Linux 4.20 is Running Slower Than 4.19 On Intel CPUs (phoronix.com) 137
Freshly Exhumed writes: An intentional kernel change in Linux kernel 4.20 for enhanced Spectre mitigation is unfortunately causing Intel Linux performance to be much slower than with 4.19. That change is 'STIBP' (Single Thread Indirect Branch Predictors), which allows for preventing cross-hyperthread control of decisions that are made by indirect branch predictors. It affects Intel systems that have up-to-date microcode and CPU Hyper Threading enabled. Phoronix gives the evidence.
Re:Opps (Score:5, Insightful)
No. 4.19 was insecure, but faster. 4.20 is more secure, but slower. So? If I store my passwords in plain-text it's faster. Faster still if I don't have to do a DB lookup and just hard code some that I need.
4.20 is better. The performance penalty is the cost of better security in almost all computer operations (often negligible due to faster and faster chips). Because of hardware advancements though, it's most of the time a very worthwhile tradeoff. If your application suffers that much, size up the gear.
Re: (Score:2)
Most of the responses to this article are "AMD" so I don't need to say it. But I will anyway. AMD.
Re: Opps (Score:5, Interesting)
Ryzenfall and related vulnerabilities still haven't been fixed
Ryzenfall is a PR exploit [wikipedia.org] not a serious vulnerability, it requires physical access.
Investigators uncovered an article by Viceroy Research condemning AMD on the exploit and noted how the article was published less than half an hour after the exploits were revealed. Given the polish of the article which appears to be written many days in advance, and wording of the article which suggests that it is financially motivated, many were quick to accuse the exploit as a smear campaign engineered by Viceroy to short-sell AMD's stocks.
Meanwhile, Intel still has major issues with Meltdown, which is much more serious than Spectre because Meltdown breaks the veil between user and kernel, while Spectre is a process/process leak, much easier to address at the OS level. With fresh new Meltdown exploits demonstrated, Intel is still very much in the hot seat and AMD is the more secure processor.
Re: (Score:2)
And possibly other situations, not in the cloud.
Re: Opps (Score:3, Interesting)
It's only worthwhile in some situations.
I manage around 15,000 hypervisors which have VMs that don't ever run untrusted or arbitrary code, they aren't internet connected, etc. A 10% performance hit means millions of dollars of additional compute and network infrastructure.
And don't tell me to use AMD either, the price vs. Performance ends up being more costly at the scale and density we require.... and that's pretending we could swap existing servers out for no cost.
Re: Opps (Score:1)
Newer Intel chips don't even come with hyperthreads anymore due to Spectre. If you disable HT on your servers you won't take the performance hit.
Re: (Score:2)
HT is itself a feature designed to improve performance... If you disable it, then you lose any performance benefits it provided.
Wether it provides a performance benefit depends on your workload, it allows the processor to work on another thread if your code stalls the pipeline, but if your code is properly optimized for the processor then it wont stall the pipeline...
Re: (Score:1)
"(often negligible due to faster and faster chips)"
I can tell you don't program. Most code is so bloated now days that what once would've only needed an 8088 to run now at minimum needs a 233MHz Pentium II to do the same thing.
YOUR FUCIKING CODE SUCKS, PROGRAMMERS. Get back to making it SMALL so these security bugs are far less prevalent.
Re: (Score:3)
Give it a break (Score:5, Funny)
Four Twenty? (Score:5, Funny)
Re: Four Twenty? (Score:1)
Funding secured.
Re: (Score:3)
Funding secured.
A spectre of a deal!
Re:Disableable? (Score:5, Informative)
Linux 4.20 man! (Score:1)
This is intels problem (Score:5, Insightful)
Linux kernel doesn't let your insecure and sloppy design do things that compromise the security of the OS. Sounds like a feature to me.
Re: (Score:2)
To an extent, I'm willing to grant that. So, what sucks less than Linux?
Re: (Score:2)
Uhhhh....
Non-POSIX, apparently not compatible with anything else, almost no documentation I could find, no evidence of usable apps (if there is an office suite, web browser or email client for it there was no mention of them that I could find), development environment centered around assembly language...
Pass.
Re: (Score:2)
Re: (Score:2)
Let's see here. We'll give people a choice between an immediate, measurable advantage and an advantage they won't see until the failure hits. Gee, I wonder which one everyone will choose, and then get hacked for.
Re: (Score:1)
It wouldn't be fast and slow mode, it would be not intentionally left insecure and swiss cheese mode.
Intel? (Score:1)
Re: (Score:3, Insightful)
Remember how Jeff Bezos just recently said that once Amazon stopped focusing on customers, it was going to be the beginning of the end of Amazon? Intel stopped focusing on customers the moment it knowingly sacrificed security to maintain its near-monopoly on CPU's. While AMD has some issues with its chips, those issues pale in comparison to the wholesale don't-give-a-shit practiced by Intel.
I hope Intel has a huge, massively expensive decline.
Re: (Score:1)
Re: (Score:3)
Remember how Jeff Bezos just recently said that once Amazon stopped focusing on customers, it was going to be the beginning of the end of Amazon? Intel stopped focusing on customers the moment it knowingly sacrificed security to maintain its near-monopoly on CPU's. While AMD has some issues with its chips, those issues pale in comparison to the wholesale don't-give-a-shit practiced by Intel.
And by "knowingly" you mean Intel did this on purpose? They can be dirty as hell doing damage control, but creating Meltdown/Spectre wasn't a conscious plan or at least then I'd really like to see your documentation that security was intentionally sacrificed. And as far as I know they're not making any significant revenue on anything other than selling CPUs, they're not in the data mining business nor to they take a cut of all applications running on an Intel nor are they selling your data to third parties.
Re: (Score:3)
I'd really like to see your documentation that security was intentionally sacrificed.
I submit the design as documentation. They do the security check after the memory access. That can only have been a deliberate decision.
Re: (Score:3)
I hope Intel has a huge, massively expensive decline.
I hope that Intel becomes a better company with better products and that when the dust settles they will share the x86 market roughly equally with AMD. No dirty tricks now, Intel.
Re:Intel? (Score:5, Insightful)
Re:Intel? (Score:5, Funny)
Re: (Score:3)
When you start a program under X, it runs in a Window. You can have multiple Windows on your desktop, each with a different program running independently of each other.
It's even possible to do it in a console, with text mode programs. It's how I was first introduced to Windows on an Apple II.
Re: (Score:2)
Got a couple of laptops still running Intel. My next laptop will for sure be AMD. [videocardz.com]
Re: (Score:2)
Who still runs Linux on Intel CPUs?
Thinkpad owners.
OTOH, CentOS is on 3.x kernels still anyways.
Re: (Score:2)
Who the hell would run CENTOS on a laptop?? And why??!?!?
Re: (Score:3, Informative)
You *can* have both secure and faster... with AMD.
AMD for the WIN!! will apple move mac pro over? (Score:5, Interesting)
AMD for the WIN!! will apple move mac pro over?
Re: (Score:1)
420 running slower? Dude, WHO COULD HAVE KNOWN? (Score:3)
Yeah, it doesn't make sense at all. ;)
Solution is simple (Score:5, Interesting)
Re: (Score:1)
I see you cannot be bothered to share with us how to easily disable this patch with a command line argument. I'm going to bet it's because it's not as easy to disable as you make it seem.
But we wouldn't want to bother you with your amazing data center that has good security because you just paid to fix the problem with hardware. That's senior management thinking right there, Gerry!
Re:Solution is simple (Score:5, Informative)
pti=off spectre_v2=off l1tf=off nospec_store_bypass_disable no_stf_barrier
Re: (Score:2)
why did the boot argument had to be so complicated? i would have named it disable_STIBP or even disable_spectre_fix
Re: (Score:2)
Just wait until boot arguments are considered obsolete like traceroute for example. This will get merged into systemd and you will have to issue the commands at shutdown instead of at boot time.
Abandon systemd? (Score:2)
So, abandon systemd? There is nearly a hundred distros NOT using it, what are you waiting for? http://without-systemd.org/ [without-systemd.org]
Re: (Score:2)
#Hashtags are for people that don't belong on this site.
Intel got that speed from _somewhere_ (Score:5, Insightful)
There is now a price to pay. Not really a surprise.
Re: (Score:2)
It's surprising to know the world is full of trade-offs. I happily pay the price knowing that the speed is far more important than the incredibly low risk that this security issue could be exploited against me. There's a reason that pretty much every specter and meltdown mitigation has been optional.
Requires hyper threading. (Score:5, Interesting)
Re: (Score:2)
Or you could disable HT in the bios. Still sucks.
Better title (Score:1)
Intel CPUs performance suffers for its bug mitigation in linux kernel 4.20.
Re: (Score:2)
Mod parent up.
This isn't a "Linux 4.20" problem, this is Intel's fault.
But why? (Score:1)
Google? (Score:3)
I thought Google had figured out a patch to circumvent this at the OS level that had negligible impact on performance?
Re: (Score:1)
They did. The problem is that it only works for one of many vulnerabilities. And this week we've got 7 more for Intel.
FAIL (Score:2)
TempleOS FTW
spectre (Score:2)
further spectre mitigation code is causing these slow down issues.
it's discussed in a follow up phoronix article.
Re:The PRICE We Pay For NICE Linus (Score:4, Insightful)
BRING BACK MEAN LINUS
Re: The PRICE We Pay For NICE Linus (Score:4)
Re: (Score:1)
Re: (Score:2)
pre-USADA Linus was the GOAT, like Ken Shamrock with faster fingers.
Re: (Score:2, Offtopic)
Seriously, you might think you're so cool by annoying the other users but I for one am concerned for your health. Do you need medication or some other kind of help? It isn't normal to paste that stuff into every article.
Re: (Score:1)
Re: IMPERSONATING ME AGAIN? apk (Score:1)
I've always kinda thought of him as "He who shall not be named" because as soon as you type the letters A...P...K.
See the comments below