View previous topic :: View next topic |
Author |
Message |
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2978 Location: Edge of marsh USA
|
Posted: Fri Aug 19, 2022 3:27 am Post subject: PC slow after kernel speculative execution mitigations |
|
|
When upgrading my kernel from gentoo-sources-5.10.128 to 5.10.135, I accepted all of the recommended mitigations for speculative execution vulnerabilities. Since then, running programs within the desktop GUI (OpenBox) are noticeably slugish compared to previously.
This is my primary desktop PC, only server function running is openssh and even that is not accessible from the Internet. Only two users are me and wife as local users. Would I be unwise to disable these mitigations? Opinions appreciated. Let's discuss. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
mike155 Advocate
Joined: 17 Sep 2010 Posts: 4438 Location: Frankfurt, Germany
|
Posted: Fri Aug 19, 2022 8:22 am Post subject: |
|
|
Please make sure that it's really the mitigations that slow down your computer. Please boot your kernel with kernel parameter "mitigations=off". You can blame the mitigations if your computer is fast with this kernel parameter and sluggish without it. If it's sluggish with and without this parameter, it's something else that slows down your computer.
To answer your question: I would enable the mitigations on shared hosting platforms, on servers with many unknown users or on machines with a high security level (secure servers, network gateways etc). I have not enabled the mitigations on my desktop machine. |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2978 Location: Edge of marsh USA
|
Posted: Fri Aug 19, 2022 6:02 pm Post subject: |
|
|
Thank you mike155.
"mitigations=off" is a good trick, like having my cake and eating it too. I added the boot parameter to my /boot/grub/custom.cfg which lets me choose at boot to have my vulnerabilities, speed and responsiveness back, or just reboot to lock back down. (Ordinarily, I only reboot this machine to use updated kernels.) With mitigations=off, the end of lscpu shows:
Code: | Vulnerabilities:
Itlb multihit: Processor vulnerable
L1tf: Mitigation; PTE Inversion
Mds: Vulnerable; SMT vulnerable
Meltdown: Vulnerable
Mmio stale data: Not affected
Retbleed: Not affected
Spec store bypass: Vulnerable
Spectre v1: Vulnerable: __user pointer sanitization and usercopy ba
rriers only; no swapgs barriers
Spectre v2: Vulnerable, IBPB: disabled, STIBP: disabled
Srbds: Not affected
Tsx async abort: Not affected |
It seems scary, but it's fast again. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
Goverp Advocate
Joined: 07 Mar 2007 Posts: 2027
|
Posted: Sat Aug 20, 2022 11:56 am Post subject: |
|
|
For comparison, my hp laptop, albeit with an AMD chip, runs OK with most mitigations on,
(as compared with when I tried enabling retbleed mitigation, when it crawled).
I reckon end on Intel chips you ought to be able to mitigate most of the list apart from retbleed and still have acceptable performance.
My lscpu says:
Code: | Vendor ID: AuthenticAMD
Model name: AMD A9-9420 RADEON R5, 5 COMPUTE CORES 2C+3G
CPU family: 21
Model: 112
...
Vulnerabilities:
Itlb multihit: Not affected
L1tf: Not affected
Mds: Not affected
Meltdown: Not affected
Mmio stale data: Not affected
Retbleed: Vulnerable
Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Retpolines, IBPB conditional, STIBP disabled, RSB fillin
g, PBRSB-eIBRS Not affected
Srbds: Not affected
Tsx async abort: Not affected |
_________________ Greybeard |
|
Back to top |
|
|
Irets Apprentice
Joined: 17 Dec 2019 Posts: 224
|
Posted: Sat Aug 20, 2022 12:37 pm Post subject: |
|
|
I did not opt-in to the migitation settings brought by 5.15.59.
There has been no increase/decrease in performance.
EDIT: nevermind, your OP indicates you running an older kernel than me.
Sorry for the noise. |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2978 Location: Edge of marsh USA
|
Posted: Sat Aug 20, 2022 6:35 pm Post subject: |
|
|
For a fuller snapshot, my collocated server is an x86 machine with older AMD CPU and mostly not affected, running on a Gigabyte GA-MA78GM-US2H/GA-MA78GM-US2H motherboard, BIOS F8 10/08/2009, and the same 5.10.135 kernel as my desktop:
Code: | Vendor ID: AuthenticAMD
Model name: AMD Phenom(tm) 8650 Triple-Core Processor
CPU family: 16
Model: 2
...
Vulnerabilities:
Itlb multihit: Not affected
L1tf: Not affected
Mds: Not affected
Meltdown: Not affected
Mmio stale data: Not affected
Retbleed: Not affected
Spec store bypass: Not affected
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer
sanitization
Spectre v2: Mitigation; Retpolines, STIBP disabled, RSB filling
Srbds: Not affected
Tsx async abort: Not affected |
_________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
Goverp Advocate
Joined: 07 Mar 2007 Posts: 2027
|
Posted: Sat Aug 20, 2022 6:56 pm Post subject: |
|
|
figueroa wrote: | Thank you mike155.
"mitigations=off" is a good trick...
It seems scary, but it's fast again. |
This pretty readable article from Kaspersky makes it less scary. _________________ Greybeard |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2978 Location: Edge of marsh USA
|
Posted: Sat Aug 20, 2022 7:58 pm Post subject: |
|
|
Thanks, Goverp. The non-technical Kapersky article is just my speed. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
Goverp Advocate
Joined: 07 Mar 2007 Posts: 2027
|
Posted: Sun Aug 21, 2022 9:51 am Post subject: |
|
|
Just had a look at my desktop's lscpu. It's a much more powerful beast than my laptop; it's running 5.19.2 (except there's an amdgpu bug when suspending with multiple ttys), and I enabled the minimum necessary mitigations - retpoline and IBPB - and didn't notice any performance hit. I made the mistake of enabling PTI, and the system crawled. I suspect the same would be the case for the other one.
Code: | Model name: AMD Ryzen 9 3900X 12-Core Processor
CPU family: 23
Model: 113
...
Vulnerabilities:
Itlb multihit: Not affected
L1tf: Not affected
Mds: Not affected
Meltdown: Not affected
Mmio stale data: Not affected
Retbleed: Mitigation; IBPB; SMT enabled with STIBP protection
Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Retpolines, IBPB conditional, STIBP always-on, RSB filling, PBRSB-eIBRS Not af
fected
Srbds: Not affected
Tsx async abort: Not affected |
_________________ Greybeard |
|
Back to top |
|
|
|