Re: [regression/bisected] Add IBPB decreases performance in two times

From: Mikhail Gavrilov
Date: Sun Aug 13 2023 - 05:17:43 EST


On Sun, Aug 13, 2023 at 1:24 PM Borislav Petkov <bp@xxxxxxxxx> wrote:
>
> What do you have on your kernel command line?

log_buf_len=16M sysrq_always_enabled=1 nmi_watchdog=1
amdgpu.lockup_timeout=-1,-1,-1,-1 amdgpu.aspm=0
crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M

> What does
>
> grep -r . /sys/devices/system/cpu/vulnerabilities/
>
> say?

Attached as [vulnerabilities.txt]

>
> Please send a full dmesg, privately is fine too.
>

Attached as [dmesg.zip]

> If the bisection points to this patch, then it sounds like you have IBPB
> enabled as SRSO mitigation which is the heaviest one.
>
> The default one - safe RET - should be a lot better.
>
> > Maybe it is possible to find another approach for solving security
> > issue without slowing down?
>
> Yeah, magic. :-)
>
> > If not, then provide an option to turn off this slowdown.
>
> spec_rstack_overflow=off

Thanks, I checked this and it works!

--
Best Regards,
Mike Gavrilov.
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Enhanced / Automatic IBRS, IBPB: conditional, STIBP: always-on, RSB filling, PBRSB-eIBRS: Not affected
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/gather_data_sampling:Not affected
/sys/devices/system/cpu/vulnerabilities/retbleed:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow:Mitigation: safe RET, no microcode
/sys/devices/system/cpu/vulnerabilities/srbds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected

Attachment: dmesg.zip
Description: Zip archive