Announcement

Collapse
No announcement yet.

The Brutal Performance Impact From Mitigating The LVI Vulnerability

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Leave the memories alone

    Comment


    • #22
      Originally posted by andyprough View Post
      Also, the attacker would have to be extremely sophisticated - basically nation-state level cracking is what has been described. Once again, this would seem to rule out anything I deal with, since nothing I touch would seem to be of interest to high-level black hats.
      Eh, it trickles down, as malware is modular and there is a market for SDKs that allow novice hackers to just add their payload code and compile.

      Comment


      • #23
        Something doesn't compute. These results are sometimes 20 fold slower??? This on a 4 core 8 thread system. So if you disabled hyperthreading and only enabled a single core, the result would be less brutal than these mitigations.

        Am I not reading the graphs correctly?

        Comment


        • #24
          Originally posted by andyprough View Post
          My understanding is this is only relevant on a multi-tenant environment - meaning multiple users sharing the same application on the same hardware at the same time.
          that's what any computer running JavaScript in a web browser is.

          Comment


          • #25
            Originally posted by AndyChow View Post
            Something doesn't compute. These results are sometimes 20 fold slower??? This on a 4 core 8 thread system. So if you disabled hyperthreading and only enabled a single core, the result would be less brutal than these mitigations.

            Am I not reading the graphs correctly?
            Hyperthreading for a lot of common tasks is probably pretty irrelevant. I turned it off for a couple weeks last year to see if I could tell a difference. For everyday office work and web browsing I didn't see any difference at all. The only area it was noticeable for me was compiling the kernel was quite a bit slower.

            Comment


            • #26
              What does "partially affected" mean in terms of mitigations is the question that I have...

              Comment


              • #27
                Ugh... I can't afford Epyc based servers at the moment. I will be building out a Threadripper box though. I'm done with Intel for a while.

                Comment


                • #28
                  Originally posted by AndyChow View Post
                  Something doesn't compute. These results are sometimes 20 fold slower??? This on a 4 core 8 thread system. So if you disabled hyperthreading and only enabled a single core, the result would be less brutal than these mitigations.

                  Am I not reading the graphs correctly?
                  You're reading it correctly. However this mitigation on the compiler level is not related to HT.

                  Originally posted by hiryu View Post
                  What does "partially affected" mean in terms of mitigations is the question that I have...
                  According to Intel's Deep Dive it means that processors that already mitigate L1TF/MDS/TAA have their LVI impact lessened in the non-SGX case:

                  On processors that are affected by TAA but not by MDS, software that does not use loads within an Intel TSX region cannot be impacted by LVI stale data.
                  TL;DR; disable SGX and TSX if you're not using it and it should be "fine" for normal usage.

                  Comment


                  • #29
                    Originally posted by dweigert View Post
                    Ugh... I can't afford Epyc based servers at the moment. I will be building out a Threadripper box though. I'm done with Intel for a while.
                    I went the AMD AM4 socket route and frankly I'm pleased with the machine. I did it to support an underdog and because of these Intel horror stories. It isn't perfect the drivers for the AMD 5500XT card are a bit wanting but this is an all Linux install and is more usable in my opinion than anything Windows 10. This is the first PC build for me in probably 15 to 18 years and is a direct result of getting pissed off with mainstream branded hardware. So Intel was only part of the equation, but they certainly haven't done themselves any favours lately.

                    As for an ARM based system I would have considered one if there was a suitably competitive laptop or desktop available to buy. I can see a fture where ARM based and AMD based hardware slug it out for leadership while Intel is left building buggy Atom based derivatives.

                    Comment


                    • #30
                      Originally posted by numacross View Post

                      TL;DR; disable SGX and TSX if you're not using it and it should be "fine" for normal usage.
                      Thanks for your helpful response, numacross.

                      Dug into SGX a bit... It's a fairly new set of instructions and it doesn't seem that AMD even has them... And seems to only be useful in certain circumstances... As bad as the performance hit is... Is this ultimately a big deal? I'm not sure that it is. These mitigations should only be needed if and where SGX instructions are being used?

                      The more or less comparison to TSX quoted above is valid I think. It seems Intel has a habit of creating new instruction sets that come with insecurity vulnerabilities... TSX has been a problem since it was introduced with Haswell before the speculative execution exploits were discovered.

                      Comment

                      Working...
                      X