While conducting performance tests, a developer discovered that Spectre mitigations (opens in new tab) slowed his code by as much as 200%.
Spectre, along with Meltdown, are two extremely severe hardware vulnerabilities that affect Intel, IBM POWER, and some ARM-based processors (opens in new tab). While Intel has since implemented hardware mitigations for the vulnerability in newer processors, older ones have to rely on software fixes that come with a performance penalty.
While testing his open source (opens in new tab) rr debugger, in his older Intel Skylake-equipped Linux laptop (opens in new tab), Robert O'Callahan noticed that frequent system calls slowed down execution in user space, the memory that runs user processes and apps.
- Here are the best Linux laptops (opens in new tab) for running Linux
- Check our roundup of the best Linux distros (opens in new tab)
- We've put together a list of the best endpoint protection (opens in new tab) software
“I assumed this was at least partly due to Spectre mitigations so I turned those off (with mitigations=off) and reran the test,” wrote O'Callahan (opens in new tab), who immediately noticed a significant improvement in performance.
“So those Spectre mitigations make pre-optimization userspace run 2x slower (due to cache and TLB flushes I guess) and the whole workload overall 1.6x slower! Before Spectre mitigations, those system calls hardly slowed down userspace execution at all."
Performance penalty
It is well known that the software Spectre mitigations put a dent in processor performance, however their impact isn’t linear, as demonstrated by O'Callahan’s tests.
When quizzed by The Register (opens in new tab), he reiterated that his tests demonstrate that system-call intensive workloads could experience significant performance hit on older CPUs like Skylake.
"In my case I was able to rewrite the code to be much less system-call-intensive, but that won't always be possible," O'Callahan explained.
He was, however, quick to add that developers shouldn’t use the performance penalty as an excuse to disable the mitigations for Spectre and Meltdown.
"If you trust all the code running on the system you can turn these mitigations off safely. If you don't (e.g. because you use a web browser (opens in new tab) and you never know what ad scripts are doing), you should not turn off those mitigations IMHO," he noted, alluding perhaps to the proof-of-concept (PoC) code shared by Google in its bid to help web developers (opens in new tab) mitigate browser-based side-channel attacks (opens in new tab).
- Take a look at these best laptops for business (opens in new tab)