A Lot Of Spectre Changes Land In The Linux 4.19 Git Tree, Possible Performance Impact
"The Speck [Spectre slang, not to be confused with the controversial NSA algo] brigade sadly provides yet another large set of patches destroying the perfomance which we carefully built and preserved," began the latest x86/pti pull request by kernel maintainer Thomas Gleixner.
This batch of x86/pti patches is some of the most work we've seen on the Meltdown/Spectre front in months. Included with this new work targeting the Linux 4.19 kernel is:
- Enhanced IBRS(Indirect Branch Restricted Speculation) that will be available with future Intel CPUs as a simpler and more efficient approach to IBRS from current Intel x86 processors. Enhanced IBRS will be used by default on these future Intel CPUs and should help lessen the performance impact of Spectre Variant Two mitigation compared to Retpolines or the current IBRS. Gleixner commented, "Unfortunately we dont know the performance impact of this, but it's expected to be less horrible than the IBRS hammering."
- There is now page table isolation (PTI/KPTI) support for 32-bit PAE hardware for Meltdown mitigation. A few weeks ago I tested that 32-bit Linux PTI code in 32-Bit Linux Prepares For Performance Hit Due To KPTI For Meltdown Mitigation to look at the performance hit with old hardware.
- Fixes to global bit mechanics for CPUs without PCID (Process Context Identifiers) were "exposing interesting memory needlessly."
- Initial SpectreRSB mitigation for mitigating the Return Stack Buffer vulnerability in userspace-userspace form of this attack vector.
There are also other clean-ups and changes as part of the roughly thousand lines of code churn for x86/pti this cycle. I'll be running my usual kernel benchmarks once the current merge window has passed later this month.
This batch of x86/pti patches is some of the most work we've seen on the Meltdown/Spectre front in months. Included with this new work targeting the Linux 4.19 kernel is:
- Enhanced IBRS(Indirect Branch Restricted Speculation) that will be available with future Intel CPUs as a simpler and more efficient approach to IBRS from current Intel x86 processors. Enhanced IBRS will be used by default on these future Intel CPUs and should help lessen the performance impact of Spectre Variant Two mitigation compared to Retpolines or the current IBRS. Gleixner commented, "Unfortunately we dont know the performance impact of this, but it's expected to be less horrible than the IBRS hammering."
- There is now page table isolation (PTI/KPTI) support for 32-bit PAE hardware for Meltdown mitigation. A few weeks ago I tested that 32-bit Linux PTI code in 32-Bit Linux Prepares For Performance Hit Due To KPTI For Meltdown Mitigation to look at the performance hit with old hardware.
- Fixes to global bit mechanics for CPUs without PCID (Process Context Identifiers) were "exposing interesting memory needlessly."
- Initial SpectreRSB mitigation for mitigating the Return Stack Buffer vulnerability in userspace-userspace form of this attack vector.
There are also other clean-ups and changes as part of the roughly thousand lines of code churn for x86/pti this cycle. I'll be running my usual kernel benchmarks once the current merge window has passed later this month.
6 Comments