Kernel Mitigations in WSL2 leading to 30-50% worse wall time, 80% worse syscall time #14526
Description
Windows Version
Microsoft Windows [Version 10.0.26220.8079]
WSL Version
WSL version: 2.6.3.0
Are you using WSL 1 or WSL 2?
- WSL 2
- WSL 1
Kernel Version
6.6.87.2-1
Distro Version
Debian 13.4
Other Software
- go version
go1.26.1 linux/amd64
Summary
Kernel side-channel mitigations seem to affect WSL2 performance more heavily than a normal linux kernel. A normal kernel with mitigations=on will see 5-10% performance impact. With wsl2, mitigations cause 84% syscall impact, and 47% compile time (wall time) impact for a moderate golang compile.
Repro Steps
Steps to Reproduce
- Run
perf bench sched pipe -l 100000 - Run
go clean -cache && go build ./... - Add
kernelCommandLine=quiet loglevel=0 audit=0 mitigations=off vsyscall=noneto %UserProfile%.wslconfig. wsl --shutdown& re-run the tests
Expected Behavior
5-10% performance difference between mitigations=on and mitigations=off
Actual Behavior
Context Switch Latency (perf bench sched pipe -l 100000)
| Metric | Mitigations OFF | Mitigations ON (Default) | Regression |
|---|---|---|---|
| Latency (usecs/op) | 37.51 μs | 44.45 μs | +18.5% |
| Throughput (ops/sec) | 26,659 | 22,493 | -15.6% |
go build benchmark -- 84% worse system time, 47% worse wall time
| Metric | Mitigations OFF | Mitigations ON (Default) | Regression |
|---|---|---|---|
| System Time | 13.51s | 24.89s | +84.2% |
| Total (Wall) Time | 18.31s | 26.98s | +47.3% |
| CPU Efficiency (higher=better) | 522% | 395% | -127% |
Testing Mitigations
❯ grep Vuln /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable; IBPB: disabled; STIBP: disabled; PBRSB-eIBRS: Not affected; BHI: Not affected