32-Bit Linux Prepares For Performance Hit Due To KPTI For Meltdown Mitigation

Written by Michael Larabel in Software on 25 July 2018 at 09:25 AM EDT. Page 1 of 4. 11 Comments.

Since January there has been KPTI in the x86_64 Linux kernel as Kernel-based Page Table Isolation for mitigating the Meltdown CPU vulnerability. On the back-burner since then has been KPTI support for the Linux x86 32-bit kernel to protect those using older 32-bit-only processors. With the upcoming Linux 4.19 kernel, KPTI is landing for Linux x86 32-bit. Here are sone benchmarks showing the performance penalty when upgrading to this new kernel on an Ubuntu i686 laptop.

KPTI on Linux x86 yields a similar performance hit to what we saw earlier this year when the Linux x86_64 kernel support was introduced for mitigating the Meltdown vulnerability. But making matters worse is that 32-bit Intel/VIA CPUs still in use today are already mega slow by today's standards and made even worse with KPTI. Additionally, it's only with Intel Westmere CPUs and newer -- which is already in the x86_64 era -- where Process Context Identifiers (PCID) support was introduced for helping to help offset some of the performance impact of KPTI. Thus for anyone still using x86 32-bit hardware vulnerable to Meltdown, upgrading to Linux 4.19+ could be a real performance doozy if using the stock configuration. Fortunately, like with Linux x86_64, if you wish to disable page table isolation you can do so using the "nopti" kernel boot parameter.

For seeing the performance impact of KPTI on an i686 kernel build, I compiled the current x86/pti branch of tip.git that days ago merged this x86 32-bit mitigation. I tested it on current tip.git kernel build, which is presently based upon Linux 4.18-rc4 albeit is not expected to be merged to the mainline kernel until the Linux 4.19 merge window in August. The tests were done on an Ubuntu 16.04 LTS i686 installation with Unity 7.4.5 and the GCC 5.4.0 compiler.

The oldest 32-bit hardware I have around that's still in decent shape is a dual Xeon LV board (besides Atom N270 parts not exposed to Meltdown), but unfortunately my PCI graphics cards for that motherboard are no longer working. So for this testing I used a Lenovo ThinkPad T61 laptop, which sports the Intel Core 2 Duo T9300. That CPU is actually x86_64 capable but is now a decade old and from the Intel Penryn days, so close enough to the vintage of what were the last 32-bit Intel CPUs. This laptop has 4GB of RAM and a 100GB Hitachi 5400RPM HDD with NVIDIA Quadro NVS 140M graphics.

This testing was quite straight-forward of running Ubuntu 16.04 LTS i686 with the patched kernel build and then another run after booting that kernel with "nopti" for disabling the kernel page table isolation. The __user pointer sanitization and generic Retpolines were left unchanged to look exclusively at the forthcoming KPTI impact. All of these Linux kernel benchmarks were carried out using the open-source Phoronix Test Suite benchmarking software.

Related Articles