Announcement

Collapse
No announcement yet.

The Brutal Performance Impact From Mitigating The LVI Vulnerability

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Brutal Performance Impact From Mitigating The LVI Vulnerability

    Phoronix: The Brutal Performance Impact From Mitigating The LVI Vulnerability

    On Tuesday the Load Value Injection (LVI) attack was disclosed by Intel and security researchers as a new class of transient-execution attacks and could lead to injecting data into a victim program and in turn stealing data, including from within SGX enclaves. While Intel has publicly stated they don't believe the LVI attack to be practical, one of their open-source compiler wizards did go ahead and add mitigation options to the GNU Assembler as part of the GCC toolchain. Here are benchmarks showing the performance impact of enabling those new LVI mitigation options and the significant impact they can cause on run-time performance in real-world workloads.

    http://www.phoronix.com/vr.php?view=28950

  • #2

    Comment


    • #3
      With these performance numbers, everyone who is dependant on the security and does use workloads like shown here, they shouldn't re-compiler their software with these mitigations but kick these Intel systems out the door and get something from the competition instead.

      Comment


      • #4
        Can someone explain the difference between the mitigations? i.e. would indirect branch & before RET alone help or is the after load necessary?

        Comment


        • #5
          Originally posted by gabber View Post
          Can someone explain the difference between the mitigations? i.e. would indirect branch & before RET alone help or is the after load necessary?
          All of them are needed for complete protection, basically adding fences to different areas of the code where the LVI attack could theoretically happen.
          Michael Larabel
          http://www.michaellarabel.com/

          Comment


          • #6
            Ooh, now my raspberry pi can compete with my laptop

            Comment


            • #7
              Mitigations seems like i80486SX performance emulator for Core i9

              Comment


              • #8
                And this is it, guys. We are traveling 20 years in the past to the Pentium era.

                Comment


                • #9
                  Originally posted by tildearrow View Post
                  And this is it, guys. We are traveling 20 years in the past to the Pentium era.
                  I don't normally make these kinds of suggestions, but the results of random quad core x86_64 Intel processors from the past 20 years would be interesting.

                  Would be funny if core2quads started getting wins again.

                  Comment


                  • #10
                    Basically, this puts to shame all the other vulnerabilities combined.

                    Comment

                    Working...
                    X