NVIDIA DGX H100 User Guide
4.8. Managing CPU Mitigations
DGX OS Server includes security updates to mitigate CPU speculative side-channel vulnerabilities.
These mitigations can decrease the performance of deep learning and machine learning workloads.
If your installation of DGX systems incorporates other measures to mitigate these vulnerabilities, such
as measures at the cluster level, you can disable the CPU mitigations for individual DGX nodes and
thereby increase performance. This capability is available starting with DGX OS Server release 4.4.0.
4.8.1. Determining the CPU Mitigation State of the DGX
System
If you do not know whether CPU mitigations are enabled or disabled, issue the following.
cat ∕sys∕devices∕system∕cpu∕vulnerabilities∕*
▶ CPU mitigations are enabled if the output consists of multiple lines prexed with Mitigation:.
Example
KVM: Mitigation: Split huge pages
Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
Mitigation: Clear CPU buffers; SMT vulnerable
Mitigation: PTI
Mitigation: Speculative Store Bypass disabled via prctl and seccomp
Mitigation: usercopy∕swapgs barriers and __user pointer sanitization
Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional,�
,→RSB filling
Mitigation: Clear CPU buffers; SMT vulnerable
▶ CPU mitigations are disabled if the output consists of multiple lines prexed with Vulnerable.
Example
KVM: Vulnerable
Mitigation: PTE Inversion; VMX: vulnerable
Vulnerable; SMT vulnerable
Vulnerable
Vulnerable
Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers
Vulnerable, IBPB: disabled, STIBP: disabled
Vulnerable
32 Chapter 4. Quickstart and Basic Operation
To Next Page
Loading...
Need help?
General
