back to article Thanks, Linus. Torvalds patch improves Linux performance by 2.6%

A relatively tiny code change by penguin premier Linus Torvalds is making a measurable improvement to Linux's multithreaded performance. The code commit has the catchy name of x86/uaccess: Avoid barrier_nospec() in 64-bit copy_from_user() and it's a security tweak intended to counter the types of security holes known as …

  1. Eugene Crosser

    Don't disable that on the client machine!

    > On a standalone local machine such as a desktop or laptop, which doesn't allow inbound connections, you can turn this stuff off and enjoy better performance in relative safety – if you know what you're doing and accept the small but potential risk.

    It's actually the other way around. Web server machine runs only code that is installed on it, hopefully from a trustworthy repository, and leaking secrets from one process to another is not a threat.

    On the client machine, you use browser that runs (javascript/wasm) code downloaded from someone's server that may not be trustworthy. And can steal your secrets.

    (The same way, it is a threat for a provider who runs other people's vms/containers that run untrusted code.)

    1. IGotOut Silver badge

      Re: Don't disable that on the client machine!

      That's generally not how these attacks work. It's extremely difficult to pull off these attacks running some dodgy script due to the extremely precise timings required and how little data can be lifted.

      However if you are running shared services, then the bad actor can install the software in their instance, and just sit the collecting the data over days, weeks, months.

      1. Mark Hahn

        Re: Don't disable that on the client machine!

        Speculation attacks aim to extract just one small bit of data, a key or password. They're not trying to read your email.

        Initial comment is correct. The question is whether you have a trust boundary on your system, and webservers basically don't.

      2. Dan 55 Silver badge

        Re: Don't disable that on the client machine!

        That's generally not how these attacks work. It's extremely difficult to pull off these attacks running some dodgy script due to the extremely precise timings required and how little data can be lifted.

        Even so, there are spectre attacks in JavaScript and WASM (2nd paragraph on P2).

      3. Blazde Silver badge

        Re: Don't disable that on the client machine!

        The difficulty doesn't derive from any real technical limit. It's difficult because you've got an extra language layer to work through. You need to find wasm/script sequences that cause a browser to execute the desired memory pattern. Those surely exist (and they're NOT browser bugs) but they're not immediately documented ready for use in the same way a memory manipulation is in a simple bit of C code. Your exploit will be more bespoke because it's tied to a particular browser and maybe host OS. And you have to roll your own timing solution because browsers disabled high-resolution timing. These are problems that are eminently solvable to achieve an exploit just as robust as a bare-metal one, just much more time-consuming to to work through it all.

        Once good exploit engines are out there, browser developers will be locked in a more intense arms-race to thwart them. It'll be a losing battle because browser scripting is too powerful and they'll be begging us to turn back on our desktop spectre mitigations. I don't recommend turning them off.

    2. Gerhard Mack

      Re: Don't disable that on the client machine!

      That is a really bad assumption. The risk is always that some exploit in the web software allows them to run arbitrary code as the web server's user which they will then use to look for deeper ways into the system.

  2. John Smith 19 Gold badge
    Coat

    "why the kernel commandant"

    So, who's Destro?

    Joking aside, this is a significant improvement and shows that (sometimes) "Peephole optimisation" is worth doing. Not often, but sometimes.

    1. NoneSuch Silver badge
      Mushroom

      Re: "why the kernel commandant"

      "even at the cost of disabling performance-enhancing features."

      If they wrote lightweight HTML instead of heavy code for gathering personal data we wouldn't need performance enhancement.

      1. tracker1

        Re: "why the kernel commandant"

        The HTML in question isn't the issue here. The server is delivering a file for HTML, and one or more files for js, css etc that is all highly compressible text. One image is usually more payload than all the HTML, CSS and JS combined.

        Malicious exploits can target the server, others can target a client. Each have differing mitigations.

        Servers can operate in read-only for system mounts to reduce risk, as well as process isolation and containerization. The ladder techniques can also be used in a client browser. For Linux clients, this means appimage/flatpak/snap. Windows and Mac have different but similar approaches for browser isolation.

