PC slow after kernel speculative execution mitigations

figueroa

When upgrading my kernel from gentoo-sources-5.10.128 to 5.10.135, I accepted all of the recommended mitigations for speculative execution vulnerabilities. Since then, running programs within the desktop GUI (OpenBox) are noticeably slugish compared to previously.

This is my primary desktop PC, only server function running is openssh and even that is not accessible from the Internet. Only two users are me and wife as local users. Would I be unwise to disable these mitigations? Opinions appreciated. Let's discuss.
_________________
Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi

mike155 · Posted: Fri Aug 19, 2022 8:22 am Post subject:

Please make sure that it's really the mitigations that slow down your computer. Please boot your kernel with kernel parameter "mitigations=off". You can blame the mitigations if your computer is fast with this kernel parameter and sluggish without it. If it's sluggish with and without this parameter, it's something else that slows down your computer.

To answer your question: I would enable the mitigations on shared hosting platforms, on servers with many unknown users or on machines with a high security level (secure servers, network gateways etc). I have not enabled the mitigations on my desktop machine.

figueroa · Posted: Fri Aug 19, 2022 6:02 pm Post subject:

Thank you mike155.

"mitigations=off" is a good trick, like having my cake and eating it too. I added the boot parameter to my /boot/grub/custom.cfg which lets me choose at boot to have my vulnerabilities, speed and responsiveness back, or just reboot to lock back down. (Ordinarily, I only reboot this machine to use updated kernels.) With mitigations=off, the end of lscpu shows:

Goverp · Advocate Joined: 07 Mar 2007 Posts: 2027

For comparison, my hp laptop, albeit with an AMD chip, runs OK with most mitigations on,
(as compared with when I tried enabling retbleed mitigation, when it crawled).
I reckon end on Intel chips you ought to be able to mitigate most of the list apart from retbleed and still have acceptable performance.

My lscpu says:

Irets · Apprentice Joined: 17 Dec 2019 Posts: 224

I did not opt-in to the migitation settings brought by 5.15.59.

There has been no increase/decrease in performance.

EDIT: nevermind, your OP indicates you running an older kernel than me.
Sorry for the noise.

figueroa · Posted: Sat Aug 20, 2022 6:35 pm Post subject:

For a fuller snapshot, my collocated server is an x86 machine with older AMD CPU and mostly not affected, running on a Gigabyte GA-MA78GM-US2H/GA-MA78GM-US2H motherboard, BIOS F8 10/08/2009, and the same 5.10.135 kernel as my desktop:

Goverp · Advocate Joined: 07 Mar 2007 Posts: 2027

figueroa · Posted: Sat Aug 20, 2022 7:58 pm Post subject:

Thanks, Goverp. The non-technical Kapersky article is just my speed.
_________________
Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi

Goverp · Advocate Joined: 07 Mar 2007 Posts: 2027

Just had a look at my desktop's lscpu. It's a much more powerful beast than my laptop; it's running 5.19.2 (except there's an amdgpu bug when suspending with multiple ttys), and I enabled the minimum necessary mitigations - retpoline and IBPB - and didn't notice any performance hit. I made the mistake of enabling PTI, and the system crawled. I suspect the same would be the case for the other one.