Keeping your CPU safe from Spectre imposes serious performance penalty

Spectre and meldown
(Image credit: Graz University of Technology)

While conducting performance tests, a developer discovered that Spectre mitigations slowed his code by as much as 200%.

Spectre, along with Meltdown, are two extremely severe hardware vulnerabilities that affect Intel, IBM POWER, and some ARM-based processors. While Intel has since implemented hardware mitigations for the vulnerability in newer processors, older ones have to rely on software fixes that come with a performance penalty.

While testing his open source rr debugger, in his older Intel Skylake-equipped Linux laptop, Robert O'Callahan noticed that frequent system calls slowed down execution in user space, the memory that runs user processes and apps. 

“I assumed this was at least partly due to Spectre mitigations so I turned those off (with mitigations=off) and reran the test,” wrote O'Callahan, who immediately noticed a significant improvement in performance.

“So those Spectre mitigations make pre-optimization userspace run 2x slower (due to cache and TLB flushes I guess) and the whole workload overall 1.6x slower! Before Spectre mitigations, those system calls hardly slowed down userspace execution at all."

Performance penalty

It is well known that the software Spectre mitigations put a dent in processor performance, however their impact isn’t linear, as demonstrated by O'Callahan’s tests.

When quizzed by The Register, he reiterated that his tests demonstrate that system-call intensive workloads could experience significant performance hit on older CPUs like Skylake. 

"In my case I was able to rewrite the code to be much less system-call-intensive, but that won't always be possible," O'Callahan explained.

He was, however, quick to add that developers shouldn’t use the performance penalty as an excuse to disable the mitigations for Spectre and Meltdown.

"If you trust all the code running on the system you can turn these mitigations off safely. If you don't (e.g. because you use a web browser and you never know what ad scripts are doing), you should not turn off those mitigations IMHO," he noted, alluding perhaps to the proof-of-concept (PoC) code shared by Google in its bid to help web developers mitigate browser-based side-channel attacks.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.