[afnog] Security Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign
Loganaden Velvindron
logan at hackers.mu
Thu Jan 4 16:55:47 UTC 2018
On Thu, Jan 4, 2018 at 5:27 PM, Patrick Lufundisu <patrickluf at gmail.com> wrote:
> Hi All,
>
> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
> https://security.googleblog.com/
> https://meltdownattack.com/
>
> Happy new year 2018
>
We've been looking into doing some benchmarks such as Linux kernel
compilation with KPTI enabled. We are getting a 5% performance hit
[0]:
There have been a lot of people quoting figures about the #Meltdown
and #spectre issues on the internet. At hackers.mu, we decided to
benchmark the latest patches in Linux kernel 4.11, on Void Linux. We
use VoidLinux to avoid relying on systemd :)
Our spec machine:
CPU: Intel(R) Core(TM) i5–4460 CPU @ 3.20GHz (Haswell)
VoidLinux 4.14.11_1 #1 SMP PREEMPT Wed Jan 3 16:59:01 UTC 2018 x86_64 GNU/Linux
RAM: 32GB RAM
SSD: Samsung Evo 850 250GB
compiling linux kernel using make -j8.
Time taken:
real 30m59.314s
user 106m11.840s
sys 10m51.330s
Now with Linux kernel 4.11.8.
Kernel compilation:
real 29m13.027s
user 103m42.483s
sys 9m49.468s
Conclusion:
For kernel compilation, we are hitting a performance penalty of : 5%,
with KPTI on my Intel haswell CPU.
[I would suggest people run their benchmarks on development physical
machines to quantify performance hit and how much they need to budget
to compensate for the performance hit. You can check if it's enabled
on your linux kernel using dmesg: sudo dmesg | grep -i isolation
[ 0.000000] Kernel/User page tables isolation: enabled]
]
[0]: https://medium.com/@loganaden/linux-kpti-performance-hit-on-real-workloads-8da185482df3
More information about the afnog
mailing list