The Performance Impact To POWER9's Eager L1d Cache Flushing Fix
Last week a new vulnerability was made public for IBM POWER9 processors resulting in a mitigation of the processor's L1 data cache needing to be flushed between privilege boundaries. Due to the possibility of local users being able to obtain data from the L1 cache improperly when this CVE is paired with other side channels, the Linux kernel for POWER9 hardware is flushing the L1d on entering the kernel and on user accesses. Here are some preliminary benchmarks looking at how this security change impacts the overall system performance.
All the latest Linux kernel stable series are now patched with the new POWER9 behavior for the L1 data cache flushing when crossing privilege boundaries. As outlined already, that L1d flushing behavior is the default but can be disabled with new "no_entry_flush" and "no_uaccess_flush" kernel options to maintain the prior behavior of not flushing.
Curious about the impact, I fired up some benchmarks on a Raptor Blackbird with POWER9 4c/16t processor. Fortunately, the impact isn't too bad outside of workloads frequently going to/from kernel space but even for most of the benchmarks with high kernel interactivity the overall impact isn't too bad.
Here are some initial benchmarks looking at that impact on performance with this new POWER9 mitigation for the Linux kernel.