[PATCH libgcrypt] Disable CPU speculation-related misfeatures
Guido Trentalancia
guido at trentalancia.com
Sun Jul 6 16:21:16 CEST 2025
Chaning the prctl() settings only affects the process (or thread) where
prctl() is called and not the rest of processes running on the system.
Therefore running a timed "make check" on pre-compiled test binaries
with suppressed output, possibly on an unloaded system, is a meaningful
performance loss measure.
Please note that Level 1 Data Cache flushing is disabled by default and
the third prctl() call in this patch is just a placeholder.
Guido
On Sat, 05/07/2025 at 14.37 +0300, Jussi Kivilinna wrote:
> On 14/06/2025 15:47, Guido Trentalancia via Gcrypt-devel wrote:
> > Three runs of timed "make check" (with suppressed output) on
> > libgcrypt
> > version 1.11.1, with and without the safety feature enabled,
> > provide
> > the following meaningful results:
> >
> > safe (avg): 54.26 seconds
> >
> > unsafe (avg): 52.94 seconds
> >
> > Therefore, the performance loss of safe versus unsafe is 2.5%.
>
> Seems high given that "make check" is mostly single threaded test
> code
> running mostly in user-space and checking libgcrypt implementation.
>
> Changing these prctl settings will affect the application where
> libgcrypt
> was loaded (directly or indirectly) and can also affect performance
> of other processes running on system (see discussion & push back on
> L1d flush change in linux kernel).
>
> -Jussi
>
More information about the Gcrypt-devel
mailing list