de/de/ark/products/149091/intel-core-i78565u-processor-8m-cache-up-to-4-60-ghz.html

$ lscpu
Architecture:            x86_64
  CPU op-mode(s):        32-bit, 64-bit
  Address sizes:         39 bits physical, 48 bits virtual
  Byte Order:            Little Endian
CPU(s):                  8
  On-line CPU(s) list:   0-3
  Off-line CPU(s) list:  4-7
Vendor ID:               GenuineIntel
  Model name:            Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz
    CPU family:          6
    Model:               142
    Thread(s) per core:  1
    Core(s) per socket:  4
    Socket(s):           1
    Stepping:            11
    CPU(s) scaling MHz:  30%
    CPU max MHz:         4600.0000
    CPU min MHz:         0.0000
    BogoMIPS:            3999.93
    Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art
                          arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1
                          sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single ssbd ibrs ibpb stibp tpr_shadow vnm
                         i flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida
                          arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
Virtualization features: 
  Virtualization:        VT-x
Caches (sum of all):     
  L1d:                   128 KiB (4 instances)
  L1i:                   128 KiB (4 instances)
  L2:                    1 MiB (4 instances)
  L3:                    8 MiB (1 instance)
NUMA:                    
  NUMA node(s):          1
  NUMA node0 CPU(s):     0-3
Vulnerabilities:         
  Itlb multihit:         KVM: Mitigation: VMX disabled
  L1tf:                  Not affected
  Mds:                   Mitigation; Clear CPU buffers; SMT disabled
  Meltdown:              Not affected
  Mmio stale data:       Mitigation; Clear CPU buffers; SMT disabled
  Retbleed:              Mitigation; IBRS
  Spec store bypass:     Mitigation; Speculative Store Bypass disabled via prctl
  Spectre v1:            Mitigation; usercopy/swapgs barriers and __user pointer sanitization
  Spectre v2:            Mitigation; IBRS, IBPB conditional, RSB filling, PBRSB-eIBRS Not affected
  Srbds:                 Mitigation; Microcode
  Tsx async abort:       Not affected
$ sudo dmidecode
[…]
Handle 0x0004, DMI type 4, 48 bytes
Processor Information
	Socket Designation: CPU0
	Type: Central Processor
	Family: Pentium Pro
	Manufacturer: GenuineIntel
	ID: EB 06 08 00 FF FB EB BF
	Signature: Type 0, Family 6, Model 142, Stepping 11
	Flags:
		FPU (Floating-point unit on-chip)
		VME (Virtual mode extension)
		DE (Debugging extension)
		PSE (Page size extension)
		TSC (Time stamp counter)
		MSR (Model specific registers)
		PAE (Physical address extension)
		MCE (Machine check exception)
		CX8 (CMPXCHG8 instruction supported)
		APIC (On-chip APIC hardware supported)
		SEP (Fast system call)
		MTRR (Memory type range registers)
		PGE (Page global enable)
		MCA (Machine check architecture)
		CMOV (Conditional move instruction supported)
		PAT (Page attribute table)
		PSE-36 (36-bit page size extension)
		CLFSH (CLFLUSH instruction supported)
		DS (Debug store)
		ACPI (ACPI supported)
		MMX (MMX technology supported)
		FXSR (FXSAVE and FXSTOR instructions supported)
		SSE (Streaming SIMD extensions)
		SSE2 (Streaming SIMD extensions 2)
		SS (Self-snoop)
		HTT (Multi-threading)
		TM (Thermal monitor supported)
		PBE (Pending break enabled)
	Version: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz
	Voltage: Unknown
	External Clock: 100 MHz
	Max Speed: 4600 MHz
	Current Speed: 2000 MHz
	Status: Populated, Enabled
	Upgrade: Unknown
	L1 Cache Handle: 0x0006
	L2 Cache Handle: 0x0007
	L3 Cache Handle: 0x0008
	Serial Number: Not Specified
	Asset Tag: Not Specified
	Part Number: Not Specified
	Core Count: 4
	Core Enabled: 4
	Thread Count: 8
	Characteristics:
		Hardware Thread
		Execute Protection
		Enhanced Virtualization
$ sudo dmidecode 
# dmidecode 3.4
Getting SMBIOS data from sysfs.
SMBIOS 3.0.0 present.
Table at 0x89C10040.

Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
	Vendor: coreboot
	Version: 4.20.1-Purism-1
	Release Date: 06/12/2023
	ROM Size: 16 MB
	Characteristics:
		PCI is supported
		PC Card (PCMCIA) is supported
		BIOS is upgradeable
		Selectable boot is supported
		ACPI is supported
		Targeted content distribution is supported
	BIOS Revision: 4.20
	Firmware Revision: 0.0
[…]

Is it nosmt?

I have been made aware that a kernel parameter may be causing the issue and I found it in my system and also often mentioned in this forum (though not discussed, i.e. just random posts containing all kernel parameters):

$ cat /proc/cmdline
BOOT_IMAGE=(hd0,gpt3)/ostree/fedora-coreos-2a7acb21ca2f8afc6d63729fc9869fbb11f3eb9b4d9b478b57ebe3ccf4053d83/vmlinuz-6.3.12-200.fc38.x86_64 mitigations=auto,nosmt console=tty0 ignition.platform.id=metal ostree=/ostree/boot.1/fedora-coreos/***d83/0 rd.luks.name=******=root rd.neednet=1 rd.luks.****** root=UUID=****** rw

So the question is, do I really need that, which vulnerability is it about actually? Can I safely remove it? (Need to figure out the rpm-ostree command again, but I know there was one for such things…)

$ rpm-ostree status -v
State: idle
AutomaticUpdatesDriver: Zincati (zincati.service)
  DriverState: active; periodically polling for updates (last checked Fri 2023-08-11 14:16:19 UTC)
Deployments:
● fedora:fedora/x86_64/coreos/stable (index: 0)
                  Version: 38.20230722.3.0 (2023-08-07T18:56:37Z)
               BaseCommit: bf28f852e934b0c0b9eee232a58970e96adb3e691299b02376f8719530e03fb3
                           └─ fedora-coreos-pool (2023-08-06T22:30:37Z)
                   Commit: 88bd21108e643619c69f17cabfc0038cfe082f929b7893074d9d6098a760fb4b
                   Staged: no
                StateRoot: fedora-coreos
             GPGSignature: 1 signature
                           Signature made Mon Aug  7 20:58:44 2023 using RSA key ID 809A8D7CEB10B464
                           Good signature from "Fedora <fedora-38-primary@fedoraproject.org>"
          LayeredPackages: dmidecode firewalld golang-github-prometheus-node-exporter htop podman-compose

We default to a more secure configuration, which includes having kernel mitigations for common vulnerabilities on. If you understand the implications and would like to disable those mitigations you can do that by following this documentation:

Yeah, but can you link/provide a guide on the exact vulnerability being mitigated?

See: Hardware vulnerabilities — The Linux Kernel documentation

1 Like