Linux 4.20 Performance Decimated by Spectre and Meltdown Mitigations

Discussion in '[H]ard|OCP Front Page News' started by Megalith, Nov 18, 2018.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    12,771
    Joined:
    Aug 20, 2006
    Phoronix began benchmarking the latest development version of Linux this week and found that performance was clearly worse on certain Intel systems, such as the Core i9 7960X. After further testing, the culprit turned out to be “kernel-side bits for STIBP (Single Thread Indirect Branch Predictors) for cross-hyperthread Spectre Variant Two mitigation.” AMD CPUs “didn't appear impacted.”

    This latest Linux 4.20 testing endeavor started out with seeing the Intel Core i9 performance pulling back in many synthetic and real-world tests. This ranged from Rodinia scientific OpenMP tests taking 30% longer to Java-based DaCapo tests taking up to ~50% more time to complete to code compilation tests taking measurably longer to lower PostgreSQL database server performance to longer Blender3D rendering times. That happened with a Core i9 7960X and Core i9 7980XE test systems while the AMD Threadripper 2990WX performance was unaffected by the Linux 4.20 upgrade.
     
    DrezKill likes this.
  2. Balkroth

    Balkroth Limp Gawd

    Messages:
    195
    Joined:
    Dec 15, 2011
  3. M76

    M76 [H]ardness Supreme

    Messages:
    8,148
    Joined:
    Jun 12, 2012
    OK, that's it, I've had enough! How can I put this in no uncertain terms?

    I'm not running a cloud server, I'm not a bank, neither do I handle sensitive client data, STOP RUINING MY PERFORMANCE!

    Let me decide if I want to opt in to these "mitigations". Because at this point it seems that the so called fixes are causing more problems than they solve. I know someone can theoretically siphon data from me, and I don't care! Someone can also break into my house and steal my entire computer, still I won't wall the windows in to mitigate that risk.
     
  4. MMitch

    MMitch Limp Gawd

    Messages:
    379
    Joined:
    Nov 29, 2016
    Can't you do that on Linux ? (Article is about Linux)
     
    cageymaru likes this.
  5. Master_shake_

    Master_shake_ Little Bitch

    Messages:
    8,454
    Joined:
    Apr 9, 2012
    all mitigations and no play makes intel a dull boy.
     
  6. cageymaru

    cageymaru [H]ard|News

    Messages:
    19,480
    Joined:
    Apr 10, 2003
    While with time it's possible to better optimize the code to perhaps recover from some of the performance loss, with this being an intentional change, that's how things are looking for Linux 4.20 with no apparent improvement in sight. If disabling Spectre V2 mitigations for the Linux kernel, STIBP becomes disabled as a workaround for performance sensitive systems albeit potentially insecure.

    I assume that means you can disable it. In my opinion that is the best way. Allow those who don't care to run the increased security a way to disable it. As for corporations that have sensitive data stored in the Cloud, and side channel attacks would allow data theft, add solutions that mitigate those risks directly into the kernel.

    I would ship all systems with the protections set to "on." If the users want to disable it for more performance; then do so at their own risk. :)
     
  7. Spidey329

    Spidey329 [H]ardForum Junkie

    Messages:
    8,959
    Joined:
    Dec 15, 2003
    You can disable them in Windows10 as well via the registry. There's a toolset out that will check if you're patched and enable/disable the various patches.
     
  8. Ultima99

    Ultima99 [H]ardness Supreme

    Messages:
    4,900
    Joined:
    Jul 31, 2004
    Are we sure this release isn't just stoned?
     
  9. whatevs

    whatevs Limp Gawd

    Messages:
    200
    Joined:
    Jun 23, 2017
    You've never used GNU/Linux.
     
    Red Falcon and auntjemima like this.
  10. ole-m

    ole-m Limp Gawd

    Messages:
    362
    Joined:
    Oct 5, 2015

    These have to be put in place cause those banks running your bank account doesn't know how to selectively do this, so the vendor (Ms, Linux kernel etc) must by default.
    also, you can disable it all if you want (which is from OS level) microcode I do not know about.
     
    dgz, Red Falcon and whatevs like this.
  11. whatevs

    whatevs Limp Gawd

    Messages:
    200
    Joined:
    Jun 23, 2017
    I want to clarify that. No one runs bleeding edge kernels except a handful of distros and they require highly technical hand holding on an ongoing basis.

    By the time 4.20 hits any LTS release that a professional would use, a simple Google search would provide answer on how to deal with any issue.

    Plus, it has been possible to disable all this stuff trivially since the beginning... just like everything else with GNU/Linux. King of customization.
     
  12. Glock24

    Glock24 [H]Lite

    Messages:
    84
    Joined:
    Jan 2, 2005
    Under Linux you can disable some or most mitigations via kernel parameters at boot. For kernel 4.20 some mitigations are baked in and require a recompile to disable them, at least that's what I understood.

    As for Windows, you can use this to disable mitigations:

    https://www.grc.com/inspectre.htm
     
    DrezKill, MatthewK and M76 like this.
  13. Simmonz

    Simmonz 2[H]4U

    Messages:
    2,681
    Joined:
    May 14, 2008
    I can't decide what issue to blame here. Should I go with maybe they were too 420 friendly while working on 4.20, or I could mention how the new COC is to blame ir should I just blame Intel ? So many options.
     
  14. M76

    M76 [H]ardness Supreme

    Messages:
    8,148
    Joined:
    Jun 12, 2012
    If you're a psychic, then a terrible one at that :p
     
  15. M76

    M76 [H]ardness Supreme

    Messages:
    8,148
    Joined:
    Jun 12, 2012
    Banks damn well should have security experts, who know how to make things secure. Almost nothing comes as fully secure out of the box, so if they know how to set up their networking and services on linux to be secure, they might as well know about this.

    It is insanity to think that a bank would assume something is secure out of the box and just roll with it without double or triple checking.
     
    Armenius and PhaseNoise like this.
  16. MMitch

    MMitch Limp Gawd

    Messages:
    379
    Joined:
    Nov 29, 2016
    Why did you post your original comment then ? Did you forget /s ?
     
  17. M76

    M76 [H]ardness Supreme

    Messages:
    8,148
    Joined:
    Jun 12, 2012
    Forget what? That you can opt out of the spectre / meltdown mitigations under linux? No, I didn't know that. How do you leap from there to "you've never used linux"?
     
  18. jojo69

    jojo69 [H]ardForum Junkie

    Messages:
    10,498
    Joined:
    Sep 13, 2009

    that's all good until you want to access your private keys

    a known secure environment is pretty important to some of us
     
    travanx and Red Falcon like this.
  19. MMitch

    MMitch Limp Gawd

    Messages:
    379
    Joined:
    Nov 29, 2016
    Good point. I just assumed that everyone thinks you can do whatever you want under linux... I'm far from been even an experienced linux user :)
     
  20. DogsofJune

    DogsofJune [H]ard|Gawd

    Messages:
    1,763
    Joined:
    Nov 7, 2008
    Phfff.... Processors these days. Good thing we keep moving forward with new tech......
     
  21. kllrnohj

    kllrnohj [H]ardness Supreme

    Messages:
    6,854
    Joined:
    Apr 1, 2003
    You run untrusted code all the time in the form of Javascript. It'd be unreasonable for anything to default to not having these mitigations when a javascript page could instantly own your entire system.

    These fixes are not causing any problems at all. The performance loss is not so severe as to suddenly turn a system from perfectly usable to basically a brick.

    If you want to manually opt-out go for it, but the default needs to be what it is. And Intel should fix their broken ass shit, or buy AMD which isn't affected to nearly the same degree.
     
  22. dgz

    dgz [H]ardness Supreme

    Messages:
    4,739
    Joined:
    Feb 15, 2010
    Get a Ryzen. You know I am right
     
    ccityinstaller and LightsOut41 like this.
  23. kandrey89

    kandrey89 Limp Gawd

    Messages:
    175
    Joined:
    Jul 11, 2015
    By 2020 Intel will have just 15% market share of desktop and server market, while AMD will have 60%, ARM and IBM will hold the remainder (25%).
     
