Announcement

Collapse
No announcement yet.

The Peculiar State Of CPU Security Mitigation Performance On Intel Tiger Lake

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Peculiar State Of CPU Security Mitigation Performance On Intel Tiger Lake

    Phoronix: The Peculiar State Of CPU Security Mitigation Performance On Intel Tiger Lake

    One area not talked about much for Intel's latest Tiger Lake processors are hardened CPU security mitigations against the various speculative execution vulnerabilities to date. What's peculiar about Tiger Lake though is now if disabling the configurable mitigations it can actually result in worse performance than the default mitigated state. At least that's what we are seeing so far with the Core i7 1165G7 on Ubuntu 20.10 Linux is the opposite of what we have been seeing on prior generations of hardware.

    http://www.phoronix.com/vr.php?view=29734

  • #2
    Well I wouldn't have expected that - especially the performance drop on TGL w/o any mitigations enabled. That's vice versa to what it actually should be, right? So we have either a kernel regression when bypassing the mitigating workarounds or TGL is optimized to perform better with the handbrake on... nah - don't think so .

    Comment


    • #3
      How do mitigations improve performance on Tiger Lake?

      Is it because the processor runs faster when mitigations are on?

      Comment


      • #4
        Maybe you could investigate more (to isolate the culprit mitigation that causes that regression) by taking one benchmark and disable a single mitigation each time and see what is the difference.

        Comment


        • #5
          Originally posted by Setif View Post
          Maybe you could investigate more (to isolate the culprit mitigation that causes that regression) by taking one benchmark and disable a single mitigation each time and see what is the difference.
          As mentioned at the end of the article, that is what I will be doing as time allows (likely around Christmas or so when news is lighter anyhow to allow more time).
          Michael Larabel
          http://www.michaellarabel.com/

          Comment


          • #6
            Originally posted by tildearrow View Post
            How do mitigations improve performance on Tiger Lake?

            Is it because the processor runs faster when mitigations are on?
            Well, we all know Intel are masters at tweaking their pipeline for artificial loads, so I'd take a guess and say they profiled the hell out of the mitigated kernel and then tweaked this core's pipeline specifically for the mitigated state.
            Last edited by duby229; 27 November 2020, 05:12 PM.

            Comment


            • #7
              Originally posted by Setif View Post
              Maybe you could investigate more (to isolate the culprit mitigation that causes that regression) by taking one benchmark and disable a single mitigation each time and see what is the difference.
              I very much doubt it's a regression, far more likely is that Intel profiled the hell out of the mitigated kernel and then tweaked this core's pipeline specifically for the mitigated state.

              Comment


              • #8
                Originally posted by duby229 View Post

                Well, we all know Intel are masters at tweaking their pipeline for artificial loads, so I'd take a guess and say they profiled the hell out of the mitigated kernel and then tweaked this core's pipeline specifically for the mitigated state.
                i will never buy intel products thats for sure but this really looks amazing.

                this is proof that the linux kernel should be much more strict in forcing all kind of security mitigations.

                because in the end the companies who want sell cpus in the end will bring amazing performance even if we force any kind of security mitigations.
                Phantom circuit Sequence Reducer Dyslexia

                Comment


                • #9
                  Bought two AMD processors this year, won't come back to these cheaters. Waiting for the IT department for allowing me to buy AMD in data center instead of Intel. The once "ever" wintel king is dead.

                  Comment


                  • #10
                    Originally posted by Qaridarium View Post

                    i will never buy intel products thats for sure but this really looks amazing.

                    this is proof that the linux kernel should be much more strict in forcing all kind of security mitigations.

                    because in the end the companies who want sell cpus in the end will bring amazing performance even if we force any kind of security mitigations.
                    Maybe they found a way to get both, performance and security with Tigerlake. We probably have to ask a CPU designer at Intel to get more insights into these numbers. It is also possible that they could have improved the performance of Tigerlake even further if they had not to deal with these security issues.

                    Forcing stricter security and its performance implication on vulnerable CPUs is not what I would like to see forced down upon us users of the Kernel, just give us all the options. I don't want to be forced to upgrade my CPU for performance reasons either.

                    Comment

                    Working...
                    X