Announcement

Collapse
No announcement yet.

With AMD Zen 4, It's Surprisingly Not Worthwhile Disabling CPU Security Mitigations

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #61
    I think they simply tuned the branch prediction to expect software with mitigations.

    Comment


    • #62
      Originally posted by atomsymbol View Post

      Seems like a set of random words without meaning.

      Please explain:
      • Where exactly is the branch misprediction supposed to be happening?
      • What exactly is supposedly causing the CPU to mispredict the branches?
      • Do you mean Zen4's new feature "Automatic IBRS" or do you mean something else?
      Others have no trouble finding meaning without me going into that fine detail and I'm neither an AMD engineer nor defending a PhD thesis nor getting paid to answer your questions, so these are the answers you get:
      • Download AMD uProf and investigate it yourself.
      • Maybe AMD re-tuned the branch predictor to expect a software mitigation after a certain sequence of instructions.
      • I just mean that maybe AMD re-tuned the branch predictor.

      Comment


      • #63
        Originally posted by atomsymbol View Post

        My reasoning is the following:
        1. The Phoronix article doesn't specify whether the increase is in user-space time or kernel-space time or both
        2. However, based on the chart in the article, it is more probable that the increase is in user-space time and less probable that it is in kernel-space
        Ha! Thanks for confirming the article has a chart!

        Michael, I think there's a bug in the article. I see the chart in Chrome, but not in Firefox on 2 different PCs, whether or not I'm signed into Phoronix Premium. The page is truncated right before that.

        Comment


        • #64
          Originally posted by geearf View Post

          Isn't that an optimization in hardware and not a fix then?
          Does that mean that a proper fix is impossible without disabling speculation?

          Thank you!
          Designers will always look for more hardware optimizations. It's the ONE AND ONLY reason computers have continued to get faster, even as software becomes more bloated.

          Speculation is one of the most powerful hardware optimizations ever invented, allowing parallel processing to improve serial execution speed. It's perfectly fine to speculate on *most* branches, but you need to A) mark the security-critical ones for exclusion and B) flush them on context switch. The hardware NEEDS to be told when those two things are happening.

          Once it *is* being told, then it's perfectly possible to design optimizations that take it into account. For example, being told you are moving from one context to another on the downside forces you to flush old predictions that would have leaked data (resetting predictions to random chance), but on the upside allows you to flush old predictions that would tell you the wrong thing in the new situation.

          Comment


          • #65
            Originally posted by coder View Post
            Ha! Thanks for confirming the article has a chart!

            Michael, I think there's a bug in the article. I see the chart in Chrome, but not in Firefox on 2 different PCs, whether or not I'm signed into Phoronix Premium. The page is truncated right before that.
            I am using Firefox and I see the chart. Do you have content or scripts from openbenchmarking.org blocked? AFACT, the chart is an SVG, hosted on openbenchmarking.org, dynamically inserted into the page by a script, also hosted on openbenchmarking.org.

            Comment


            • #66
              Originally posted by yump View Post

              I am using Firefox and I see the chart. Do you have content or scripts from openbenchmarking.org blocked? AFACT, the chart is an SVG, hosted on openbenchmarking.org, dynamically inserted into the page by a script, also hosted on openbenchmarking.org.
              Works fine for me too. Charts are noticeably larger in Chrome than in Firefox, but otherwise show the same info.

              Comment


              • #67
                Originally posted by yump View Post
                I am using Firefox and I see the chart. Do you have content or scripts from openbenchmarking.org blocked?
                No, pretty much the only sites I block are facebook & twitter, but only on one of the PCs I tried (the other I don't typically use for web browsing). Anyway, it's working for me now!


                Originally posted by yump View Post
                AFACT, the chart is an SVG, hosted on openbenchmarking.org, dynamically inserted into the page by a script, also hosted on openbenchmarking.org.
                I think that's how it usually works. This is the first time I can remember seeing a page get truncated like this.

                Comment


                • #68
                  Originally posted by Developer12 View Post

                  Designers will always look for more hardware optimizations. It's the ONE AND ONLY reason computers have continued to get faster, even as software becomes more bloated.

                  Speculation is one of the most powerful hardware optimizations ever invented, allowing parallel processing to improve serial execution speed. It's perfectly fine to speculate on *most* branches, but you need to A) mark the security-critical ones for exclusion and B) flush them on context switch. The hardware NEEDS to be told when those two things are happening.

                  Once it *is* being told, then it's perfectly possible to design optimizations that take it into account. For example, being told you are moving from one context to another on the downside forces you to flush old predictions that would have leaked data (resetting predictions to random chance), but on the upside allows you to flush old predictions that would tell you the wrong thing in the new situation.
                  Thanks a lot for all this! I appreciate learning more.
                  Since speculation happens in parallel (I assumed it'd be serial) does that mean there's more than 1 speculation done if the hardware is available?

                  Comment


                  • #69
                    Originally posted by geearf View Post

                    Thanks a lot for all this! I appreciate learning more.
                    Since speculation happens in parallel (I assumed it'd be serial) does that mean there's more than 1 speculation done if the hardware is available?
                    Yes, the CPU will keep executing as long the operands is available in registers and the unit for corresponding computation is available (integer and float point are in different units and there are multiple of int/float processing units).

                    Sometimes it would even guess the result of a "if" and execute the corresponding branch.
                    If the guess is wrong, that branch is discarded.

                    And that is meltdown.

                    Even with the branch discarded, some memory region is still accessed and bring into the cache.
                    By measuring the time required to access certain memory region, the hackers can use that to do some fancy thing using that information.

                    I'm not very familiar with the detailed exploit though, so I'm going to stop here.

                    Comment


                    • #70
                      Originally posted by NobodyXu View Post

                      Yes, the CPU will keep executing as long the operands is available in registers and the unit for corresponding computation is available (integer and float point are in different units and there are multiple of int/float processing units).

                      Sometimes it would even guess the result of a "if" and execute the corresponding branch.
                      If the guess is wrong, that branch is discarded.

                      And that is meltdown.

                      Even with the branch discarded, some memory region is still accessed and bring into the cache.
                      By measuring the time required to access certain memory region, the hackers can use that to do some fancy thing using that information.

                      I'm not very familiar with the detailed exploit though, so I'm going to stop here.
                      I see, thank you for the explanation, it makes me want to research this subject more.

                      Comment

                      Working...
                      X