Linux 5.13 To Address Some Networking Overhead Caused By Retpolines

Written by Michael Larabel in Linux Networking on 21 March 2021 at 08:47 AM EDT. 3 Comments
LINUX NETWORKING
It's been three years that Retpolines (return trampolines) have been around as part of the Spectre defenses on Linux and kernel developers in particular are still working to better optimize different areas of their code to deal with the performance overhead incurred.

With the current Linux 5.12 cycle there is an important change to the AES-NI crypto code to overcome the overhead introduced by enabling Retpolines on older Intel systems and old through current AMD hardware where this is needed as part of Spectre V2 mitigations. Those AES-NI code changes in Linux 5.12 for avoiding indirect calls makes a big performance improvement for cryptsetup on Retpolines-enabled hardware. Now with Linux 5.13, the networking subsystem is seeing some tuning to also avoid Retpoline costs.

Patches by Alexander Lobakin have been queued into net-next ahead of Linux 5.13 to work on avoiding Retpoline overhead. The area of focus with these initially queued patches are for VLAN and TEB GRO (Transparent Ethernet Bridging). There are just over two dozen lines of code changed for dealing with indirect calls there in aiming to lower the performance hit on Retpoline-enabled kernels.
The two most popular headers going after Ethernet are IPv4 and IPv6. Retpoline overhead for them is addressed only in dev_gro_receive(), when they lie right after the outermost Ethernet header. Use the indirect call wrappers in TEB (Transparent Ethernet Bridging, such as GENEVE, NvGRE, VxLAN etc.) GRO receive code to reduce the penalty when processing the inner headers.
...
Use the indirect call wrappers in VLAN GRO receive code to reduce the penalty on receiving tagged frames (when hardware stripping is off or not available).

The real interesting matter is how much more kernel code is left to be optimized in trying to lower the overhead impact from Retpolines. Of course though, Retpolines are just one of several software mitigations out there for the growing number of speculative execution vulnerabilities affecting modern processors.
3 Comments
Related News
Samba 4.20 Released With WSP Search Client, Service Witness Protocol
Many Networking Improvements & New Wired/Wireless Devices For Linux 6.9
Cloudflare Makes Pingora Rust Framework Open-Source
NetworkManager 1.46 Can Now Manage Ethtool EEE Settings, IPv4 DAD Default & 2FA VPNs
Linux 6.8 Network Optimizations Can Boost TCP Performance For Many Concurrent Connections By ~40%
The First Rust-Written Network PHY Driver Set To Land In Linux 6.8
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance
Godot's Vulkan Backend Seeing Better Performance, 10~20% Reduction In Frame Times
GNOME Working To Make Key Rack A Viable Password Manager, Better Printing For Flatpaks
Niri 0.1.5 Scrollable-Tiling Wayland Compositor Adds New Animations