The patch, which is intended to close the new version of the Specter vulnerability Retbleed in Linux Kernel 5.19, is said to cost a lot of performance on virtual machines under certain conditions. The VM provider VMware concludes this from tests.
In a post on the Linux Kernel Mailing List, VMware employee Manikandan Jagatheesan describes the test procedure. VMware regularly checks the effects of Linux kernel releases on the performance of its own virtual machines. A comparison between Kernel 5.19 and its predecessor 5.18 revealed a loss of 70 percent in computing power, 30 percent in network speed and 13 percent in storage capacity.
Test object: VM with Skylake CPUs
The test used a Linux virtual machine with Ubuntu 20.04.3 on the VMware hypervisor ESXi and Intel Skylake CPU. The assumption that the Retbleed patch could be responsible for the losses was then confirmed in practice, Jagatheesan continued in his message to the mailing list. That’s how you have it commit 6ad0ad2bf8a6which contains the patch for the “spectre_v2 vulnerability”, via the kernel boot parameter spectre_v2=off disabled in kernel version 5.19. In the subsequent tests, the virtual machine would have achieved the same performance with the new version of the Linux kernel as with version 5.18.
Because the patch prevents the speculative execution in the processor that makes Specter and Retbleed possible in the first place, performance losses are to be expected. Nevertheless, the values specified by VMware appear very high. Retbleed is a new vulnerability in the Specter family of vulnerabilities. Swiss researchers published the vulnerability in July 2022. Specter itself has been known since 2018. Linux Kernel 5.19 was released at the end of July with a week delay – partly because of the patch against Retbleed, which led to a performance slump in the previous release candidate.
