
Disable Spectre Mitigation for Performance Gain - Chris Titus Tech
video description
Date: 2022-03-20
Related videos
Comments and reviews: 10
Иван
The biggest slowdown is caused by Meltdown mitigation. It is Intel only problem. Meltdown allows a user process to read kernel memory, bypassing protected memory restrictions.
To mitigate it, the kernel memory is completely removed from the user process, that flushes the TLB caches and causes slower performance. Fortunately workloads where switching kernel and userland constantly are fairly rare, but still happen with e.g. databases. The worst slowdown recorded is 30%.
Now, mitigating Spectre is a lot more harder. It allows bypassing buffer overflow checks and reading of all process memory. It could allow javascript from a website to dump all your browser data. The kernel can not fix that, the browsers itself have to be fixed. GCC have come with some extensions to help with that and the kernel uses them.
What the kernel does is prevent leaking of kernel data. Since user processes call kernel functions, they could make these kernel functions read the kernel data for them.
reply
The biggest slowdown is caused by Meltdown mitigation. It is Intel only problem. Meltdown allows a user process to read kernel memory, bypassing protected memory restrictions.
To mitigate it, the kernel memory is completely removed from the user process, that flushes the TLB caches and causes slower performance. Fortunately workloads where switching kernel and userland constantly are fairly rare, but still happen with e.g. databases. The worst slowdown recorded is 30%.
Now, mitigating Spectre is a lot more harder. It allows bypassing buffer overflow checks and reading of all process memory. It could allow javascript from a website to dump all your browser data. The kernel can not fix that, the browsers itself have to be fixed. GCC have come with some extensions to help with that and the kernel uses them.
What the kernel does is prevent leaking of kernel data. Since user processes call kernel functions, they could make these kernel functions read the kernel data for them.
reply
skaltura
You did not see difference because AMD CPU. The big performance plummet is with Intel CPUs as those exploits concerned Intel almost solely.
There is some tiny hint that in theory maybe possibly AMD CPUs might be vulnerable too, so there was some mitigations to be absolutely sure that is not the case, and that is the only reason you are seeing any difference. However, there is no known exploits on AMD CPUs, more a paranoia factor.
Meltdown, Spectre and Spoiler are all about Intel CPUs and concerns in practice only Intel CPUs.
Further, basic computation is not that much affected, it affects I/O functions of the CPU mainly, so those 30% drops you can see with say disk or network access.
reply
You did not see difference because AMD CPU. The big performance plummet is with Intel CPUs as those exploits concerned Intel almost solely.
There is some tiny hint that in theory maybe possibly AMD CPUs might be vulnerable too, so there was some mitigations to be absolutely sure that is not the case, and that is the only reason you are seeing any difference. However, there is no known exploits on AMD CPUs, more a paranoia factor.
Meltdown, Spectre and Spoiler are all about Intel CPUs and concerns in practice only Intel CPUs.
Further, basic computation is not that much affected, it affects I/O functions of the CPU mainly, so those 30% drops you can see with say disk or network access.
reply
Thomas
this was a grate viedo, id did not know you you could disable SSR .... so i tryed it on my main system -raideon R9 -380, intel core 2 quad Q9505 2.8ghz x4- i actually got about 10% boots on cpu benchmark's .... but .. watching my FPS on CPU intensive games i seen no improvement.. CSGO got about 5-10 exstra FPS and stooped my studding issue, i now locked down my issue with that game, on other games i seen no improvement and -starcraft2 keepted locking up on me while i had SSR disabled - wine issues- . and i seen no improvement to file transferring on disk to disk / network FT.. i truly want to thank you for bring this to my attenchen ... good video ..
reply
this was a grate viedo, id did not know you you could disable SSR .... so i tryed it on my main system -raideon R9 -380, intel core 2 quad Q9505 2.8ghz x4- i actually got about 10% boots on cpu benchmark's .... but .. watching my FPS on CPU intensive games i seen no improvement.. CSGO got about 5-10 exstra FPS and stooped my studding issue, i now locked down my issue with that game, on other games i seen no improvement and -starcraft2 keepted locking up on me while i had SSR disabled - wine issues- . and i seen no improvement to file transferring on disk to disk / network FT.. i truly want to thank you for bring this to my attenchen ... good video ..