    LightsOut41 and Red Falcon like this.
  24. Red Falcon

    Red Falcon [H]ardForum Junkie

    Messages:
    9,846
    Joined:
    May 7, 2007
    Oh I so cannot wait.
    Maybe by being on the bottom, Intel will finally attempt to be competitive (price/performance) again.

    We don't want them to disappear all together, though, as AMD will turn into exactly what Intel is now - I remember 2006 when AMD was on top and its then-new FX-60 dual-core CPU was $1200.00, and then a few months later dropped to nearly half that due to Intel's Core and later Core 2 CPUs.
    Moral of the story: competition is good. :D
     
    LightsOut41 likes this.
  25. DejaWiz

    DejaWiz Oracle of Unfortunate Truths

    Messages:
    19,793
    Joined:
    Apr 15, 2005
    For anyone wondering what it's like to have a multi-core PIII Coppermine...
     
  26. M76

    M76 [H]ardness Supreme

    Messages:
    8,148
    Joined:
    Jun 12, 2012
    My cpu is not affected that much by this, marginal losses at worst. But at work many of the computers are pre-haswell that are hit badly.
     
    cageymaru likes this.
  27. dgz

    dgz [H]ardness Supreme

    Messages:
    4,739
    Joined:
    Feb 15, 2010
    What do you do on them?
     
  28. NoOther

    NoOther [H]ardness Supreme

    Messages:
    7,160
    Joined:
    May 14, 2008
    Not sure how this matters for most, but likely one of the reasons I am seriously considering moving to AMD with my next build. Of course it would still require a significant upgrade in performance compared to my now 8 year old 2600k which is still plodding along just fine even with mitigations in place.

    First, care to share what Javascript is out there instantly owning systems without these mitigations?

    Even if someone were to pull off the near miraculous and use one of the variants to get to his system. They aren't "owning" the system. The best they could do is get some random information from the system. Even to do that would require them to bypass other security measures which are usually in place. And after all that, the information would have to be something vital to be worthwhile. If you don't contain any sensitive information on the system, what is the point? For instance I could give 2 shits if someone uses one of these variants to steal information on my gaming system. What information are they going to steal? I don't keep anything vital on it, it is a gaming system.

    Second, performance is performance. For some there is no reason to put in mitigations that aren't really going to affect them. Why should I hamper the performance on my gaming rig even a little bit if there is no reason for it?
     
  29. M76

    M76 [H]ardness Supreme

    Messages:
    8,148
    Joined:
    Jun 12, 2012
    Data processing with lots of io.
     
  30. SLee

    SLee Gawd

    Messages:
    951
    Joined:
    Oct 27, 2002
    Even with the performance loss, the Intel systems still end up with comparable or better performance in the Java tests, GCC compilation, and PostgresSQL. It could be argued that the AMD systems already had their performance-loss built-in.
     
    drescherjm likes this.
  31. naib

    naib [H]ard|Gawd

    Messages:
    1,141
    Joined:
    Jul 26, 2013
    CoC for this, hands down. The CoC has made raising objections a hazzard as the SJW can jump on people for raising concerns. Sure Intel dropped the bomb the damn ... this code should have been reviewed and I don't believe in coincidences ...

    https://www.phoronix.com/scan.php?page=news_item&px=Linux-Torvalds-STIBP-Comment
     
  32. dgz

    dgz [H]ardness Supreme

    Messages:
    4,739
    Joined:
    Feb 15, 2010
    What would be the perfect CPU for your loads, and why exacty?
     
  33. Aireoth

    Aireoth [H]ard|Gawd

    Messages:
    1,814
    Joined:
    Oct 12, 2005
    Can I disable this shit on Windows? All someone will get from my personal PC is some of my porn habits, pics of my family, and Granny's pickling recipes.
     
  34. M76

    M76 [H]ardness Supreme

    Messages:
    8,148
    Joined:
    Jun 12, 2012
    I have no idea what would be the perfect cpu, I wish I could try them all. There are definitely no benchmarks available for this, apart from the tests I do. And currently we are cpu limited, I wish I could try a 2990 but if it doesn't bring any significant advantages it's my ass.