A VMware engineer has brought to the attention of the Linux kernel community a significant performance hit when using the Linux 5.19 kernel. Testing a virtual machine with 5.19 kernel in a VMware ESXi hypervisor environment showed a 70% decrease in compute performance, 30% network operations and 13% storage performance compared to the same configuration based on the 5.18 kernel.
The change in the code of protection against attacks of the Specter v2 class (spectre_v2=ibrs), implemented on the basis of extended IBRS (Enhanced Indirect Branch Restricted Speculation) instructions, which allows adaptively enabling and disabling speculative execution of instructions during interrupt processing, system calls, is called as the reason for the decrease in performance. and context switches. Protection is enabled to block a recently identified Retbleed vulnerability in the mechanism of speculative execution of indirect CPU jumps, which allows extracting information from kernel memory or organizing an attack on the host system from virtual machines. After the protection is turned off (spectre_v2=off), the performance returns to the previous level.
Source: opennet.ru