Announcement

**markg85** · 27 November 2020, 07:23 PM

What you see here in those benchmarks, my fellow commenters, is a reason why we should try to reduce context switches as much as possible. A(ny) syscall is a context switch. This ties back into that readfile post from a couple days ago. It reduces one specific area by 2/3rd of the context switches you would've had (this is only for reading a file).

io_uring is another such thing that really helps here.
But there much more context switches during the app lifetime.

AMD might be less affected but still, just reducing context switches would be a good new common practice in applications imho. Getting there is hard though. This stuff is super fundamental and requires a lot of time (and skill) to even detect it, make use of it and improve it.

**qarium** · 27 November 2020, 08:43 PM

Originally posted by ms178 View Post

Forcing stricter security and its performance implication on vulnerable CPUs is not what I would like to see forced down upon us users of the Kernel, just give us all the options. I don't want to be forced to upgrade my CPU for performance reasons either.

for the short period of time this looks bad for the users. yes.
but look at these numbers if we force all kind of security it maybe in the longer run we get better products.

**Ahmad_S792** · 27 November 2020, 09:39 PM

I think what actually is happening that these are non-vPro platforms or processor releases and they don’t have new hardening instructions to mitigate found vulnerabilities. With the new mitigations as default, the performance might be impacted due to lack of newer instructions on non-vPro hardware. It is just a guess.

**sophisticles** · 27 November 2020, 09:46 PM

I seem to recall Intel claiming that Tiger Lake would feature hardware mitigation, maybe turning off the mitigations in the way that Michael did bypasses the hardware optimized mitigations and that results in lower performance.

**Michael** · 27 November 2020, 09:51 PM

Originally posted by sophisticles View Post

I seem to recall Intel claiming that Tiger Lake would feature hardware mitigation, maybe turning off the mitigations in the way that Michael did bypasses the hardware optimized mitigations and that results in lower performance.

Possible but seemingly unlikely. The "mitigations=off" should bypass all mitigations controllable by the kernel -- hardware optimized or not. All the relevant bits were correctly reported as "Vulnerable" via sysfs when the change was made.

**torsionbar28** · 27 November 2020, 09:55 PM

Another "feature" of Tiger Lake that hasn't received much press, is the removal of the S3 sleep state in favor of the new S0ix suspend mechanism. The regression here, is that S0ix requires the ME to be enabled and functioning. So if you want working Sleep mode on Tiger Lake, you cannot utilize me_cleaner or disable ME via BIOS option. It seems with each passing year, there are fewer and fewer reasons for anyone to ever choose an intel processor.

**boxie** · 27 November 2020, 10:26 PM

Originally posted by tildearrow View Post

How do mitigations improve performance on Tiger Lake?

Is it because the processor runs faster when mitigations are on?

So your hypothesis is: mitigations=on == more power/heat/higher clocks?
seems like a valid way around kernel cpu flaw mitigations!

Michael this should be an easy one to include in your benchmarks

**qarium** · 27 November 2020, 10:30 PM

Originally posted by torsionbar28 View Post

Another "feature" of Tiger Lake that hasn't received much press, is the removal of the S3 sleep state in favor of the new S0ix suspend mechanism. The regression here, is that S0ix requires the ME to be enabled and functioning. So if you want working Sleep mode on Tiger Lake, you cannot utilize me_cleaner or disable ME via BIOS option. It seems with each passing year, there are fewer and fewer reasons for anyone to ever choose an intel processor.

hell yes... no one should buy any intel CPU... and the question is.... why should they?

a ryzen 5950X is faster than anything what intel have to offer.

in fact intel lost all even the laptop/notebook market apple M1 notebooks is killing intel.

in the past there where even laptops with ryzen 3950x... soon they should have 5950X.

**duby229** · 27 November 2020, 10:39 PM

Originally posted by Ahmad_S792 View Post

I think what actually is happening that these are non-vPro platforms or processor releases and they don’t have new hardening instructions to mitigate found vulnerabilities. With the new mitigations as default, the performance might be impacted due to lack of newer instructions on non-vPro hardware. It is just a guess.

Well, the thing is most of these mitigations affect a CPU's front-end hardware, so that's where optimizations are going to be. Like I said, my guess is that Intel profiled the hell out of a mitigated kernel and then optimized the pipeline for the mitigated state. In other words on this product the unmitigated state is less optimized and the mitigated state is more optimized.

I doubt the back-end hardware was changed much if at all..

EDIT: I couldn't find a block diagram for tigerlake, but here is one for icelake. Most of these mitigations affect the front-end hardware, everything in the diagram with a yelow-ish background is part of the front-end. Including the Load-Store units at the bottom of the diagram.
https://en.wikichip.org/w/images/thu...iagram.svg.png

**curfew** · 27 November 2020, 11:03 PM

There is nothing peculiar about this. You are benchmarking on an ultrabook that will engage in aggressive thermal throttling. Thermal (and power) throttling is the answer. Jesus christ, two pages of bullshit already and nobody has suggested the most obvious and correct reason.

Announcement

The Peculiar State Of CPU Security Mitigation Performance On Intel Tiger Lake

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment