You are not logged in.

#1 2018-03-25 17:59:01

jamdox
Member
Registered: 2015-05-02
Posts: 46

Disable Spectre/Meltdown mitigations on Atom D525

My server is running the current linux-hardened; it's an Atom D525 from 2010 and it can hardly afford the IO hits from these patches.  Fortunately, it's an in-order design and, per Intel, isn't affected by Spectre and Meltdown.  Preemptive edit: before the screeching, here it is:

jamdox at atombox in ~
$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Not affected

Reading some recent Phoronix benchmarks, it seems that there are ways to disable the Spectre and Meltdown mitigations.  I would like to do so but haven't found anything in the wiki or forums on it. 

Here's what Michael wrote:

https://www.phoronix.com/scan.php?page=article&item=spectre-melt-os&num=1 wrote:

Both the daily snapshot of Ubuntu 18.04 LTS and Clear Linux have Kernel Page Table Isolation (KPTI) for Meltdown protection and full generic Retpoline support for Spectre Variant Two. Clear Linux was included alongside Ubuntu 18.04 LTS since from our tests it has generally delivered the fastest out-of-the-box performance among major Linux distributions and with it being developed by Intel has been known to carry some backports from time to time in areas like this KPTI/Retpoline optimizations. Spectre Variant Two can still be toggled via the spectre_v2=off kernel command-line parameter while KPTI can be disabled with the nopti kernel parameter. There is also __user pointer sanitization for Spectre Variant One but that cannot be easily toggled at runtime on the upstream Linux kernel.

I'd like some help parsing this.  Is there a difference between "kernel command-line parameter" and "kernel parameter"?  Or can I just add both to my GRUB config as above?  And what can I do for Spectre var. 1?  Or rather, what's going on with it?  Thanks.

Offline

#2 2018-03-25 18:12:11

loqs
Member
Registered: 2014-03-06
Posts: 17,196

Re: Disable Spectre/Meltdown mitigations on Atom D525

As your output shows the kernel is not applying mitigation for spectre v2 or meltdown so why do you think adding a parameter to disable mitigation that are not enabled is required?

Offline

#3 2018-03-25 18:14:18

jamdox
Member
Registered: 2015-05-02
Posts: 46

Re: Disable Spectre/Meltdown mitigations on Atom D525

Is that what it shows?  I'm under the impression that these patches are enabled by default with whitelisting coming sometime in 4.16.

Offline

#4 2018-03-25 18:27:42

loqs
Member
Registered: 2014-03-06
Posts: 17,196

Re: Disable Spectre/Meltdown mitigations on Atom D525

https://git.kernel.org/pub/scm/linux/ke … 15.13#n230 auto check for v2
https://git.kernel.org/pub/scm/linux/ke … .15.13#n99 auto check for meltdown
v1 is always enabled and I do not think there is any way to disable it

Offline

#5 2018-03-25 19:12:41

jamdox
Member
Registered: 2015-05-02
Posts: 46

Re: Disable Spectre/Meltdown mitigations on Atom D525

Could the v1 mitigations be causing my observed slowdown?  Things seem significantly slower and less stable (programs freezing) since the patches were introduced.

Also, it looks like those functions call a "boot_cpu_has_bug" function, but I don't actually know how that is defined, or if it's just a placeholder that always returns true.  It doesn't look like you can search for text on the kernel repo???

Last edited by jamdox (2018-03-25 19:16:06)

Offline

#6 2018-03-25 19:40:49

loqs
Member
Registered: 2014-03-06
Posts: 17,196

Re: Disable Spectre/Meltdown mitigations on Atom D525

https://git.kernel.org/pub/scm/linux/ke … 15.13#n211 definition for boot_cpu_has_bug and cpu_has_bug
https://git.kernel.org/pub/scm/linux/ke … 15.13#n985 if CPU matches cpu_no_speculation then the bug bits will not be set
https://git.kernel.org/pub/scm/linux/ke … 15.13#n903 the array of x86 CPU's without speculation
https://git.kernel.org/pub/scm/linux/ke … 15.13#n317 if boot_cpu_has_bug was true then the output would not be "Not affected"
Edit:
I do not know if the v1 mitigation could cause those symptoms but I am doubtful.  As you CPU does not have speculation it should not experience the slowdown from the V1 speculation trap.
Edi2:
When a program "freezes" does it unfreeze after a period of time or does it remain permanently frozen?  Can this happen to any program?

Last edited by loqs (2018-03-25 19:50:06)

Offline

#7 2018-03-25 19:49:42

Gusar
Member
Registered: 2009-08-25
Posts: 3,605

Re: Disable Spectre/Meltdown mitigations on Atom D525

v1 mitigation does not have any performance penalty, that's why they didn't bother with an off switch. It's not active on your CPU anyway, none of the mitigations are.

If you really think this stuff is causing problems, even though it shouldn't even be active on your CPU, the only way to know for sure is to compile your own kernel with this stuff deactivated.

Offline

#8 2018-03-25 19:58:41

loqs
Member
Registered: 2014-03-06
Posts: 17,196

Re: Disable Spectre/Meltdown mitigations on Atom D525

Gusar wrote:

v1 mitigation does not have any performance penalty, that's why they didn't bother with an off switch. It's not active on your CPU anyway, none of the mitigations are.

Gusar that seems to be self contradictory if there is no off switch then it is always on,  if it is always on it will be active on all CPU's.
https://patchwork.kernel.org/patch/10176655/ does not seem to contain run time detection if it is needed or a compile time disable option.
edit:
grammar on it instead of it it

Last edited by loqs (2018-03-25 19:59:24)

Offline

#9 2018-03-25 21:03:41

jamdox
Member
Registered: 2015-05-02
Posts: 46

Re: Disable Spectre/Meltdown mitigations on Atom D525

Thanks loqs.  I'm curious how you searched that kernel repo?

Gusar: my system isn't such a controlled environment, I just noticed things that had been stable started freezing over the last couple weeks.  I guess I need to find a different culprit, or just try alternative programs...  could using linux-hardened be causing issues?

Offline

#10 2018-03-25 21:41:36

loqs
Member
Registered: 2014-03-06
Posts: 17,196

Re: Disable Spectre/Meltdown mitigations on Atom D525

I use a combination of:
https://elixir.bootlin.com/linux/v4.15. … pu_has_bug (a web search for many kernel functions will return this site as the first result)
https://github.com/torvalds/linux (searchable source code)
https://cateee.net/lkddb/web-lkddb/PAGE … ATION.html (a web search for kernel config options often returns results from this site)
Edit:
Example of a recent conversion to v1 safe
https://git.kernel.org/pub/scm/linux/ke … 83e62224da
https://elixir.bootlin.com/linux/latest … spec.h#L47

Last edited by loqs (2018-03-25 22:52:32)

Offline

#11 2018-03-26 13:52:53

Gusar
Member
Registered: 2009-08-25
Posts: 3,605

Re: Disable Spectre/Meltdown mitigations on Atom D525

loqs wrote:

that seems to be self contradictory if there is no off switch then it is always on,  if it is always on it will be active on all CPU's.

Not at all. No off switch just means you can't turn it off if it's active, but the kernel might not activate it in the first place, depending on some criteria.

@jamdox: linux-hardened could definitely have an effect on application behavior.

Offline

#12 2019-05-17 23:39:41

4internetanonymity
Member
Registered: 2009-07-09
Posts: 56

Re: Disable Spectre/Meltdown mitigations on Atom D525

Did this get figured out? Curious about Arch's linux-hardened & the CPU vulnerability mitigations.

Offline

#13 2019-05-18 17:17:28

Head_on_a_Stick
Member
From: London
Registered: 2014-02-20
Posts: 7,680
Website

Re: Disable Spectre/Meltdown mitigations on Atom D525

Offline

#14 2019-05-18 17:27:33

ugjka
Member
From: Latvia
Registered: 2014-04-01
Posts: 1,794
Website

Re: Disable Spectre/Meltdown mitigations on Atom D525

Head_on_a_Stick wrote:

Unfortunately that's what i need to play HD videos in FF without hickups


https://ugjka.net
paru > yay | webcord > discord
pacman -S spotify-launcher
mount /dev/disk/by-...

Offline

#15 2019-05-18 17:45:44

loqs
Member
Registered: 2014-03-06
Posts: 17,196

Re: Disable Spectre/Meltdown mitigations on Atom D525

noibrs noibpb

Only used by none mainlined patches

nospectre_v1 no_stf_barrier 

Only available / used on ppc [1] [2]

mitigations=off

available in 5.1.2,  5.0.16,  4.19.43
Edit:
mitigations=off on x86 is currently equivalent to nopti nospectre_v2 spectre_v2_user=off spec_store_bypass_disable=off l1tf=off [3]
@4internetanonymity Did what exactly get figured out?  You can see the commits linux-hardened adds to linux-stable in the repository https://github.com/anthraxx/linux-hardened

[1] https://git.kernel.org/pub/scm/linux/ke … v5.1#n2872
[2] https://git.kernel.org/pub/scm/linux/ke … 75317ab938
[3] https://git.kernel.org/pub/scm/linux/ke … b520fec429

Last edited by loqs (2019-05-18 19:01:16)

Offline

Board footer

Powered by FluxBB