Experimental Linux Address Space Isolation "ASI" v2 Patches: I/O Throughput Lower By 70%

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • phoronix
    Administrator
    • Jan 2007
    • 67050

    Experimental Linux Address Space Isolation "ASI" v2 Patches: I/O Throughput Lower By 70%

    Phoronix: Experimental Linux Address Space Isolation "ASI" v2 Patches: I/O Throughput Lower By 70%

    Google engineers and others have been talking about Address Space Isolation "ASI" for the Linux kernel to better deal with speculative execution attacks and other CPU vulnerabilities. Last summer there were some new "request for comments" patches working on Linux Address Space Isolation and today a second iteration of those RFC patches were published. They are now out for review but they are unlikely to see much use: the I/O throughput as measured by FIO takes a 70% hit...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
  • thechef
    Junior Member
    • Sep 2012
    • 42

    #2
    What a salesman.

    No, seriously. All focused on what has yet to improve before trying to push immature stuff and causing a kernel drama.

    Comment

    • aviallon
      Senior Member
      • Dec 2022
      • 273

      #3
      I am seriously interested in this ASI approach.
      I wonder, by the way, if something similar to io_uring could be used for internal kernel communication.
      Perhaps it would mitigate a lot of these issues.

      Comment

      • uxmkt
        Senior Member
        • Dec 2018
        • 317

        #4
        -70%... At this point we might as well go all microkernel, with drivers and stuff all in user mode.

        Comment

        • waxhead
          Premium For Life
          • Jul 2014
          • 1137

          #5
          Originally posted by uxmkt View Post
          -70%... At this point we might as well go all microkernel, with drivers and stuff all in user mode.
          **If** I remember correctly Minix3 has a ~30% performance loss due to being a microkernel. Suddenly that performance loss does not seem that drastic compared to all the other mitigations. Maybe microkernel is the right way to go after all!

          http://www.dirtcellar.net

          Comment

          • oiaohm
            Senior Member
            • Mar 2017
            • 8248

            #6
            Originally posted by waxhead View Post
            **If** I remember correctly Minix3 has a ~30% performance loss due to being a microkernel. Suddenly that performance loss does not seem that drastic compared to all the other mitigations. Maybe microkernel is the right way to go after all!
            Depends on the workload. Sel4 has it inside 10 to 20 percent of what the hardware can do in tested workloads. Of course there are still mitigations required.

            Comment

            • kylew77
              Senior Member
              • Jul 2017
              • 1127

              #7
              Stuff like this is why OpenBSD is slower than Linux but potentially more secure. One has to make a decision performance or security. You can't have both maxed out. The real work is striking the balance between good security and good performance.

              Comment

              • oiaohm
                Senior Member
                • Mar 2017
                • 8248

                #8
                Originally posted by kylew77 View Post
                Stuff like this is why OpenBSD is slower than Linux but potentially more secure. One has to make a decision performance or security. You can't have both maxed out. The real work is striking the balance between good security and good performance.
                Really no with the OpenBSD. Performance and security don't line up that way.

                sel4 and Lions os starts showing you what a OS designed for security should look like.
                The Lions Operating System # LionsOS is currently at version 0.2.0 and is undergoing active research and development, it does not have a concrete verification story yet. It is not expected for LionsOS to be stable at this time, but it is available for others to experiment with. For more info, see Status & Roadmap. LionsOS is an operating system based on the seL4 microkernel with the goal of making the achievements of seL4 accessible.

                And this does not look like OpenBSD.

                OpenBSD is a modular monolithic kernel at core the same type as the Linux kernel in fact. Monolithic kernels you choose because your target is performance.

                OpenBSD is mostly slower because they don't have the developers to spend time going after all the different performance optimizations. Yes same developer issue that causes OpenBSD to not have all the performance optimizations causes it to be feature poor. OpenBSD appears more secure than Linux not really from intentional design but from simply having less features(feature poor) due to having less developers.

                Here the scary point people miss.

                Linux kernel does in fact have some of the formal proof required to prove that it a secure OS. Do note I said some not all without all its not a secure OS. OpenBSD has none of the formal proofs.

                So LInux by formal proof evidence is more secure than OpenBSD and absolutely less secure than Sel4/Lions OS.

                Yes it been annoying that OpenBSD authors/marketing people push the idea they are secure when they really don't have the evidence to back up their statements.

                Secure does not have to equal slow. Secure should have documents at least somewhat proving it.

                Another reality to be correct we are not sure if maxed out security and maxed out performance is possible or not. kylew77 think how often we are running a OS requiring security and we have not audited the hardware for defects. Yes maxed out security and maxed out performance is seaming to require altering how silicon is designed.

                Comment

                Working...
                X