Hello and thanks for the bug report. We hate to hear that you're seeing such a performance hit on your application when the MDS mitigations are enabled. Unfortunately, we are simply following Intel's recommendations[1] for mitigating MDS attacks. The kernel changes are relatively simple and the overhead comes from the kernel calling into the CPU microcode to flush the internal CPU buffers as well as the inefficiencies involved with flushing such buffers. Since the recommendation includes flushing the buffers before exiting from the kernel to userspace, workloads which are syscall heavy are likely to see the largest performance hit.
I like your idea of alerting the user of such a potential performance hit, on the surface. However, the vast majority of users won't know how to handle that information and, even worse, it could scare users out of taking the update even though the mitigations may not significantly impact their typical usage. Very few users will have the need to bisect kernel changes to identify a performance decrease that they've measured. Another problem is that there's not a consistent way to alert users with pertinent information. The updates are provided to desktop systems, to headless servers, packaged in pre-built cloud images, delivered automatically to IoT devices that don't support typical user logins, etc. Even across something like desktop systems, users apply the updates in a variety of ways (manually with apt, automatically with unattended- upgrades, with a GUI such as update-manager, etc.). This is why we provide out-of-band information like this in Ubuntu Security Announcements[2] and, in some cases, more verbose KnowledgeBase articles. What I can promise is that we'll continue to work with Intel and the upstream kernel community in the case that future improvements are identified for the existing MDS mitigations. Thanks again for opening this bug report and please don't take the "Won't Fix" bug status as your voice being ignored. At the very least, when writing up the next KnowledgeBase article, I now know that any time we spend describing performance impacts will be much appreciated by someone out there. :) [1] https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling [2] https://usn.ubuntu.com ** Changed in: linux (Ubuntu) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1829255 Title: Sever performance degradation after updating to 5.0.0-15 due to mds mitigation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1829255/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs