Announcement

Collapse
No announcement yet.

A Look At The Relative Spectre/Meltdown Mitigation Costs On Windows vs. Linux

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • A Look At The Relative Spectre/Meltdown Mitigation Costs On Windows vs. Linux

    Phoronix: A Look At The Relative Spectre/Meltdown Mitigation Costs On Windows vs. Linux

    The latest in our Windows versus Linux benchmarking is looking at the relative performance impact on both Linux and Windows of their Spectre and Meltdown mitigation techniques. This round of tests were done on Windows 10 Pro, Ubuntu 18.04 LTS, and Clear Linux when having an up-to-date system on each OS where there is Spectre/Meltdown protection and then repeating the same benchmarks after reverting/disabling the security functionality.

    http://www.phoronix.com/vr.php?view=26143

  • #2
    Are these mitigations still necessary? I thought Intel has released a microcode update to fix it.

    Comment


    • #3
      Interesting. I personally choose the performance option.

      Comment


      • #4
        Originally posted by Venemo View Post
        Are these mitigations still necessary? I thought Intel has released a microcode update to fix it.
        There is no fix, only mitigations that affect performance (microcodes included). A fix would require a change in hardware design, which means most processors for the next year or so will still have this bug.

        Main difference vs microcode is that (opensource) software mitigations are pretty much guaranteed to protect you as their source is available, while microcodes are opaque blobs where you can't be sure of what they do at all.

        This is also the case for Windows.

        Comment


        • #5
          Originally posted by Venemo View Post
          Are these mitigations still necessary? I thought Intel has released a microcode update to fix it.
          No, they microcode updates only allow certain mechanisms like IBRS, IBPB and STIBP to be used. That is AFAIK only about spectre variant 2 and generally much slower than solutions like retpoline, while arguably being more save.

          So no, especially meltdown is not going to be fixed by microcode updates but only by new hardware. On AMD you don't need have meltdown, so the difference in performance should be much smaller.

          Comment


          • #6
            Cool to see recently upstream kernels 3.2 and 3.16 get mitigated too:

            Code:
            > cat /proc/sys/kernel/osrelease
            3.16.56
            > cat /sys/devices/system/cpu/vulnerabilities/*
            Not affected
            Mitigation: __user pointer sanitization
            Mitigation: Full AMD retpoline
            Maybe it is time for quarterly all-around recapitulation mitigations aftermath... i mean including older distros, but also Windows 7 because Windows versions other than Windows 10 and nearly 3 years after still represents majorty

            That said and going a bit further maybe to note how 32bit Linux OS (if updated) is same safe now, but only on AMD CPUs since these are not affected by Meltdown and mitigation for that is missing for 32bit

            That is kind of weird to me since Intel had more newer 32bit only CPUs released
            Last edited by dungeon; 03-23-2018, 11:21 PM.

            Comment


            • #7
              Originally posted by tpruzina

              Yes it is, the situation was summed up fairly well on lkml here by David Woodhouse : https://lkml.org/lkml/2018/1/22/598
              He said "screw" 3 times (screw it, screw them, screw Skylake) i think one time is enough and has best performance

              It is broken hardware, things are best summed with just one or two words He prefer to screwing things around, i prefer to just say what really is - so it is broken hardware, these are hardware design flaws... ideally no one should need software fixes like these shitty mitigations, but it is what it is

              Last edited by dungeon; 03-23-2018, 11:42 PM.

              Comment


              • #8
                Originally posted by Venemo View Post
                Are these mitigations still necessary? I thought Intel has released a microcode update to fix it.
                Spectre and the derivative techniques based on it (e.g meltdown) exploits a feature of the CPU that predicts upcoming instructions and precomputes so that in case they are used no additional computing will be necessary in real time.

                Lets say if the CPU was a housemate and knew that tomorrow is Saturday it would dry-clean freshen up and iron your 3 most probable night club outfits so that if the time comes for you to go out and party at Saturday night, you would not need to wait for those things to happen because the housekeeper (cpu) has already taken care of them the day before.

                And it does that for more than 1 outfit (since the cpu/house keeper does not know what you will use it can only predict what is plausible for you to wear given previous instructions or in our example's case her/his memory about your routine and taste in clothes)

                Hackers can get advantage of this because those precomputations leave a footprint which if they give a bait calculation they can find its track and in that way learn some things on how to manipulated the memory on which those tracks exist within the CPU.

                So the only fix/mitigation is to disable that prediction feature.


                And the only performance draw back you gonna see is in software that takes advantage of this prediction feature and the impact will depend on how frequently it uses that feature...

                For example this is a reason why in video games where the memory changes depending on an unpredictable and non normalized input (user's movements etc) you see close to 0 difference because that feature of the CPU has little to no application in that situation.


                Or in other words if you know how an application works you know if you gonna get a performance hit by the "mitigation" aka by having that prediction feature of the CPU disabled.
                Last edited by papajo; 03-24-2018, 12:08 AM.

                Comment


                • #9
                  Originally posted by tpruzina

                  You writing for NY Times or something? Because almost everything you wrote was inaccurate to varying degree.
                  well it obviously is inaccurate to a varying degree since I wrote a metaphor to convey what is happening.

                  metaphors are obviously not 100% accurate lol.

                  They are used though to convey an underlying fact.

                  And last time I checked (e.g here https://www.kb.cert.org/vuls/id/584653) the underlying problem as a matter of fact is the branch prediction features of the CPUs mainly made by Intel which are there to increase performance.


                  So if you want to get more technicall you can just read the link I assumed that the user I was responding to (as well as most of the world) would not be interested in that and would like a simple explanation hence the housekeeper metaphor as well as the other analogies I used.
                  Last edited by papajo; 03-24-2018, 12:37 AM.

                  Comment


                  • #10
                    Interesting to se those SQL benches
                    Desktop Environment poll:
                    https://www.phoronix.com/forums/foru...de-do-you-like

                    Comment

                    Working...
                    X