Re: [PATCH v4 1/5] x86/bugs: Only harden syscalls when needed

[Yujie Liu]

On Fri, Apr 19, 2024 at 02:09:47PM -0700, Josh Poimboeuf wrote:
> Syscall hardening (converting the syscall indirect branch to a series of
> direct branches) has shown some performance regressions:
>
> - Red Hat internal testing showed up to 12% slowdowns in database
>   benchmark testing on Sapphire Rapids when the DB was stressed with 80+
>   users to cause contention.
>
> - The kernel test robot's will-it-scale benchmarks showed significant
>   regressions on Skylake with IBRS:
>   https://lkml.kernel.org/lkml/202404191333.178a0eed-yujie.liu@xxxxxxxxx

To clarify, we reported a +1.4% improvement (not regression) of
will-it-scale futex4 benchmark on Skylake. Meanwhile we did observe some
regressions by running other benchmarks on Ice Lake, such as:

    stress-ng.null.ops_per_sec -4.0% regression on Intel Xeon Gold 6346 (Ice Lake)
    unixbench.fsbuffer.throughput -1.4% regression on Intel Xeon Gold 6346 (Ice Lake)

>
> To fix those slowdowns, only use the syscall direct branches when
> indirect branches are considered to be "not OK": meaning Spectre v2+BHI
> isn't mitigated by HW and the user hasn't disabled mitigations.