Major slowdowns caused by the new Linux 4.20 kernel have been traced to a mitigation for Spectre variant 2 that Linux founder Linus Torvalds now wants restricted.
As noted by Linux news site Phoronix, the sudden slowdowns have been caused by a newly implemented mitigation called Single Thread Indirect Branch Predictors (STIBP), which is on by default in the Linux 4.20 kernel for Intel systems with up-to-date microcode.
STIBP is one of three possible mitigations Intel added to its firmware updates in response to the Spectre v2 attacks. Others included Indirect Branch Restricted Speculation (IBRS), and Indirect Branch Predictor Barrier (IBPB), which could be enabled by operating-system makers.
STIBP specifically addresses attacks against Intel CPUs that have enabled Hyper Threading, its version of Simultaneous Multithreading (SMT)
Phoronix's benchmarks comparing Linux 4.20 with STIPB enabled show that the mitigation on some application workloads has a severe impact on performance.
With STIBP enabled, Phoronix's high-end Xeon Gold server also goes from being the fastest server to slower than AMD's previously lower-performing EPYC-based server.
Because of these slowdowns Torvalds' on Sunday posted a message demanding STIBP no longer be enabled by default in the kernel, especially since an existing option is to disable SMT.
SEE: 20 quick tips to make Linux networking easier (free PDF)
"When performance goes down by 50 percent on some loads, people need to start asking themselves whether it was worth it. It's apparently better to just disable SMT entirely, which is what security-conscious people do anyway," wrote Torvalds.
"So why do that STIBP slow-down by default when the people who *really* care already disabled SMT?"
Researchers earlier this month made the same argument against SMT after revealing the PortSmash side-channel vulnerability, which affects all Intel CPUs that support Hyper-Threading.
The researchers noted that "security and SMT are mutually exclusive concepts" and encouraged users to avoid chips that feature SMT. An earlier attack called TLBleed prompted the OpenBSD project to disable support for Intel Hyper-threading.
Torvalds said the code didn't need to be fully reverted, but the behavior that STIPB needs to be "unconditionally" enabled does need to be reverted.
"Because it was clearly way more expensive than people were told," noted Torvalds.
Previous and related coverage
Experiments showed that processors from AMD, ARM, and Intel are affected.
Google's Retpoline fix for the Spectre Variant 2 flaw helps minimize performance hit on Windows 10 machines
Intel's license for its microcode security fixes no longer prevents developers from publishing benchmark results.
You can test performance after using our patches, but don't publish the results, say Intel's new license terms.
Intel's Spectre variant 4 patch will be off by default, but users who turn it on are likely to see slower performance.
The patches, as expected, brought Linux's performance down, but their impact has not been as bad as feared.
Oracle has new fixes available for Spectre flaws affecting Linux systems on Intel and AMD chips.
Reports are emerging of eight new 'Spectre-class' security CPU vulnerabilities.
A new variant of Spectre can expose the contents of memory that normally can't be accessed by the OS kernel.
Microsoft releases new Windows updates to address the Spectre variant 2 flaw affecting Intel chips.
AMD has released microcode updates for Spectre variant 2 that require Microsoft's latest Windows 10 patch.
A handful of CPU families that Intel was due to patch will now forever remain vulnerable.
Intel has listed a range of CPUs released between 2007 and 2011 that will not receive a firmware update to help guard against Spectre-related exploits.
Since the beginning of 2018, the number of cases has risen from three to 32.