Announcement

Collapse
No announcement yet.

The "What If" Performance Cost To Kernel Page Table Isolation On AMD CPUs

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The "What If" Performance Cost To Kernel Page Table Isolation On AMD CPUs

    Phoronix: The "What If" Performance Cost To Kernel Page Table Isolation On AMD CPUs

    Made public this week by CPU security researchers at Graz University of Technology and CISPA Helmholtz Center for Information Security was the research paper published "AMD Prefetch Attacks through Power and Time". The paper points to AMD CPUs suffering from a side-channel leakage vulnerability through timing and power variations of the PREFETCH instruction. The paper argues that AMD CPUs should activate stronger page table isolation by default. AMD has now published their security response where they are not recommending any mitigation changes at this time. But what if Kernel Page Table Isolation (KPTI/PTI) proves necessary for AMD CPUs? Here are some initial benchmarks showing what that performance impact could look like.

    https://www.phoronix.com/vr.php?view=30613

  • #2
    I'm still amazed how Intel actually managed for Tiger Lake to have performance improvements with active mitigations, while running with "mitigations=off" really decreased the overall system throughput.

    Hopefully AMD manages to achieve the same on their future CPUs, else going with Alder Lake (if similar in behavior to Tiger Lake) becomes a no-brainer for me personally on my next upgrade.
    I mean, not having to choose between either greater performance or security is definitely a win for the peace of my mind.

    Comment


    • #3
      I wonder if the Linux KPTI implementation supports INVPCID. And if it does, does it enable it for Zen3 in particular (the first Zen to to support it).

      Also, a test with Zen2 would have been nice - there are still quite a lot of those.

      Comment


      • #4
        Michael, great work as always!

        But Puntigamer? That's a big no-no Gösser is much better

        Comment


        • #5
          Is this mostly x86 that has security vulnerabilities and all this never ending exploits, vulnerabilities and side-channel attacks?
          Or does ARM have this too?
          I wonder if the researchers would find as many vulnerabilities in the Apple M1 processor.
          Is it even possible to make a secure CPU that isn't slow?

          Comment


          • #6
            I can recommend the Ottakringer beer. I have had a couple the last time @Vienna airport. Its obviously a beer from Vienna not Graz but very tasty.

            Comment


            • #7
              Originally posted by uid313 View Post
              Is this mostly x86 that has security vulnerabilities and all this never ending exploits, vulnerabilities and side-channel attacks?
              Or does ARM have this too?
              I wonder if the researchers would find as many vulnerabilities in the Apple M1 processor.
              Is it even possible to make a secure CPU that isn't slow?
              These hardware CVEs are rooted from Out Of Order Execution, so as long as the CPU still have this optimisation, there will be bugs like this, regardless of architecture.

              Comment


              • #8
                Originally posted by CochainComplex View Post
                I can recommend the Ottakringer beer. I have had a couple the last time @Vienna airport. Its obviously a beer from Vienna not Graz but very tasty.
                That's also my go-to beer whenever I'm in Vienna. Also it's an independent brewery and not part of Brau Union/Heineken like most Austrian breweries. You've got to support the local ones

                Comment


                • #9
                  The performance isn't that bad actually.
                  I think they should activate it by default.

                  Comment


                  • #10
                    Originally posted by trilean View Post

                    That's also my go-to beer whenever I'm in Vienna. Also it's an independent brewery and not part of Brau Union/Heineken like most Austrian breweries. You've got to support the local ones
                    True!

                    Comment

                    Working...
                    X