Announcement

Collapse
No announcement yet.

With AMD Zen 4, It's Surprisingly Not Worthwhile Disabling CPU Security Mitigations

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #41
    Just a wild guess:
    AMD talked about using "AI" in their branch predictor in marketing materials mutliple times, since Zen 1.
    This could mean, they are using something like a decision tree internally which is "trained" on some common workloads. This decision tree is translated into a netlist and implemented in hardware via transistors. Decision trees can be implemented pretty efficiently in transistor logic and can be evaluated in parallel, so that would be a good choice.

    Maybe they "trained" the decision tree on common workloads like a windows kernel (which probably has some mitigations comparable to the linux kernel) running selenium..
    So branch prediction works pretty efficiently for chrome/v8 with mitigations enabled, but has a lot of misspredictions for mitigations disabled, as this was not part of the training set of "common workloads".

    Comment


    • #42
      Originally posted by Anux View Post
      Maybe you're looking at it from the wrong angle. If they build in hardware mitigations for unsave code these hardware instructions might run slower. All that is masked by just being faster overall.
      And someone above already mentioned branch prediction.
      Most of these mitigations involve extra steps on top of the regular instructions, so that's why I'm thinking this is weird. It's not like they're different instructions altogether.

      Comment


      • #43
        Originally posted by coder View Post
        How much of what's good about Ubuntu really just due to Debian, upstream?
        That's a good question. You are asking the wrong person though.

        Comment


        • #44
          I was surprised Zen 4 is still weak to Spectre, I'd have expected that to be fixed already.

          Comment


          • #45
            Originally posted by coder View Post
            How much of what's good about Ubuntu really just due to Debian, upstream?
            Today I don't know, but back when Ubuntu came in 2004 it was night and day between Ubuntu and Debian. Or rather what Ubuntu did to Debian back then was to introduce sane defaults and a configuration and mix of applications that made sense for the general public while you on Debian had to do all that manually (at least back then, I have no idea how a Debian desktop out of the box in 2022 is). They also introduced releases in sync with Gnome while with Debian you had to choose between 10 yo packages and bleeding edge.

            Comment


            • #46
              Originally posted by atomsymbol

              Basically, the results mean that there is a mitigations=off performance bug in the Linux kernel.
              Unless it's branch prediction that's causing that behaviour, in which case mitigations=off is the bug because it's become an explicit "trigger mispredictions" switch.

              Them pipelines're pretty deep.

              Comment


              • #47
                Originally posted by geearf View Post
                I was surprised Zen 4 is still weak to Spectre, I'd have expected that to be fixed already.
                It *has* been fixed. That's why we're seeing this behavior.

                Comment


                • #48
                  Originally posted by Developer12 View Post

                  It *has* been fixed. That's why we're seeing this behavior.
                  The article stated that mitigations=off disables SSB, Spectre V1, and Spectre V2 mitigations, why would the kernel apply mitigation if the issue is fixed in hardware?

                  Comment


                  • #49
                    Originally posted by geearf View Post

                    The article stated that mitigations=off disables SSB, Spectre V1, and Spectre V2 mitigations, why would the kernel apply mitigation if the issue is fixed in hardware?
                    Cooperation. The hardware *expects* those mitigations will be applied and is optimized for that case. In this case the kernel taking those actions is helping the hardware do it's job. How else could these issues possibly be fixed? Spectre V1 in particular NEEDS branches to be tagged to avoid speculation, and the only way to do that is with a memory barrier.

                    Comment


                    • #50
                      Originally posted by Developer12 View Post

                      Cooperation. The hardware *expects* those mitigations will be applied and is optimized for that case. In this case the kernel taking those actions is helping the hardware do it's job. How else could these issues possibly be fixed? Spectre V1 in particular NEEDS branches to be tagged to avoid speculation, and the only way to do that is with a memory barrier.
                      Isn't that an optimization in hardware and not a fix then?
                      Does that mean that a proper fix is impossible without disabling speculation?

                      Thank you!

                      Comment

                      Working...
                      X