Skip to content

Instantly share code, notes, and snippets.

@klingtnet

klingtnet/benchmark-cpu-vulnerability-mitigations.md

Last active May 17, 2019 06:37
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save klingtnet/f7c9e051092715f6fa06710905e62736 to your computer and use it in GitHub Desktop.
Save klingtnet/f7c9e051092715f6fa06710905e62736 to your computer and use it in GitHub Desktop.
Download ZIP
Benchmark CPU vulnerability mitigtations
Raw
benchmark-cpu-vulnerability-mitigations.md

Kernel options:

$ curl -s 'https://make-linux-fast-again.com/'
noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off mitigations=off

Rust's click library was compiled as a benchmark (CPU bound on my machine (Lenovo X1C5):

#!/bin/bash

# curl -Lsf 'https://github.com/databricks/click/archive/v0.4.0.tar.gz' | tar -xvzf -
cd click-0.4.0 && rm -rf ./target/ && cargo build --release --quiet
for f in *mitigations*txt; do echo "# $f" && cat "$f"; done
# with-mitigations-4.19.43-1-lts.txt
2m 40s 840ms 423us 861ns
# without-mitigations-4.19.43-1-lts.txt
2m 43s 588ms 853us 203ns
# without-mitigations-5.1.2-arch1-1-ARCH.txt
2m 46s 75ms 615us 281ns
# without-mitigations-5.1.2-arch1-1-ARCH..txt
2m 46s 158ms 142us 937ns
# 4.19.43-1-lts
# dd if=/dev/urandom of=./rand4G.bin count=1024 bs=4M status=progress
# cat rand4G.bin | pigz > /dev/null
with-mitigations:		50s 305ms 962us 421ns
without-mitigations:	51s 967ms 125us 714ns
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment