A Look At The CPU Security Mitigation Costs Three Years After Spectre/Meltdown

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • phoronix
    Administrator
    • Jan 2007
    • 67391

    A Look At The CPU Security Mitigation Costs Three Years After Spectre/Meltdown

    Phoronix: A Look At The CPU Security Mitigation Costs Three Years After Spectre/Meltdown

    With this week marking three years since Spectre and Meltdown were made public in ushering in a wave of CPU security disclosures that followed and mitigations that often resulted in measurable performance hits, here is a look at how the performance costs stand today with various new and older Intel CPUs as well as AMD processors too. This article is looking at the current performance costs under Linux with the default mitigations and then the run-time disabling of the relevant mitigations for each of the processors under test while using an up-to-date Ubuntu 20.10 paired with the new Linux 5.10 LTS kernel.

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
  • tuxd3v
    Senior Member
    • Nov 2014
    • 1731

    #2
    AES encryption, and context switch, ho my god >= 50% performance penalty!!

    Comment

    • uxmkt
      Senior Member
      • Dec 2018
      • 319

      #3
      Originally posted by tuxd3v View Post
      AES encryption, and context switch, ho my god >= 50% performance penalty!!
      With the number of cores per CPU growing ever since, there is less and less need to even switch between programs. (There is still the user<->kernel transition on each syscall, depending on one's interpretation of "context switch". However, I seem to remember TSS change/TLB flush was the expensive part, so program switch it is.)

      Comment

      • bobbie424242
        Phoronix Member
        • Jan 2019
        • 95

        #4
        If you trust your distro and software, mitigations=off FTW !

        Comment

        • aufkrawall
          Senior Member
          • Feb 2017
          • 1600

          #5
          It is absurd how much the default mitigations cost vs. those on Windows, even on Zen CPUs.

          Comment

          • juxuanu
            Phoronix Member
            • Nov 2020
            • 114

            #6
            As far as I know, there have been no reports of any personal computer being exploited by a malicious software taking advantadge of these vulnerabilities, ever. Does anyone know of any?
            I have all my computers with mitigations=off since I only install from repos or trusted sources.

            Comment

            • kruger
              Phoronix Member
              • Jul 2013
              • 52

              #7
              Originally posted by bobbie424242 View Post
              If you trust your distro and software, mitigations=off FTW !
              Originally posted by juxuanu View Post
              As far as I know, there have been no reports of any personal computer being exploited by a malicious software taking advantadge of these vulnerabilities, ever. Does anyone know of any?
              I have all my computers with mitigations=off since I only install from repos or trusted sources.
              Don't you guys browse the internet? Because it was proven to be exploitable from JavaScript AFAIK,

              Comment

              • MadCatX
                Senior Member
                • Aug 2013
                • 396

                #8
                What's up with 5950X? It seems to be affected more than the older AMD chips. The AMD chips overall suffer a bit more than I expected.

                Originally posted by juxuanu View Post
                As far as I know, there have been no reports of any personal computer being exploited by a malicious software taking advantadge of these vulnerabilities, ever. Does anyone know of any?
                It's kind of hard to exploit a vulnerability that is patched on most systems, hence there is probably not much interest in doing so.

                Comment

                • Michael
                  Phoronix
                  • Jun 2006
                  • 14310

                  #9
                  Originally posted by MadCatX View Post
                  What's up with 5950X? It seems to be affected more than the older AMD chips. The AMD chips overall suffer a bit more than I expected.
                  STIBP difference as already noted - https://www.phoronix.com/scan.php?pa...-spectre&num=1
                  Michael Larabel
                  https://www.michaellarabel.com/

                  Comment

                  • stormcrow
                    Senior Member
                    • Jul 2017
                    • 1520

                    #10
                    Originally posted by kruger View Post

                    Don't you guys browse the internet? Because it was proven to be exploitable from JavaScript AFAIK,
                    True. It depends on the version of Spectre. There's POC to exploit certain versions of Spectre via web browsers. No one would ever know if it's being successfully used because Spectre exploitation is by nature untraceable on the target computer.

                    Unless you want to verify line by line every single website you access for the life of your vulnerable computer, don't turn mitigations off. Only turn mitigations off if there is no possible way anyone could gain access to the computer from outside. Using a computer for web browsing is for all practical purposes letting someone else run unverified code on the local computer. It's foolish and unrealistic to believe otherwise.

                    Comment

                    Working...
                    X