Announcement

Collapse
No announcement yet.

The Desktop CPU Security Mitigation Impact On Ubuntu 20.04

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Desktop CPU Security Mitigation Impact On Ubuntu 20.04

    Phoronix: The Desktop CPU Security Mitigation Impact On Ubuntu 20.04

    With Ubuntu 20.04 due for release next week, here is a look at how the various CPU vulnerability mitigations compare on that latest Linux software stack when comparing the out-of-the-box mitigations for Spectre, Meltdown, and friends, compared to booting with "mitigations=off" for disabling those mitigations. The desktop tests were done with Intel and AMD processors for reference.

    http://www.phoronix.com/vr.php?view=29076

  • #2
    Everyone cried foul about Intel negligence but mitigations take a smaller toll on the Core i9 9900KS CPU (the SkyLake uArch from 2015) than on the Ryzen 7 3700X CPU (the brand new Zen2 uArch from 2019).

    SkyLake with fixes: 97.79%
    Zen2 : 96.46%

    Yes, Intel probably "overoptimized" their CPU architecture and cut some corners in terms of security, but they've managed to fix the past mistakes quite successfully.

    Comment


    • #3
      Originally posted by birdie View Post
      Everyone cried foul about Intel negligence but mitigations take a smaller toll on the Core i9 9900KS CPU (the SkyLake uArch from 2015) than on the Ryzen 7 3700X CPU (the brand new Zen2 uArch from 2019).

      SkyLake with fixes: 97.79%
      Zen2 : 96.46%

      Yes, Intel probably "overoptimized" their CPU architecture and cut some corners in terms of security, but they've managed to fix the past mistakes quite successfully.
      People with 8 series and older definitely agrees with you, don't they?

      Comment


      • #4
        The big question is... which mitigations are paramount for desktop-users, and which can be safely disabled?

        Comment


        • #5
          Browser and development tools related benchmarks could include mobile CPU(s), ie. Ryzen 2?00U and 3?00U, as probably developers using laptops would care about both, security (to protect sensitive data) and performance. Gamers on desktop care (mostly) only about performance, and would turn it off.

          Comment


          • #6
            Honestly, I was expecting them to be much worse and expected to write a WTF post.

            I wonder how much was mitigated via the compilers and how much that's holding everything back? With how close they seemed, I can't help but think that compiler mitigation fixes have to be in play.



            So, yeah, Michael, if you could recompile the entire Ubuntu 20.04 without compiler-level mitigations that's be great.

            Comment


            • #7
              Originally posted by Marco-GG View Post

              People with 8 series and older definitely agrees with you, don't they?
              A typical reply from a brainless AMD fan.
              • Intel, to this day, has never knowingly released CPUs with vulnerabilities only known within the company confines. If they'd done that, it would have been a major PR disaster and even a very expensive class action lawsuit.
              • Let's also mention CPUs from the 90s, or even 80s, or even 70s? And how many bugs they had. Why don't you recall the F00F bug or even the FDIV bug for good measure? Oh, wait, I guess you're too young for that. Have you ever designed a single CPU uArch?
              • Doesn't it concern you that the Meltdown bug was found to affect ARM and IBM CPUs as well?
              • Doesn't it concern you that all OoOE CPUs are affected by the Spectre vulnerabilities?
              Last edited by birdie; 04-13-2020, 08:55 PM.

              Comment


              • #8
                No OpenMP/OpenCL/Parallel/Scientific Workloads ?!

                Comment


                • #9
                  Originally posted by Setif View Post
                  No OpenMP/OpenCL/Parallel/Scientific Workloads ?!
                  In the server benchmarks coming up soon... These tests were mainly focused on traditional desktop use-cases.
                  Michael Larabel
                  http://www.michaellarabel.com/

                  Comment


                  • #10
                    Originally posted by rastersoft View Post
                    The big question is... which mitigations are paramount for desktop-users, and which can be safely disabled?
                    This has been answered a thousand times already. If you only run trusted verified code, you can disable all the mitigations. And a quick reminder: the web browser does run untrusted unverified code all the time. And if you're a Windows user, MS Office macros are an example of such code.

                    Comment

                    Working...
                    X