        None of this has anything to do with the complexity of a given website.

        1. skrutt

          Re: "why the kernel commandant"

          I think the point was that any JavaScript added to the web is usually a detriment to the user.

          And I mostly agree, it's not html or pictures sapping performance and bandwidth, its stupid popups and ads and behavior tracking.

  3. williamyf

    «chip vendor Transmeta hired him. It got the company the low-level expert knowledge they needed to build their Crusoe VLIW chips, which ran x86-32 code by emulating it. »

    Transmeta also ran AMD64. Actually, AMD hired them to simulate the architecture before the actual silicon was ready, for the benefit of SW/OS developers

    https://www.theregister.com/2000/11/07/transmeta_helping_out_amd_ms/

  4. Pascal Monett Silver badge
    Thumb Up

    It shows indeed

    It shows why Linus Torvalds is still the top programmer in existence.

    All hail the Torvald !

    1. FIA Silver badge

      Re: It shows indeed

      He isn't.

      It's probably not helpful to idolise him like that.

      Don't get me wrong, he's no slouch.

      I, and most people here, would be scrabbling around in his dust going 'We are not worthy', but 'the top programmer in existence.', nah.

      He's a clever man who developed a unix-alike kernel, and has done a bang up job of stewarding it since then. However, like any great in their field he was also 'right place, right time' too. (Had BSD not been mired in legal issues, or Hurd been ready1 for example).

      He's also disproportionally idolised, as many top people in their field are.

      I'm not saying this to diminish 'The Torvald', but there are other clever programmers out there, many who've contributed as much, or more, to the development of computer science as a field as Linus has.

      1 Lol.

      1. klh

        Re: It shows indeed

        That lol hurts, it hurts deep

        1. rcxb Silver badge

          Re: It shows indeed

          Duke Nukem Forever was release a decade ago. HURD still not ready...

  5. DoctorNine

    Fractional Gains

    Considering that the efficiency improvement still allows (some) speculative code execution, this is pretty much as good as we could have expected. What pleases me the most, is that this sort of strategy may be more generally applied to a number of potential security bottlenecks. Also, the nimbleness with which Linux distros can code in unique solutions to these issues, makes it more and more valuable as time goes on. Once again, a carefully curated hive mind shows itself superior to proprietary authoritarianism. There is a general lesson here, methinks.

    1. anonymous boring coward Silver badge

      Re: Fractional Gains

      "Once again, a carefully curated hive mind shows itself superior to proprietary authoritarianism. There is a general lesson here, methinks"

      That the Borg were/was right, all along?

      1. eldel

        Re: Fractional Gains

        Tense error

        That the Borg were/was are/is right, all along?

        There FTFY

        1. Zippy´s Sausage Factory

          Re: Fractional Gains

          Isn't Star Trek set in the future? So it would be future tense

          That the Borg will be were/was right, all along?

          Surely that's right now?

          1. Ignazio

            Re: Fractional Gains

            Underlying mistake.

            "We are the Borg", hence "the Borg were right"

    2. ThatOne Silver badge
      Devil

      Re: Fractional Gains

      > There is a general lesson here, methinks.

      That improving general efficiency is better than randomly shoehorning useless marketing gimmicks?

      I really wonder why nobody thought of it before.

      1. Someone Else Silver badge

        Re: Fractional Gains

        I really wonder why nobody thought of it before.

        They did, but they were overridden by the source of those useless marketing gimmicks.

    3. Roland6 Silver badge

      Re: Fractional Gains

      I suspect an additional lesson, is that this is something only an experienced human could spot. Okay now it’s been found, someone can programme an AI bot to do the legwork to trawl for similar bottlenecks.

  6. El blissett

    Transmeta! That takes me back... the front page of liliputing.com used to be full of Crusoe and Efficeon vapourware, including the OQO palmtop and one of the OG netbooks, the Dialogue Flybook. Without hiring all their famous names, no way their terrible chipset would have gotten inside as many machines as it ended up in.

