Announcement

Collapse
No announcement yet.

The Brutal Performance Impact From Mitigating The LVI Vulnerability

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by skeevy420 View Post

    I don't normally make these kinds of suggestions, but the results of random quad core x86_64 Intel processors from the past 20 years would be interesting.

    Would be funny if core2quads started getting wins again.
    Yes, I would like to see a comparison as well to one of the old processors, maybe against a Athlon 64 :-)

    Comment


    • #12
      Wouldn't it be much more efficient and safe to limit all the critical threads on a limited selection of cores. All of the rest of the apps/threads that don't need security could then be allowed to run as quickly as possible without any fixes...

      Comment


      • #13
        Bruh moment #8

        Comment


        • #14
          My understanding is this is only relevant on a multi-tenant environment - meaning multiple users sharing the same application on the same hardware at the same time. A thin client situation, or some type of shared access multi-VM setup is what I've seen described. It wouldn't affect me, but I'm wondering if it would impact some of the cloud providers we use at work?

          Also, the attacker would have to be extremely sophisticated - basically nation-state level cracking is what has been described. Once again, this would seem to rule out anything I deal with, since nothing I touch would seem to be of interest to high-level black hats.

          Comment


          • #15
            Typo:

            Originally posted by phoronix View Post
            while tbe LFENCE before indirect branches led to a much lower impact.
            But at least for now only the most concerned security concious end-users should be using these mitigation options

            Comment


            • #16
              Originally posted by andyprough View Post
              My understanding is this is only relevant on a multi-tenant environment - meaning multiple users sharing the same application on the same hardware at the same time. A thin client situation, or some type of shared access multi-VM setup is what I've seen described. It wouldn't affect me, but I'm wondering if it would impact some of the cloud providers we use at work?

              Also, the attacker would have to be extremely sophisticated - basically nation-state level cracking is what has been described. Once again, this would seem to rule out anything I deal with, since nothing I touch would seem to be of interest to high-level black hats.
              not so nice for intel since they try to turn them self into cloud hardware provider...

              Comment


              • #17
                Originally posted by tildearrow View Post
                And this is it, guys. We are traveling 20 years in the past to the Pentium era.
                Not from a security point of view. Back then did nobody bother to ask such questions about the hardware and research possible security issues, because everyone was too busy updating their virus scanners three times a day.

                Comment


                • #18
                  Might this be the proverbial "straw that broke the camel's back" for Intel Xeon? The tipping point where data centers go, "I'm replacing my hole-ridden Intel servers immediately"?

                  Comment


                  • #19
                    Pretty much all these vulnerabilities and mitigating fixes should be ignored by most if they require direct access to the machine or a machine on the local network.
                    If someone breaks into your house, the security patches are not going to help. No win scenario.

                    Comment


                    • #20
                      Originally posted by theriddick View Post
                      Pretty much all these vulnerabilities and mitigating fixes should be ignored by most if they require direct access to the machine or a machine on the local network.
                      If someone breaks into your house, the security patches are not going to help. No win scenario.
                      Don't confuse "direct access to the machine" meaning "direct physical access to hardware" with "local execution on hardware". LVI requires just local execution and not physical hardware access. It's the case for almost all of the Intel vulnerabilities.

                      Comment

                      Working...
                      X