Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9

[Daniel Axtens <dja () axtens net>]

Hi,

> This issue can be mitigated by flushing the L1 cache between privilege
> boundaries of concern.

There's been interest in the performance impact of doing this sort of
flush. The impact depends on the workload, on how often the kernel is
entered and for what, and on the particular flush mechanism supported by
the machine.

To take an unscientific example, I tested compiling a kernel. I dropped
caches, did 1 build to warm the cache, and then 5 timed builds. The
machine uses the mttrig flush.

Wall clock time:
neither flush: avg 98.796s (min 98.329s - max 99.229s) -- 100%
entry flush:   avg 99.061s (min 98.935s - max 99.188s) -- 100.27%
both flushes:  avg 99.158s (min 98.303s - max 99.683s) -- 100.37%

As you can see, the performance impact for this test was less than 0.4%
on this machine.

I want to be clear that this isn't an official claim of performance
under any particular configuration or workload. Your results may vary.

As always, systems running in trusted environments can be booted with
mitigations=off or the firmware 'risk level' adjusted to disable a range
of speculative execution mitigations, including these.

Kind regards,
Daniel