A relatively tiny code change by penguin premier Linus Torvalds is making a measurable improvement to Linux's multithreaded performance.
The code commit has the catchy name of x86/uaccess: Avoid barrier_nospec() in 64-bit copy_from_user() and it's a security tweak intended to counter the types of security holes known as Meltdown flaws and Spectre attacks when they became public in 2018. Unfortunately, these problems haven't gone away. As The Register covered just last month, this type of attack remains current.
The patch is a rewrite of one originally submitted by Red Hat developer Josh Poimboeuf, which Torvalds revised to make faster. "The kernel test robot reports a 2.6 percent improvement in the per_thread_ops benchmark," he wrote in the commit.
Torvalds's version avoids using the barrier_nospec() API, which prevents speculative execution of some machine code. Speculative execution is a feature of modern CPUs that use branch prediction to try to predict what program code will be run before it's needed, so it can be run and the results cached in advance. If the prediction is correct, it saves time; if it isn't, the results are discarded. The snag is that this opens up a particular form of security issue, which boffins have been working on ever since.
Instead, where the copy_from_user() call wouldn't be allowed because of an invalid address, it uses pointer masking to return an address of all 1s.
Defending against these sorts of attacks is a necessary evil. Running web servers and the like is a primary usage of Linux, and such boxes must be locked down against every conceivable attack - even at the cost of disabling performance-enhancing features. It makes servers safer but slower. Torvalds is known for disapproving of such performance-killing measures (to put it mildly).
(On a standalone local machine such as a desktop or laptop, which doesn't allow inbound connections, you can turn this stuff off and enjoy better performance in relative safety - if you know what you're doing and accept the small but potential risk.)
It's not a big deal, but it shows why the kernel commandant still commands over a million a year from the Linux Foundation. Very few people indeed have his level of technical knowledge, especially of the x86 architecture - and of those who do, most of them work for big chip vendors. They're under NDA and can't talk about it. That's why, before the Linux Foundation, chip vendor Transmeta hired him. It got the company the low-level expert knowledge they needed to build their Crusoe VLIW chips, which ran x86-32 code by emulating it. ®
Edge-exclusive tool promises 'second set of eyes' for browsing
Microsoft's OS sure loves throwing your creds at remote systems
How much AI does one subscriber need?
re:Invent Calling everything SageMaker is confusing - but a new name would have been worse says AWS
How to tell a customer they're an idiot without telling them they're an idiot
Damage likely limited to those running bots with private key access
Louisiana facility's three natural gas turbine plants to churn out 2,262 MW