On 4/10/19 10:02 AM, Jiri Slaby wrote:
On 10. 04. 19, 1:46, Michael Pujos wrote:
And maybe an indication that there may be a performance issue with spectre v2 mitigation only in TW. We do also IBRS, others AFAIK don't.
What's in your /sys/devices/system/cpu/vulnerabilities/spectre_v2 ?
thanks,
Mitigation: Indirect Branch Restricted Speculation, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling Fedora 30 has spectre v2 mitigation enabled by default, but it does not affect single core performance. Here's the relevant differences in spectre-meltdown-checker.sh output (I posted the ful output in first post) for stock kernel (no parameter) in both cases. This confirms TW using IBRS vs Fedora not using it. In my opinion, that 20% performace loss in single-core by default (apparently caused by IBRS) is unacceptable. I did not buy a powerful laptop to see its performance reduced so much. And it will make TW look bad in benchmarks. SOmething should be done about it. --------- Tumbleweed: CVE-2017-5715 aka 'Spectre Variant 2, branch target injection' * Mitigated according to the /sys interface: YES (Mitigation: Indirect Branch Restricted Speculation, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling) * Mitigation 1 * Kernel is compiled with IBRS support: YES * IBRS enabled and active: YES (for kernel and firmware code) * Kernel is compiled with IBPB support: YES * IBPB enabled and active: YES * Mitigation 2 * Kernel has branch predictor hardening (arm): NO * Kernel compiled with retpoline option: YES * Kernel supports RSB filling: YES
STATUS: NOT VULNERABLE (IBRS + IBPB are mitigating the vulnerability)
--------- Fedora: CVE-2017-5715 aka 'Spectre Variant 2, branch target injection' * Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling) * Mitigation 1 * Kernel is compiled with IBRS support: YES * IBRS enabled and active: YES (for kernel and firmware code) * Kernel is compiled with IBPB support: YES * IBPB enabled and active: YES * Mitigation 2 * Kernel has branch predictor hardening (arm): NO * Kernel compiled with retpoline option: YES * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation) * Kernel supports RSB filling: YES
STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org