reply
zebulon
yea amd chips arent being affected. intel cpu's are so if your on a intel cpu disable inspectre and meltdown. and just download a good antivirus that has browser protection. inspectre is highly recommended to disable since xeons are more affected. and if you think about it your still protected regardless because no one cant get access to your pc if you have remote turned off plus if you have a password for your internet so theirs nothing to worry about unless your on a wide open internet connection that anyone can get access to your pc threw the network then yea you put your self at risk more severely
reply
yea amd chips arent being affected. intel cpu's are so if your on a intel cpu disable inspectre and meltdown. and just download a good antivirus that has browser protection. inspectre is highly recommended to disable since xeons are more affected. and if you think about it your still protected regardless because no one cant get access to your pc if you have remote turned off plus if you have a password for your internet so theirs nothing to worry about unless your on a wide open internet connection that anyone can get access to your pc threw the network then yea you put your self at risk more severely
reply
Croft
On AMD processors there is minimal reason to run those patches, they're not susceptible to Meltdown. Spectre, a little more reason. Personally I run my browser in Sandboxie now to give another layer between the browser and the hardware, but I suppose using Spectre could punch through that as it's a hardware thing. There are web based attack vectors for Spectre for instance, so disabling mitigation on vulnerable Intel CPU's is probably less wise.
reply
On AMD processors there is minimal reason to run those patches, they're not susceptible to Meltdown. Spectre, a little more reason. Personally I run my browser in Sandboxie now to give another layer between the browser and the hardware, but I suppose using Spectre could punch through that as it's a hardware thing. There are web based attack vectors for Spectre for instance, so disabling mitigation on vulnerable Intel CPU's is probably less wise.
reply
Ilya
I have an old i7-3770. And I did disable mitigations. For some bechmarks I didn't see any difference (compression benchmarks and cinebench).
But the main difference is in syscall speed. And I have only seen a difference in benchmark. While it is huge, I didn't see any affects of it.
But my friend noticed a huge difference in FUSE performance. He experienced a very low speed on some userspace filesystems.
reply
I have an old i7-3770. And I did disable mitigations. For some bechmarks I didn't see any difference (compression benchmarks and cinebench).
But the main difference is in syscall speed. And I have only seen a difference in benchmark. While it is huge, I didn't see any affects of it.
But my friend noticed a huge difference in FUSE performance. He experienced a very low speed on some userspace filesystems.
reply
thumbwarriordx
I didn't test very extensively but my gains were significantly more than 3%.
I'm normally running the host OS and one VM. The scariest thing Spectre can do from my understanding is hop from VM to host or one VM to another.
But honestly if they're in either one of those environments I'm using all day, I'm already owned with or without spectre.
reply
I didn't test very extensively but my gains were significantly more than 3%.
I'm normally running the host OS and one VM. The scariest thing Spectre can do from my understanding is hop from VM to host or one VM to another.
But honestly if they're in either one of those environments I'm using all day, I'm already owned with or without spectre.
reply
xnonsuchx
I've seen tests done on gaming on both Intel Gen 7/8/9 and AMD Ryzen with and without the patches and the differences were only a couple percent, so it really depends on what you're doing with your PC. I think I saw video encoding (I despise hearing it called -rendering-) hitting more up to 5-6% or so.
reply
I've seen tests done on gaming on both Intel Gen 7/8/9 and AMD Ryzen with and without the patches and the differences were only a couple percent, so it really depends on what you're doing with your PC. I think I saw video encoding (I despise hearing it called -rendering-) hitting more up to 5-6% or so.
reply
Peter
Chris, opposite to you I like it that you only have a 2-3% performance gain with these patches disabled. It means that AMD does a good job on security (most certainly compared to Intel) and that you don't loose a lot of performance with these patches. I am in the market for a nice Ryzen 3--- CPU in July.
reply
Chris, opposite to you I like it that you only have a 2-3% performance gain with these patches disabled. It means that AMD does a good job on security (most certainly compared to Intel) and that you don't loose a lot of performance with these patches. I am in the market for a nice Ryzen 3--- CPU in July.
reply
Judas
I didn't get any noticeable performance improvement at all when I added that to my grub on my i7-4770k - 4.5 GHz.
The scores on sysbench are always around 2550-2560 with or without the commands in grub.
I ran -sysbench --test=cpu --cpu-max-prime=25000 --threads=8 run- to get this result.
reply
I didn't get any noticeable performance improvement at all when I added that to my grub on my i7-4770k - 4.5 GHz.
The scores on sysbench are always around 2550-2560 with or without the commands in grub.
I ran -sysbench --test=cpu --cpu-max-prime=25000 --threads=8 run- to get this result.
reply
Add a review, comment
Other channel videos















