Red Hat Aiming To Address IBRS Mitigation Still Being Too Costly On Performance

Written by Michael Larabel in Red Hat on 19 June 2023 at 11:29 AM EDT. 3 Comments
RED HAT
Red Hat engineers are working to deal with Indirect Branch Restricted Speculation (IBRS) being too costly for mitigating Spectre V2 and Retbleed on older Intel Xeon Scalable processors. A new patch has been floated to disable IBRS when idle and is working out well at least for Red Hat Enterprise Linux 9 while isn't clear yet if it will be accepted into the upstream kernel.

The patch from Red Hat's Waiman Long explains the pains they are still dealing with around Intel IBRS for dealing with Spectre and Retbleed:
For Intel processors that need to turn on IBRS to protect against Spectre v2 and Retbleed, the IBRS bit in the SPEC_CTRL MSR affects the performance of the whole core even if only one thread is turning it on when running in the kernel. For user space heavy applications, the performance impact of occasionally turning IBRS on during syscalls shouldn't be significant. Unfortunately, that is not the case when the sibling thread is idling in the kernel. In that case, the performance impact can be significant.

When DPDK is running on an isolated CPU thread processing network packets in user space while its sibling thread is idle. The performance of the busy DPDK thread with IBRS on and off in the sibling idle thread are:

IBRS on IBRS off
------- --------
packets/second: 7.8M 10.4M
avg tsc cycles/packet: 282.26 209.86

This is a 25% performance degradation. The test system is a Intel Xeon 4114 CPU @ 2.20GHz.

This patch series turns off IBRS when in various idle mode to eliminate the performance impact of the idling thread on its busy sibling thread.

Ouch, a 25% hit on the Xeon Scalable Skylake for the open-source Data Plane Development Kit (DPDK).


There is this kernel thread where the patch to disable IBRS when idle is being floated. Prominent Intel Linux engineer Peter Zijlstra though has suggested another patch that isn't currently back-ported to RHEL9. Additionally, the possibility of going with Call Depth Stuff/Tracking instead of IBRS. In my tests the Call Depth Tracking found in mainline Linux 6.2+ is indeed offering to help recover some lost performance on Intel Skylake era CPUs that otherwise rely on IBRS. So we'll see where the upstream kernel activity goes or if Red Hat ends up just carrying this patch as part of their RHEL9 kernel for the time being until back-porting any new options. In any event this latest kernel mailing list thread continues to show the mitigation pains still being experienced by enterprise Linux users in mid-2023 on older platforms.
3 Comments
Related News
Red Hat Offering Up To 4 Years Extra Support For RHEL7
Red Hat Releases DNF 4.20 In Preparation For DNF5
RHEL 9.4 Beta Brings Full Support For Intel SGX & DSA Accelerator Drivers
Red Hat Changing How They Handle Their Minor Release Betas
RHEL's Source Code Access Change Is Causing Issues For CentOS SIGs
Red Hat Updates RHEL Pricing For The Cloud - Now Scales With vCPU Count
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
systemd Rolling Out "run0" As sudo Alternative
Fedora Linux 40 Available For Download As A Wonderful Upgrade
Microsoft Open-Sources MS-DOS 4.0 Under MIT License
Systemd 256-rc1 Brings A Huge Number Of New Features
NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver
Rust-Based Coreutils 0.0.26 Increases Compatibility With GNU Coreutils
Ubuntu 24.04 LTS Downloads Now Available
Proton 9.0 RC2 Makes More Windows Games Playable On Linux, Other Fixes