Announcement

Collapse
No announcement yet.

LLVM Lands Performance-Hitting Mitigation For Intel LVI Vulnerability

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • LLVM Lands Performance-Hitting Mitigation For Intel LVI Vulnerability

    Phoronix: LLVM Lands Performance-Hitting Mitigation For Intel LVI Vulnerability

    Made public in March was the Load Value Injection (LVI) attack affecting Intel CPUs with SGX capabilities. LVI combines Spectre-style code gadgets with Meltdown-type illegal data flows to bypass existing defenses and allow injecting data into a victim's transient execution. While mitigations on the GNU side quickly landed, the LLVM compiler mitigations were just merged today.

    http://www.phoronix.com/vr.php?view=29036

  • #2


    Comment


    • #3
      The "researchers" that published LVI... I totally lost all respect for them when i saw their announcements. They made a MOVIE TRAILER like video to pre hype it. They made some acted crap to promote it further.

      That is NO research! That is hyping.

      I hope no distributions are going to apply this crap by default (in other terms, force this compile flag in some system wide difficult to discover environment variable). Specially those aimed at desktop or developer users should not apply this crap.
      It might, doubtfully, make some sense in the hosting service world and virtualization...
      Last edited by markg85; 04-03-2020, 03:20 PM.

      Comment


      • #4
        markg85 Securing your OS makes no sense to you? It should be advertised everywhere, so people will buy AMD CPU next time. Intel should be sued for such performance loses.

        Comment


        • #5
          *cries in i7 6700k*

          Comment


          • #6
            *cries in Xeon E3-1241 v3*

            Comment


            • #7
              *cries in mitigations=off*

              Comment


              • #8
                Originally posted by markg85 View Post
                The "researchers" that published LVI... I totally lost all respect for them when i say their announcements. They made a MOVIE TRAILER like video to pre hype it. They made some acted crap to promote it further.

                That is NO research! That is hyping.

                I hope no distributions are going to apply this crap by default (in other terms, force this compile flag in some system wide difficult to discover environment variable). Specially those aimed at desktop or developer users should not apply this crap.
                It might, doubtfully, make some sense in the hosting service world and virtualization...

                Welcome to Security Research in 2020. You can endlessly debate the ethics of hyping research findings, but that ship has sailed. No one is going to listen to you. The problem is many vendors will ignore security problems unless they're widely reported and hyped up. Bad press for damaging security incidents means lost revenue. Secondly, this is as much about building visibility and reputations as it is reporting solid research. Visibility and reputation brings in funding. People don't eat without funding. If you don't like that, well. no one is forcing you to follow along, but don't complain if you passed up $10k from a bug bounty by being the "responsible person".

                Comment


                • #9
                  Originally posted by tildearrow View Post
                  *cries in mitigations=off*
                  Ready to downgrade your microcode? Ready to remove mitigation patches from compilers and to recompile everything with appropriate flags?

                  Comment


                  • #10
                    I suppose if programs are compiled with these mitigations, they will run slow on all processors, regardless if they are known to be vulnerable or not ?

                    Comment

                    Working...
                    X