Patch for Retbleed Problem Slows Down Virtual Machines on Linux by 70%

VMware engineers have tested a Linux kernel patch that addresses the Retbleed side-channel problem. The researchers came to the disappointing conclusion that this fix can affect performance, reducing it immediately by 70%.

Let me remind you that we also talked about Linus Torvalds Uses Linux on an Apple MacBook Air with an M2 Processor, și de asemenea că P2P Botnet Panchan Attacks Linux Servers.

Retbleed was discovered and described by experts from the ETH Zurich last summer. At the time, the bug was reported to affect Intel processors from 3 la 6 years old, as well as AMD processors from 1 la 11 years old. Experts immediately warned that fixing the bug could have a negative impact on performance.

Let me remind you that Retbleed consists of two vulnerabilities (CVE-2022-29900 pentru AMD și CVE-2022-29901 pentru Intel) și aparține Spectre-BTI clasa de atacuri speculative (variantă 2). Numele Retbleed se referă la Retpolină soluție de securitate, care a fost dezvoltat de Google în 2018 pentru a combate Coltdown și vulnerabilități ale procesorului Spectre. În activitatea de protecție a Retpoline s-au găsit noi probleme.

La fel de VMware inginerii raportează acum în lista de corespondență Linux Kernel, patch-urile Retbleed provoacă o regresie vizibilă a performanței în Linux 5.19 nucleu. Testele interne ale companiei au arătat că rularea mașinilor virtuale Linux cu ESXi hypervisor și versiunea de kernel Linux 5.19 duce la o scădere a performanței de până la 70% cu un singur vCPU, A 30% scăderea performanței rețelei, si pana la 13% în performanța de stocare.

Dacă testerii VMware au dezactivat corecții pentru Retbleed în 5.19 nucleu, Performanța ESXi a revenit la niveluri normale, ca în versiune 5.18. The tests were conducted on Intel Skylake processors released between 2015 și 2017.

Since speculative computing was generally designed to speed up data processing, it is not surprising that disabling it has a very negative impact on performance. in orice caz, A 70% performance drop is simply unacceptable for many business processes and is a big problem.

In fact, if the patches are not improved and revised, users are faced with a clear choice: use the 5.19 kernel and still lose performance, or stay on the previous version and take the possible risks, relying on the fact that the Retbleed problem is not so easy to exploit.