Announcement

Collapse
No announcement yet.

The Combined Impact Of Mitigations On Cascade Lake Following Recent JCC Erratum + TAA

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Combined Impact Of Mitigations On Cascade Lake Following Recent JCC Erratum + TAA

    Phoronix: The Combined Impact Of Mitigations On Cascade Lake Following Recent JCC Erratum + TAA

    Following the initial tests earlier this month from the disclosures of the JCC Erratum (Jump Conditional Code) that required updated Intel CPU microcode to address and on the same day the TSX Async Abort (TAA) vulnerability that required kernel mitigations to address, which I have run benchmarks of those CPU performance impacts individually, readers have requested tests looking at the current overall impact to the mitigations to date.

    http://www.phoronix.com/vr.php?view=28537

  • #2
    Does these mitigations also reduce the performance of processors not affected, such as the Intel Ice Lake, or Ryzen 3?

    Comment


    • #3
      Originally posted by uid313 View Post
      Does these mitigations also reduce the performance of processors not affected, such as the Intel Ice Lake, or Ryzen 3?
      These are the lscpu statements on a Ryzen 3900x:

      Vulnerability Itlb multihit: Not affected
      Vulnerability L1tf: Not affected
      Vulnerability Mds: Not affected
      Vulnerability Meltdown: Not affected
      Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp
      Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
      Vulnerability Spectre v2: Mitigation; Full AMD retpoline, IBPB conditional, STIBP always-on, RSB filling
      Vulnerability Tsx async abort: Not affected

      It is not affected by tsx in particular.

      Comment


      • #4
        But compiler/assembler patches (If on by default for every compilation) would affect AMD too. Such benchmarks (plain -O2/-O3 without -march=native But with patched assembler) with various intel/amd cpus would be very helpful.
        Last edited by pyler; 11-24-2019, 01:04 PM.

        Comment


        • #5
          What a gigantic mess all these microarch f-ckups have created...
          Keeping track of all this is proving to be a major PITA, even if I have no problems grasping the information.
          Even the pretty tech-savvy are probably going to feel at a loss trying to grasp this mess.

          For the average Joe...
          Does Windows always update microcode or does it rely on the hw vendor to do it?

          Comment


          • #6
            Originally posted by milkylainen View Post
            Does Windows always update microcode or does it rely on the hw vendor to do it?
            It does for Windows 10, but the latest microcode is not pushed through Windows Update yet.

            Comment


            • #7
              Originally posted by milkylainen View Post
              What a gigantic mess all these microarch f-ckups have created...
              Keeping track of all this is proving to be a major PITA, even if I have no problems grasping the information.
              Even the pretty tech-savvy are probably going to feel at a loss trying to grasp this mess.
              And this is likely still just the tip of the iceberg. Researchers are concentrating on Intel because of huge invested interests- data centers from Google and such are standardized on Intel processors. This means AMD and POWER haven't had as much attention. There's likely bugs in them that will likewise have performance hits when disabled or worked around. Researchers are also starting to turn their attention to GPUs and security implications. This is ignoring the problem with the black boxes that are IME, PSP, and the base band microcontrolers on most server motherboards. We're going to need flow charts and time line illustrations for hardware generations affected by which bugs color coded by security implication sorted by deployment concerns (desktop/workstation, embedded, virtual machines only, etc).

              Comment


              • #8
                I just got rid of 1 Intel system 3 weeks ago, so this means there are now just 2 remaining on my side. Sadly proprietary firmware is everywhere, that cannot be audited or improved at all, so switching away from Intel only helps to be less affected by these vulnerabilities.

                Comment


                • #9
                  Originally posted by R41N3R View Post
                  I just got rid of 1 Intel system 3 weeks ago, so this means there are now just 2 remaining on my side. Sadly proprietary firmware is everywhere, that cannot be audited or improved at all, so switching away from Intel only helps to be less affected by these vulnerabilities.
                  ARM isn't any better. Most ARM phones now come with locked bootloaders. Huawei won't even provied you the keys anymore.

                  Comment


                  • #10
                    Originally posted by caligula View Post

                    ARM isn't any better. Most ARM phones now come with locked bootloaders. Huawei won't even provied you the keys anymore.
                    Sony has open bootloader. At least on the phones you get sailfish os for.

                    Comment

                    Working...
                    X