Patch for Retbleed Problem Slows Down Virtual Machines on Linux by 70%

september 13, 2022
door Carina Wilson
199 Keer bekeken
3 minuten gelezen

VMware engineers have tested a Linux kernel patch that addresses the Retbleed side-channel problem. The researchers came to the disappointing conclusion that this fix can affect performance, reducing it immediately by 70%.

Let me remind you that we also talked about Linus Torvalds Uses Linux on an Apple MacBook Air with an M2 Processor, and also that P2P Botnet Panchan Attacks Linux Servers.

Retbleed was discovered and described by experts from the ETH Zurich last summer. At the time, the bug was reported to affect Intel processors from 3 to 6 years old, as well as AMD processors from 1 to 11 years old. Experts immediately warned that fixing the bug could have a negative impact on performance.

Let me remind you that Retbleed consists of two vulnerabilities (CVE-2022-29900 for AMD and CVE-2022-29901 for Intel) and belongs to the Specter-BTI class of speculative attacks (variant 2). The name Retbleed refers to the Retpoline security solution, which was developed by Google in 2018 to combat the Meltdown and Specter processor vulnerabilities. It was in the work of the Retpoline protection that fresh problems were found.

As VMware engineers now report in the Linux Kernel mailing list, the Retbleed patches do cause a noticeable performance regression in the Linux 5.19 kernel. The company’s internal tests have shown that running Linux virtual machines with the ESXi hypervisor and Linux kernel version 5.19 results in a performance drop of up to 70% with a single vCPU, A 30% drop in network performance, and up to 13% in storage performance.

If VMware testers disabled patches for Retbleed in the 5.19 kernel, ESXi performance returned to normal levels, as in version 5.18. The tests were conducted on Intel Skylake processors released between 2015 En 2017.

Since speculative computing was generally designed to speed up data processing, it is not surprising that disabling it has a very negative impact on performance. Echter, A 70% performance drop is simply unacceptable for many business processes and is a big problem.

In fact, if the patches are not improved and revised, users are faced with a clear choice: use the 5.19 kernel and still lose performance, or stay on the previous version and take the possible risks, relying on the fact that the Retbleed problem is not so easy to exploit.

We believe that these findings will be useful to the Linux community, and wanted to document them.VMware representatives politely summarize.

Over de auteur

Carina Wilson

Met meer dan 10 jarenlange ervaring met schrijven voor online en gedrukte media, Ik ben een expert in het leveren van duidelijke en overtuigende teksten.

Ik heb geschreven voor een toonaangevend SEO-copywritingbureau en voor enkele van de bekendste merken in Groot-Brittannië, tijdschriften en kranten.

Bekijk alle berichten

Laat een reactie achter