https://www.theregister.co.uk/2018/01/0 ... sign_flaw/
https://www.postgresql.org/message-id/2 ... narazel.de
Intel CPU performance-loss by security-patch?!?
Moderators: hgm, Rebel, chrisw
-
pohl4711
- Posts: 2432
- Joined: Sat Sep 03, 2011 7:25 am
- Location: Berlin, Germany
- Full name: Stefan Pohl
-
syzygy
- Posts: 5557
- Joined: Tue Feb 28, 2012 11:56 pm
Re: Intel CPU performance-loss by security-patch?!?
I read about this problem so time ago (KAISER patches to address a security problem related to the kernel being mapped into the address space of user processes), so this whole thing is not as secret and sudden as the article suggests it is.
It seems Intel processors will be slowed down by a lot. AMD processors are not affected.
So this is good news for AMD.
It is even better news for Intel: after a 30% slowdown of old and current Intel processors, many users will find it necessary to upgrade to fixed Intel cpus. This is Apple^2.
Apparently it will be possible to disable the fix and its heavy performance penalty on Linux. The question is how dangerous that will be (it seems even javascript could potentially abuse the security flaw).
On Windows and Mac there will likely be no way to disable the fix and its performance penalty.
-
Milos
- Posts: 4190
- Joined: Wed Nov 25, 2009 1:47 am
Re: Intel CPU performance-loss by security-patch?!?
Lol sure, if you are Amazon, or offering cloud services. On home machines ofc it will be possible. More than 50% of windows home machines are running cracked windows for god sake.syzygy wrote:On Windows and Mac there will likely be no way to disable the fix and its performance penalty.
-
PaulieD
- Posts: 211
- Joined: Tue Jun 25, 2013 8:19 pm
Re: Intel CPU performance-loss by security-patch?!?
https://www.extremetech.com/computin...ce-performance
Recent Intel CPUs may not be affected by this issue to the same extent as older chips, but I haven’t been able to confirm that personally.
There are references to using the “nopcid” instruction to disable other features Intel built into its Core microarchitecture to mitigate
the performance hit from separating the kernel and user memory space,
but no clear demarcation on when those mitigating features were themselves introduced.
The nopcid instruction was added with AVX2 support when Haswell was new, which would seem to imply that Intel CPUs pre-Haswell might face larger penalties than chips post-Hawell.
Recent Intel CPUs may not be affected by this issue to the same extent as older chips, but I haven’t been able to confirm that personally.
There are references to using the “nopcid” instruction to disable other features Intel built into its Core microarchitecture to mitigate
the performance hit from separating the kernel and user memory space,
but no clear demarcation on when those mitigating features were themselves introduced.
The nopcid instruction was added with AVX2 support when Haswell was new, which would seem to imply that Intel CPUs pre-Haswell might face larger penalties than chips post-Hawell.
-
syzygy
- Posts: 5557
- Joined: Tue Feb 28, 2012 11:56 pm
-
MikeGL
- Posts: 1010
- Joined: Thu Sep 01, 2011 2:49 pm
Re: Intel CPU performance-loss by security-patch?!?
The discussions at some IT forums made me confused.
The overhead, if I understand the published kaiser paper correctly,
is just around 0.28% and not 28%.
less than 1% overhead is not the same as 28%.
-
ZirconiumX
- Posts: 1334
- Joined: Sun Jul 17, 2011 11:14 am
Re: Intel CPU performance-loss by security-patch?!?
It's hard to judge what the slowdown is for chess, but I would imagine that due to page faults, this would result in a more significant slowdown the larger your hash tables are. Beyond that, I have no idea, as chess programs are largely user-space.
Some believe in the almighty dollar.
I believe in the almighty printf statement.
I believe in the almighty printf statement.
-
syzygy
- Posts: 5557
- Joined: Tue Feb 28, 2012 11:56 pm
Re: Intel CPU performance-loss by security-patch?!?
It seems applications with lots of I/O incur the largest performance overhead, whereas purely computational tasks seem to be affected much less:ZirconiumX wrote:It's hard to judge what the slowdown is for chess, but I would imagine that due to page faults, this would result in a more significant slowdown the larger your hash tables are. Beyond that, I have no idea, as chess programs are largely user-space.
https://www.phoronix.com/scan.php?page= ... 6pti&num=2
But I would not be surprised if large hashtables increase the penalty. TB access will also be negatively affected, in particular when data is paged in from SSD.
-
syzygy
- Posts: 5557
- Joined: Tue Feb 28, 2012 11:56 pm
Re: Intel CPU performance-loss by security-patch?!?
It is not the same, but 28% is the more accurate number here, at least for certain workloads.MikeGL wrote:The discussions at some IT forums made me confused.
The overhead, if I understand the published kaiser paper correctly,
is just around 0.28% and not 28%.
less than 1% overhead is not the same as 28%.
https://lkml.org/lkml/2017/10/31/884
kernel developer wrote:KAISER will affect performance for anything that does system calls or interrupts: everything. Just the new instructions (CR3 manipulation) add a few hundred cycles to a syscall or interrupt. Most workloads that we have run show single-digit regressions. 5% is a good round number for what is typical. The worst we have seen is a roughly 30% regression on a loopback networking test that did a ton of syscalls and context switches. More details about possible performance impacts are in the new Documentation/ file.
This code is based on a version I downloaded from (https://github.com/IAIK/KAISER). It has been heavily modified.
The approach is described in detail in a paper[2]. However, there is some incorrect and information in the paper, both on how Linux and the hardware works. For instance, I do not share the opinion that KAISER has "runtime overhead of only 0.28%". Please rely on this patch series as the canonical source of information about this submission.
-
MikeGL
- Posts: 1010
- Joined: Thu Sep 01, 2011 2:49 pm
Re: Intel CPU performance-loss by security-patch?!?
+1syzygy wrote:It is not the same, but 28% is the more accurate number here, at least for certain workloads.MikeGL wrote:The discussions at some IT forums made me confused.
The overhead, if I understand the published kaiser paper correctly,
is just around 0.28% and not 28%.
less than 1% overhead is not the same as 28%.
https://lkml.org/lkml/2017/10/31/884kernel developer wrote:KAISER will affect performance for anything that does system calls or interrupts: everything. Just the new instructions (CR3 manipulation) add a few hundred cycles to a syscall or interrupt. Most workloads that we have run show single-digit regressions. 5% is a good round number for what is typical. The worst we have seen is a roughly 30% regression on a loopback networking test that did a ton of syscalls and context switches. More details about possible performance impacts are in the new Documentation/ file.
This code is based on a version I downloaded from (https://github.com/IAIK/KAISER). It has been heavily modified.
The approach is described in detail in a paper[2]. However, there is some incorrect and information in the paper, both on how Linux and the hardware works. For instance, I do not share the opinion that KAISER has "runtime overhead of only 0.28%". Please rely on this patch series as the canonical source of information about this submission.
This cleared my confusion.
Thanks for the link.