Benchmarking Retpoline Underflow Protection With Intel Skylake/Kabylake
Beyond the Retpoline support already found in the mainline Linux kernel, developers are working on Retpoline Underflow support that would be used for Intel Skylake and Kabylake CPUs. RETPOLINE_UNDERFLOW protects against falling back to a potentially poisoned indirect branch predictor when a return buffer underflows and this additional protection is needed for Intel Skylake/Kabylake processors. I ran a couple benchmarks.
From an Intel Core i9 7980XE (Skylake X) and Core i3 7100 (Kabylake) boxes, I ran some tests of Linux 4.15 built with GCC 8.0.1 when Retpoline was off, there was generic retpoline protection, and then Retpoline paired with the RETPOLINE_UNDERFLOW patches currently out-of-tree.
Retpoline with underflow protection lowered the performance further in some of the benchmarks, particularly I/O as usual for the Retpoline impact.
CPU benchmarks continue to be minimally impacted by retpolines.
Redis is one of the real-world applications where you can see the performance impact of Retpolines present. RETPOLINE_UNDERFLOW protection will presumably be added with Linux 4.16: stay tuned as more patches and information become available.
From an Intel Core i9 7980XE (Skylake X) and Core i3 7100 (Kabylake) boxes, I ran some tests of Linux 4.15 built with GCC 8.0.1 when Retpoline was off, there was generic retpoline protection, and then Retpoline paired with the RETPOLINE_UNDERFLOW patches currently out-of-tree.
Retpoline with underflow protection lowered the performance further in some of the benchmarks, particularly I/O as usual for the Retpoline impact.
CPU benchmarks continue to be minimally impacted by retpolines.
Redis is one of the real-world applications where you can see the performance impact of Retpolines present. RETPOLINE_UNDERFLOW protection will presumably be added with Linux 4.16: stay tuned as more patches and information become available.
8 Comments