-
As far as I understand, Spectre V2 mitigation restricts Indirect branch speculations. Is it possible, that changes done by AMD (probably as part of hardware mitigation implementation) caused indirect branch speculation speed regression so much, that code runs much slower with indirect branch speculation enabled? -
That does not make any sense, if this is what is happening then we would just see the same performance with mitigations=on as mitigations=off, not more performance with mitigations=on. The question is how the mitigations=off kernel code looks for the case with IBRS present vs how it looks with mitigations=on, could be that mitigations=off contains NOP:s as placeholders for IBRS and Ryzen 4 simply trigger some sync on NOP or something else like this.Originally posted by birdie View PostLeave a comment:
-
Yes, I believe this is a mistake that is going to backfire and hurt Zen4 later when new CVE is discovered because of this.Originally posted by birdie View Post
Also, this "optimization" seems very fragile.
What if the spectre v2 migration in linux changed in the future?
Even some slight changes can shift the performance dramatically.
I do wonder whether this behavior also exhibits on windows.
If so, then the tuning might be even more sensible to changes in the kernel.Leave a comment:
-
Dammit. Schrodinger's Comment. While I agree with the sentiment, not every PC is internet facing or needs that kind of security. Something like a massive video encoding or graphics rendering farm behind layers of firewalls and security doesn't need or want mitigations enabled, or, rather, didn't traditionally need or want them enabled.Originally posted by ll1025 View PostLeave a comment:
-
Since when did the Linux enthusiast community become security-allergic luddites?Originally posted by Espionage724 View Post
Do you also setenforce 0 and run as root? Maybe you stick to 1024 bit RSA because it's faster? And what's with that lengthy key exchange in SSH, take us back to telnet!
It's 2022, and sentiments like yours are responsible for the massive cybercrime industry's success. Whether on Linux or Windows, this kind of "it'll never get me" attitude is exactly how they get you.Leave a comment:
-
Interesting results. I suppose it's a good thing that mitigated=faster. Makes me wonder if they figured out an algorithm that makes mitigated code faster than unmitigated -- like if they know a range of stuff isn't going to be valid due to how mitigations work, just not operate or branch predict or WTF ever on that range versus the old way of doing it and tossing it aside or flushing the cache or something. Y'all get what I mean.
phoronix
Page 1:
You didn't use the shift key for those.based on the CPU MSrs and applied
return stack buffer (RSB) filling
Perhaps use, "Out of curiosity and to dig deeper," or "For those who are curious and to dig deeper,"So to curious and dig deeper,
I can't tell which one you meant for that to mean.
Page 2:
"to disable""spectre_v2=off" to disabling the
Page 3:
Should this be, "In addition to code compilation, workloads were negatively"?Including code compilation workloads were negatively
At a minimum add a comma between compilation and workloads.
Leave a comment:
-
BTW mitigations=off just disable some (not all) mitigations that should slow down the system. In this case it should not disable the mitigations which won't slow down or make the system faster.Leave a comment:
Leave a comment: