Linus Torvalds to Question the Need for STIBP

Linux creator believes it has a very negative effect on system performance when using SMT / Hyper-Threading technologies
21 November 2018   1374

The creator of Linux expressed doubts about the feasibility of the default activation technology Single Thread Indirect Branch Predictors (STIBP). This patch provides additional protection against Specter v2 hardware vulnerabilities. Programmers working on the Linux kernel built STIBP into kernel version 4.19.2 and implemented it in version 4.20.

Torvalds said that STIBP has a very negative effect on system performance when using SMT / Hyper-Threading technologies. In some cases, performance is reduced by 50%. To avoid performance degradation, users have to disable these simultaneous multithreading tools. But disabling SMT / Hyper-Threading is one way to protect against Specter v2 attacks. Thus, the need to use STIBP is questionable.

Torvalds notes that browsers, developers of which have already built the necessary protection modules, usually become the object of attack in the ordinary user's system. Referring to this, the programmer considers the practical implementation of Specter v2 attack unlikely.

Linus does not offer to completely eliminate STIBP from the OS kernel, but only to leave this mechanism disabled by default, allowing users to make decisions about the appropriateness of its use.

Intel experts Arjan van de Ven and Tim Chen reported that Intel and AMD also consider the use of STIBP by default unnecessary. In their opinion, this tool should be used only in critical cases, for example, when explicitly requested via prctl or for processes that prohibit the creation of core memory dumps.

Testing of the Linux 4.20 kernel showed that the performance drop depends on the nature of the task being performed. Ingo Molnar, another developer of the OS kernel, proposed to introduce a rule according to which new protective technologies will be displayed in the lists of system modifications along with the results of testing their impact on performance.

Specter attacks are aimed at the hardware vulnerability of modern processors associated with the implementation of speculative computing. When choosing protection you have to balance between security and performance. Shifting the decision to enable STIBP technology to users, Torvalds gives them the opportunity to adjust this balance themselves.

LLVM 10.0.0 to be Released

New version of the popular development toolkit brings, among other things, support for the C++ Concepts
26 March 2020   950

After six months of development, the release of the LLVM 10.0 project, a GCC-compatible toolkit (compilers, optimizers, and code generators), compiling programs into an intermediate bitcode of RISC-like virtual instructions (a low-level virtual machine with a multi-level optimization system), is presented. The generated pseudo-code can be converted using the JIT compiler into machine instructions directly at the time of program execution.

Among the new features of LLVM 10.0, there are support for C ++ Concepts (C ++ Concepts), termination of the launch of Clang in the form of a separate process, support for CFG checks (control flow guard) for Windows, and support for new CPU features.

The main innovations of LLVM 10.0:

  • New interprocedural optimizations and analyzers have been added to the Attributor framework. The prediction of the state of 19 different attributes, including 12 attributes of 12 LLVM IR and 7 abstract attributes such as liveness, is provided.
  • New built-in compiler matrix mathematical functions (Intrinsics) have been added, which, when compiled, are replaced by effective vector instructions.
  • Numerous improvements to the backends for the X86, AArch64, ARM, SystemZ, MIPS, AMDGPU, and PowerPC architectures. Added support for Cortex-A65, Cortex-A65AE, Neoverse E1 and Neoverse N1 CPUs. For ARMv8.1-M, ​​the code generation process has been optimized (for example, support for loops with minimal overhead has appeared) and support for auto-vectorization using the MVE extension has been added. Improved support for CPU MIPS Octeon. PowerPC includes vectorization of mathematical routines using the MASSV (Mathematical Acceleration SubSystem) library, improved code generation, and optimized memory access from loops. For x86, the processing of vector types v2i32, v4i16, v2i16, v8i8, v4i8 and v2i8 has been changed.
  • Improved code generator for WebAssembly. Added support for TLS (Thread-Local Storage) and atomic.fence instructions. Significantly expanded support for SIMD. WebAssembly object files added the ability to use function signatures with multiple values.
  • When processing cycles, the MemorySSA analyzer is used to determine the dependencies between different memory operations. MemorySSA can reduce compilation and execution time, or can be used instead of AliasSetTracker without sacrificing performance.
  • The LLDB debugger has significantly improved support for the DWARF v5 format. Improved build support with MinGW and added the initial ability to debug Windows executable files for ARM and ARM64 architectures. Added descriptions of options offered when autocompleting input by pressing tabs.
  • Enhanced LLD Linker Features. Improved support for the ELF format, including full compatibility of glob templates with the GNU linker, added support for the compressed debug sections ".zdebug", added the PT_GNU_PROPERTY property to determine the section (can be used in future Linux kernels), implemented modes "-z noseparate-code", "-z separate-code" and "-z separate-loadable-segments". Improved support for MinGW and WebAssembly.

Get more at the release notes.