> I did manage to pull out an old Lenovo ThinkPad W510 with an Intel Core i7 720QM Clarksfield that is from 2009 and lacks PCID but is affected by this cpu_insecure issue.
> On that old Clarksfield-era ThinkPad I wasn't going to be surprised if the performance was disastrous, but it wound up being better than I had anticipated given all the ongoing drama... In general purpose workloads there was no reportable performance difference in our frequent benchmark test cases. Under I/O, the PTI-using kernel did yield some slower results but not by the margins seen on the newer systems with faster storage. The laptop consumer-grade HDD in this laptop appeared to be the main bottleneck and kernel inefficiencies weren't causing as dramatic slowdowns.
> To some surprise, when carrying out network benchmarks with netperf/iperf3, in at least those contexts PTI didn't have a noticeable impact on the network throughput performance.
Can anyone confirm that the way to identify if a linux system has pcid support is to check /proc/cpuinfo? Or is that merely to identify if the hw supports it, independent of the kernel support?
I checked two ubuntu servers, one 14.04, the other 16.04, both have it. Which seems odd given the claim that it's only been added recently to the kernel.
Also I see nothing showing up in dmesg, no config option and no proc interface on any system.
It seems to be a double win for bare metal machines. They always have PCID and they're less at risk in the first place since they don't share the hardware.
Someone please correct me if I am incorrect, but that would be any mainstream linux not using the 4.14 kernel. Redhat, CentOS, Suse at least. Looks like CoreOS that is on 4.14 is on a minor release just prior to the PCID patch.
It looks like Ubuntu 18 Bionic Beaver may have it. (4.15) I suppose some folks use Ubuntu in a datacenter, but more likely the LTS releases and 18 is not likely in many production datacenters.
Can you confirm that Redhat backported that newer PCID code into the 3.10 kernel branch? If so, people should not be seeing a performance hit on the KPTI patch.
Ah, I didn't realize Linux was so behind in supporting PCID here. Thanks! For what it's worth, Fedora Linux is on kernel 4.14.11 already.
Curiously enough, FreeBSD has had PCID support since 2013 (r255060). We found it improved performance in microbenchmarks:
> In the microbenchmarks, using the PCID decreased latency of the context switches by ~30% on SandyBridge class desktop CPUs, measured with the lat_ctx program from lmbench.
> If available, use INVPCID instruction when a TLB entry in non-current address space needs to be invalidated. The instruction is typically available on the Haswell.
You're welcome! We were trying to unravel that post about PCID as well.
It appears the first PCID code was merged in 4.14.12 so you will probably have that in the coming days / weeks. CoreOS is also 4.14.11.
For those on LTS releases, we may have to venture into uncharted waters. The first that came to mind was elrepo.org, as they apply some of the same build options that Redhat uses against the latest upstream. Their kernel packages are meant to provide support for newer laptop hardware...
ASID is not an instruction. It's basically an attribute in how MMU tables are set up. Processes usually get different ASIDs from each other and all their MMU pages are tagged with it.
The individual MMU pages aren't tagged with ASIDs, it's more like you have N page table root pointers in hardware, and rather than saying "this is the current root pointer", you say "this is the root pointer for ASID N, and separate from that this is the current ASID".
Yes. There is still variety, though. On PowerPC, for example, there is the concept of segments.
On 32bit systems, the address space is divided into 16 segments of 256MB each. Each of them has a privileged register that can be setup in different ways (e.g. half could be per-process, half machine-wide). The 4 bits from the segment ID eventually map to a 24 bit value (or trigger a protection violation if e.g. the page is kernel-only), so that the original 32bit address becomes a 32 - 4 + 24 = 52 bit virtual address. The MMU, then will look up the higher order bits in the address to convert from 52bit virtual addresses to actual 32bit physical addresses. The virtual address space is larger because in theory you could have processes with completely disjoint addressing (up to 1 million of 4GB each, i.e. 4PB). In the end, you still only have 32 bits to address memory chips, though. :-)
On 64 bit systems, there are many more segments, 236. Instead of having (64 * billion) registers, there is a single register pointing to a hash table in memory that the CPU will walk through. Addresses are translated from 64->80->64 bits in a similar way.