    1. rcxb Silver badge

      no way their terrible chipset would have gotten inside as many machines as it ended up in.

      Transmeta floundered because Intel simply appropriated their technologies, allowing them to jump ahead in energy efficiency:

      https://www.computerworld.com/article/1565866/intel-settles-patent-case-with-transmeta-for-250m.html

  7. trevorde Silver badge

    Marginal gains

    Worked in a nanotechnology group where one of the PhD rocket scientists proudly announced: "I've sped up the analysis code by 10%. It's going to finish a day early!".

    1. Ian Johnston Silver badge

      Re: Marginal gains

      For my doctorate I tweaked a standard algorithm for solving non-linear diffusion problems and got a two-order-of-magnitude improvement in speed. Quite satisfying.

      1. MichaelGordon

        Re: Marginal gains

        Or you could be Matt Parker and have people speed up your code by 40,832,277,770%

        https://www.youtube.com/watch?v=c33AZBnRHks

  8. Allonymous Coward

    Thanks Linus.

    Thlinus.

    1. Lord Elpuss Silver badge

      Re: Thanks Linus.

      Thalinus, surely.

  9. CA Dave

    Would Android benefit?

    Since Android runs on a Linux kernel, would Android phones be able to realize this as well? It seems people clamor just as much for overall performance on them more than PCs, as well as security.

    1. druck Silver badge

      Re: Would Android benefit?

      I believe this is x86/AMD64 only optimisation, while there are a few x86 powered Android phones and tablets, the vast majority are ARM.

  10. Bebu sa Ware
    Coat

    The graphic for this article...

    might have been wasted here as it might have been better used for one of Linus' periodic rants.

    The man with a shifter aka attitude adjuster which suitably applied might result in performance gains for the kernel if not from the adjustee.

  11. Manolo
    Mushroom

    Website is no more

    "you can turn this stuff off and enjoy better performance"

    https://make-linux-fast-again.com/ has disappeared it seems.

  12. hammarbtyp

    UABP

    The lesson to this story is :-

    Use a better processor

    1. ThatOne Silver badge
      Devil

      Re: UABP

      You mean: "Buy our latest (exciting) processor implementing NewFad©™!!!"?

      Because AFAIK the go-to solution of both chipmakers was to do nothing. Computer suddenly too slow? It's time to buy a new one. (You should even buy two, just in case.)

      1. Roland6 Silver badge

        Re: UABP

        Putting aside the passing years, this (the lack of speculative execution) would have been picked up as a feature and benefit of RISC over CISC…

        1. rcxb Silver badge

          Re: UABP

          All modern processors are affected by Spectre flaws:

          "Spectre has been shown to work on Intel, AMD, ARM-based, and IBM processors."

          It's a question of superscalar pipelined processors. Not RISC vs CISC. x86 CPUs are RISC behind the scenes, anyhow.

          All modern processors have those traits, or else they'd perform terribly.

    2. gnasher729 Silver badge

      Re: UABP

      Drop any speculation, and you performance drops a facto 3 at least. The trick is to only drop speculation when it can give a hint to an attacker.

  13. Ian Johnston Silver badge

    How good was the patch he polished?

    1. Mr D Spenser

      And who vetted it?

  14. bazza Silver badge
    Pint

    Given that that 2.6% gets rolled out across a vast number of machines across the planet, he's probably personally responsible for a few power stations getting switched off (in aggregate!).

    1. Ian Johnston Silver badge

      Is it 2.6% on all Linux systems at all times, or 2.6% on one particular activity on one particular type of processor?

      1. sabroni Silver badge

        re: Is it 2.6% on all Linux systems at all times

        it's a 2.6% increase when running the per_thread_ops benchmark. Unforch this story has blown up so searching for that benchmark gets loads of news sites parrotting this press release/figure.

        What is the real world implication of this? Sounds like each thread can now run 2.6% more ops in a given period, is that genuinely what it means?

      2. This post has been deleted by its author

  15. Omnipresent Silver badge

    He kicked out the russians

    and it pissed them off, that tells me volumes.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like