Announcement

Collapse
No announcement yet.

A Look At The CPU Security Mitigation Costs Three Years After Spectre/Meltdown

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • A Look At The CPU Security Mitigation Costs Three Years After Spectre/Meltdown

    Phoronix: A Look At The CPU Security Mitigation Costs Three Years After Spectre/Meltdown

    With this week marking three years since Spectre and Meltdown were made public in ushering in a wave of CPU security disclosures that followed and mitigations that often resulted in measurable performance hits, here is a look at how the performance costs stand today with various new and older Intel CPUs as well as AMD processors too. This article is looking at the current performance costs under Linux with the default mitigations and then the run-time disabling of the relevant mitigations for each of the processors under test while using an up-to-date Ubuntu 20.10 paired with the new Linux 5.10 LTS kernel.

    http://www.phoronix.com/vr.php?view=29831

  • #2
    AES encryption, and context switch, ho my god >= 50% performance penalty!!

    Comment


    • #3
      Originally posted by tuxd3v View Post
      AES encryption, and context switch, ho my god >= 50% performance penalty!!
      With the number of cores per CPU growing ever since, there is less and less need to even switch between programs. (There is still the user<->kernel transition on each syscall, depending on one's interpretation of "context switch". However, I seem to remember TSS change/TLB flush was the expensive part, so program switch it is.)

      Comment


      • #4
        If you trust your distro and software, mitigations=off FTW !

        Comment


        • #5
          It is absurd how much the default mitigations cost vs. those on Windows, even on Zen CPUs.

          Comment


          • #6
            As far as I know, there have been no reports of any personal computer being exploited by a malicious software taking advantadge of these vulnerabilities, ever. Does anyone know of any?
            I have all my computers with mitigations=off since I only install from repos or trusted sources.

            Comment


            • #7
              Originally posted by bobbie424242 View Post
              If you trust your distro and software, mitigations=off FTW !
              Originally posted by juxuanu View Post
              As far as I know, there have been no reports of any personal computer being exploited by a malicious software taking advantadge of these vulnerabilities, ever. Does anyone know of any?
              I have all my computers with mitigations=off since I only install from repos or trusted sources.
              Don't you guys browse the internet? Because it was proven to be exploitable from JavaScript AFAIK,

              Comment


              • #8
                What's up with 5950X? It seems to be affected more than the older AMD chips. The AMD chips overall suffer a bit more than I expected.

                Originally posted by juxuanu View Post
                As far as I know, there have been no reports of any personal computer being exploited by a malicious software taking advantadge of these vulnerabilities, ever. Does anyone know of any?
                It's kind of hard to exploit a vulnerability that is patched on most systems, hence there is probably not much interest in doing so.

                Comment


                • #9
                  Originally posted by MadCatX View Post
                  What's up with 5950X? It seems to be affected more than the older AMD chips. The AMD chips overall suffer a bit more than I expected.
                  STIBP difference as already noted - https://www.phoronix.com/scan.php?pa...-spectre&num=1
                  Michael Larabel
                  http://www.michaellarabel.com/

                  Comment


                  • #10
                    Originally posted by kruger View Post

                    Don't you guys browse the internet? Because it was proven to be exploitable from JavaScript AFAIK,
                    True. It depends on the version of Spectre. There's POC to exploit certain versions of Spectre via web browsers. No one would ever know if it's being successfully used because Spectre exploitation is by nature untraceable on the target computer.

                    Unless you want to verify line by line every single website you access for the life of your vulnerable computer, don't turn mitigations off. Only turn mitigations off if there is no possible way anyone could gain access to the computer from outside. Using a computer for web browsing is for all practical purposes letting someone else run unverified code on the local computer. It's foolish and unrealistic to believe otherwise.

                    Comment

                    Working...
                    X