They're Intel and AMD extensions respectively. They're tacked onto the virtualization extensions, and since every implementor (Xen, KVM, etc.) has just wrote separate backends for VT and SVM anyway, Intel and AMD haven't found the need to negotiate cross licensing.
I don't think it's a feature that's binned off. Intel used to bin off virtualization support (which PCID is technically part off), but they added PCID after they stopped binning on virtualization support.
efuses typically have a final efuse to be blown in manufacturing to prevent any further modification of the entire block. Otherwise there's way too high a risk of some broken code accidentally changing the configuration.
You still have to switch the page tables via the CR3 register. It costs.
And the code around there is more complicated now and has more conditionals ... as they say, it'll be opimized over time, this was the fastest reasonable solution they could put in there (and it still took some time).
Also keep in mind that the reason PCID wasn't used by Linux until 4.14 is that the most obvious way of using it incurred more overhead managing the IDs than it saved by not flushing the TLB between different userland processes. This is the land of fiddly details where theory and practice collide and theory often loses in practice.
with PCID, you only flush the kernel mappings out of the TLB (as user mappings are the same). Without PCID you can only flush TLB or not, so you do, and thus user mappings are gone too and need to be repopulated.
I hate that you can't even view Google groups without an account. It also requires us to do nothing but show text. To me groups and blogger has always represented what a terrible web application is.
God I hate Google Groups. I actually need some info from some of those groups and because of account b0rkage and shenanigans it is just too much of a hassle. Weren't they originally Usenet groups or something? Initially they were being decent Web stewards of them (_that_ was a long time ago) but then they got subsumed into the corp. as all things must. It's as inevitable as night follows day. Utter shame.
They screwed them up in pretty impressive fashion. Years ago, Google Groups used to be a great interface for searching Usenet archives. Now, it is near useless.
As an example, I wanted to do some research on early language features of Python (e.g. around 1993). The info is in Usenet postings of that time, surely present in Google Groups years ago. Now, I can't find anything useful. A advanced search using dates doesn't return anything. Their user interface is horribly bad compared to what it used to be.
Another example: I did some research on Deep Blue and Deep Thought, after reading Crazy Bird's book. With the old Google Groups, I could follow the discussion of the Deep Blue tournament, in chronological order. There was all sorts of interesting things like computer chess programmers speculating on how Deep Blue worked and people posting analysis of chess positions. All that is now gone or at least not searchable.
So sad that all of this knowledge has apparently disappeared. There was loads of information shared on Usenet and the storage space required to preserve it would be trivial.
I thought their mission statement was, "organise the world's information and make it accessible" or something like that. Didn't know there was an asterisk–but not Usenet…
Usenet is still very much alive. In fact, many of the spammers have left and now target other more popular resources. The text only groups are accessible for free from multiple servers. It's only the binary groups that you have to pay to get access.
The problem is that they completely botched the user experience a decade ago and since it's yet another orphaned product it's never been improved.
How it should work following a “build your first web app” tutorial:
1. User opens page
2. You detect an old login cookie and discretely ask if they want to login
3. If they do so, you see the previous page with more UI (e.g. subscribe, reply, etc.)
How it works now:
1. Users opens page
2. Instead of looking at the content they wanted to see, the user is automatically redirected over to a login page with a mandatory full two-factor check even if you've recently logged in to other Google properties
3. After completing that process, you're dumped on the groups.google.com homepage
4. Since there were a bunch of redirects, you have to know how to use your browser's history to go back 3-4 pages because simply hitting back will just redirect you to the homepage again.
Many people said that if your processor support PCID, the performance will not be reduced a lot by the new patches. However, after installing new updates for windows and for my very new CPU 7600U everything becomes extremely slow. My laptop is now literally unusable. Even the simplest tasks are very slow. Before this update I was able to watch youtube videos in 4K, now I'm struggling even to watch 480p... I will never buy Intel processors again. In the last few months I only hear lies from Intel regarding Meltdown, Management Engine and other "holes" in their products. Now I can throw my super expensive laptop in garbage. Thank you Intel.
