Keeping your CPU safe from Spectre imposes serious performance penalty
But that doesn't mean it's a good idea to disable Spectre mitigations
While conducting performance tests, a developer discovered that Spectre mitigations slowed his code by as much as 200%.
Spectre, along with Meltdown, are two extremely severe hardware vulnerabilities that affect Intel, IBM POWER, and some ARM-based processors. While Intel has since implemented hardware mitigations for the vulnerability in newer processors, older ones have to rely on software fixes that come with a performance penalty.
While testing his open source rr debugger, in his older Intel Skylake-equipped Linux laptop, Robert O'Callahan noticed that frequent system calls slowed down execution in user space, the memory that runs user processes and apps.
- Here are the best Linux laptops for running Linux
- Check our roundup of the best Linux distros
- We've put together a list of the best endpoint protection software
“I assumed this was at least partly due to Spectre mitigations so I turned those off (with mitigations=off) and reran the test,” wrote O'Callahan, who immediately noticed a significant improvement in performance.
“So those Spectre mitigations make pre-optimization userspace run 2x slower (due to cache and TLB flushes I guess) and the whole workload overall 1.6x slower! Before Spectre mitigations, those system calls hardly slowed down userspace execution at all."
Performance penalty
It is well known that the software Spectre mitigations put a dent in processor performance, however their impact isn’t linear, as demonstrated by O'Callahan’s tests.
When quizzed by The Register, he reiterated that his tests demonstrate that system-call intensive workloads could experience significant performance hit on older CPUs like Skylake.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
"In my case I was able to rewrite the code to be much less system-call-intensive, but that won't always be possible," O'Callahan explained.
He was, however, quick to add that developers shouldn’t use the performance penalty as an excuse to disable the mitigations for Spectre and Meltdown.
"If you trust all the code running on the system you can turn these mitigations off safely. If you don't (e.g. because you use a web browser and you never know what ad scripts are doing), you should not turn off those mitigations IMHO," he noted, alluding perhaps to the proof-of-concept (PoC) code shared by Google in its bid to help web developers mitigate browser-based side-channel attacks.
- Take a look at these best laptops for business
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.