Announcement

Collapse
No announcement yet.

KPTI + Retpoline Linux Benchmarking On Old Laptops

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • KPTI + Retpoline Linux Benchmarking On Old Laptops

    Phoronix: KPTI + Retpoline Linux Benchmarking On Old Laptops

    Over the past week and a half of running many benchmarks looking at the performance impact of the Linux KPTI and Retpoline patches for Spectre and Meltdown mitigation, one of the most common test requests is some thorough benchmarks on older systems. Why that's important is with older (pre-Westmere) CPUs there isn't PCID (Process Context Identifier) support that's used by KPTI, which helps offset some of the performance loss. So for some test results to share today are two old ThinkPads from the Clarksfield and Penryn days compared to a newer Broadwell ThinkPad in looking at the performance difference.

    http://www.phoronix.com/vr.php?view=25833

  • #2
    Guys,
    Maybe this is a silly question and already have been answered, but is it possible to turn off this feature from BIOS (and in Kernel) and be happy without all these regressions?

    Comment


    • #3
      Originally posted by smartalgorithm View Post
      Guys,
      Maybe this is a silly question and already have been answered, but is it possible to turn off this feature from BIOS (and in Kernel) and be happy without all these regressions?
      It's been covered in other articles but you can simply boot your kernel with: noretpoline kpti=off
      Michael Larabel
      http://www.michaellarabel.com/

      Comment


      • #4
        Thanks for the new numbers! I would love to see some more numbers on old hardware with IBRS enabled, as it is by default in Redhat's kernels today. In my own tests, I've seen slowdowns by as much as 8x on a trivial fibonacci computation (6-instruction kernel), and about 2x on FFMPEG. Those are on an E5-2660 v3. I haven't seen any of those here yet, though I did find a couple on openbenchmarking.org. Any chance you'll do an article with that? I think the huge impact is very compelling.

        Comment


        • #5
          Originally posted by smartalgorithm View Post
          Guys,
          Maybe this is a silly question and already have been answered, but is it possible to turn off this feature from BIOS (and in Kernel) and be happy without all these regressions?
          This is why at my company private devices are prohibited and reason to get fired.

          Comment


          • #6
            At least Raspberry Pi and Commodore 64 are not affected by M/S

            Originally posted by Kemosabe View Post

            This is why at my company private devices are prohibited and reason to get fired.
            Likely there are companies when even private underwear is also prohibited
            Last edited by dungeon; 01-11-2018, 12:38 PM.

            Comment


            • #7
              Originally posted by Kemosabe View Post

              This is why at my company private devices are prohibited and reason to get fired.
              I don't think smartalgorithm's question was indicative of a user making a bad security decision.

              If smartalgorithm uses their PC only for gaming, then it could be an acceptable risk to turn off these vulnerability mitigation features in order to squeeze out a small amount of additional performance from the system.

              If smartalgorithm uses a system to serve up static files over http, from what I've read about these vulnerabilities, there would be no risk to disabling these mitigation features. As I understand it, it is in instances where untrustworthy sources are able to run code on a system, that this untrustworthy user could exploit these vulnerabilities and gain access to memory which they should not have access to. So web browsers, rented virtual machines, shared web hosting with CGI are all potential targets. Private static-file serving web servers and many other privately controlled servers may be able to perfectly safely operate with these features disabled and not receive a performance hit.

              I am open to correction if I'm wrong about my point above.

              Comment


              • #8
                Originally posted by cybertraveler View Post

                I don't think smartalgorithm's question was indicative of a user making a bad security decision.

                If smartalgorithm uses their PC only for gaming, then it could be an acceptable risk to turn off these vulnerability mitigation features in order to squeeze out a small amount of additional performance from the system.

                If smartalgorithm uses a system to serve up static files over http, from what I've read about these vulnerabilities, there would be no risk to disabling these mitigation features. As I understand it, it is in instances where untrustworthy sources are able to run code on a system, that this untrustworthy user could exploit these vulnerabilities and gain access to memory which they should not have access to. So web browsers, rented virtual machines, shared web hosting with CGI are all potential targets. Private static-file serving web servers and many other privately controlled servers may be able to perfectly safely operate with these features disabled and not receive a performance hit.

                I am open to correction if I'm wrong about my point above.
                Who uses their PC for only gaming these days? This means you literally never use eg online banks, buy games online etc etc.

                Comment


                • #9
                  Originally posted by dungeon View Post
                  At least Raspberry Pi and Commodore 64 are not affected by M/S
                  True, but sadly the SNES and original Apple Macintosh are affected by Spectre[source] and the Amstrad CPC is affected by Meltdown[source].

                  Comment


                  • #10
                    Originally posted by nanonyme View Post

                    Who uses their PC for only gaming these days? This means you literally never use eg online banks, buy games online etc etc.
                    I do. I have a gaming PC that I use only for gaming. Doing this means that I can freely try, install & mod games without worrying much about getting robbed or data stolen. If I need to buy a game to use on my gaming PC, I do so securely from my main PC. I've been working this system for quite a while now and it's great. It's really relaxing not having to carefully consider security on my toy/gaming PC.

                    This setup I use also means I can keep my main system free of proprietary software (games, mods and drivers) which may contain naughty stuff.

                    Comment

                    Working...
                    X