| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <DC6LOWXFIPGQ.1RKZL23ZW0J73@google.com> Date: Tue, 19 Aug 2025 18:03:26 +0000 From: Brendan Jackman <jackmanb@...gle.com> To: Brendan Jackman <jackmanb@...gle.com>, <peterz@...radead.org>, <bp@...en8.de>, <dave.hansen@...ux.intel.com>, <mingo@...hat.com>, <tglx@...utronix.de> Cc: <akpm@...ux-foundation.org>, <david@...hat.com>, <derkling@...gle.com>, <junaids@...gle.com>, <linux-kernel@...r.kernel.org>, <linux-mm@...ck.org>, <reijiw@...gle.com>, <rientjes@...gle.com>, <rppt@...nel.org>, <vbabka@...e.cz>, <x86@...nel.org>, <yosry.ahmed@...ux.dev> Subject: Re: [Discuss] First steps for ASI (ASI is fast again) On Tue Aug 12, 2025 at 5:31 PM UTC, Brendan Jackman wrote: > .:: Performance > Native FIO randread IOPS on tmpfs (this is where the 70% perf degradation was): > +---------+---------+-----------+---------+-----------+---------------+ > | variant | samples | mean | min | max | delta mean | > +---------+---------+-----------+---------+-----------+---------------+ > | asi-off | 10 | 1,003,102 | 981,813 | 1,036,142 | | > | asi-on | 10 | 871,928 | 848,362 | 885,622 | -13.1% | > +---------+---------+-----------+---------+-----------+---------------+ > > Native kernel compilation time: > +---------+---------+--------+--------+--------+-------------+ > | variant | samples | mean | min | max | delta mean | > +---------+---------+--------+--------+--------+-------------+ > | asi-off | 3 | 34.84s | 34.42s | 35.31s | | > | asi-on | 3 | 37.50s | 37.39s | 37.58s | 7.6% | > +---------+---------+--------+--------+--------+-------------+ > > Kernel compilation in a guest VM: > +---------+---------+--------+--------+--------+-------------+ > | variant | samples | mean | min | max | delta mean | > +---------+---------+--------+--------+--------+-------------+ > | asi-off | 3 | 52.73s | 52.41s | 53.15s | | > | asi-on | 3 | 55.80s | 55.51s | 56.06s | 5.8% | > +---------+---------+--------+--------+--------+-------------+ > > Despite my title these numbers are kinda disappointing to be honest, it's not > where I wanted to be by now, but it's still an order-of-magnitude better than > where we were for native FIO a few months ago. Some people have pointed out that I'm treating ASI pretty harshly, I'm comparing mitigations=off vs ASI, while the "real" alternative to ASI is whatever the kernel would do by default if we knew about the vulns on this CPU. We don't know about that so I can't do the exact comparison, but I can at least repeat my compilation experiment on Skylake, without ASI, comparing mitigations=off vs the default: +-----------------+---------+--------+--------+--------+------------+ | variant | samples | mean | min | max | delta mean | +-----------------+---------+--------+--------+--------+------------+ | baseline | 6 | 54.15s | 53.94s | 54.36s | | | mitigations-off | 6 | 46.53s | 46.37s | 46.71s | -14.2% | +-----------------+---------+--------+--------+--------+------------+ So that's pretty comparable to my ASI results above. (I'd love to just run ASI on Skylake and show you those numbers and go "look, it's faster than the default", but the implementation I've posted doesn't actually secure a Skylake box, we'll need to add more flushes and stuff. So that would be unfair in the other direction). Anyway, I'm gonna crack on with preparing a [PATCH] series now...
Powered by blists - more mailing lists