Announcement

Collapse
No announcement yet.

Disabling Spectre V2 Mitigations Is What Can Impair AMD Ryzen 7000 Series Performance

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by Anux View Post
    Since when does ​Espionage724 represent the whole Linux enthusiast community? Do you even logic or just like to troll?
    The discussions on past articles have had plenty of "we dont need no mitigations" comments and Linus himself rejected the original retbleed patches back in 2018 due to both performance concerns and some belief that academic security vulnerabilities are unimportant. Heck, the very next comment after mine by skeevy420 expressed the very same sentiment, as did others here (Weasel, rclark).

    Pretending that this is not a common view is just disingenuous.

    Comment


    • #32
      Originally posted by ll1025 View Post
      The discussions on past articles have had plenty of "we dont need no mitigations" comments and Linus himself rejected the original retbleed patches back in 2018 due to both performance concerns and some belief that academic security vulnerabilities are unimportant. Heck, the very next comment after mine by skeevy420 expressed the very same sentiment, as did others here (Weasel, rclark).
      Yep theses are some of the names that regularly pop up in rust threads and other security related threads with their specific view on things, I would have never thought the they represent the linux enthusiast community. Did they ever claim to be? Do they even know of each other being the same community? Or are you just putting them in your tiny box to put a label on it and generalize your prejudices?

      Linus is only an individual in the Linux community and he regularly gets critic for what he says.

      Pretending that this is not a common view is just disingenuous.
      Do you know the meaning of common view? Maybe after reading up on it, you get why that's incompatible with listing 4 individuals.

      It would be much better if we discuss about what was said and not about who said it.

      Comment


      • #33
        Originally posted by ll1025 View Post
        Linus himself rejected the original retbleed patches back in 2018
        Retbleed was first announced in 2022, did you mean some other patches? The only ones I can recall having criticism from Linus was the one from Amazon for the snoop vulnerability and that was criticism, he didn't reject it.

        Comment


        • #34
          Originally posted by F.Ultra View Post

          The problem with this theory is that the retpoline or the IBRS is not used when switching between applications, it's used when you make indirect calls. Thousands if not millions of those can and will be done within the same application context/thread.
          Do you know and understand the ways spectre v2 is mitigated? I said *IBPB* which is distinct from both IBRS and retpoline. AMD chips don't even possess IBRS.

          *IBPB* is issued during context switches to prevent past branches from affecting future predictions. That's it's entire purpose. [1]

          In this test IBPB was enabled during the "mitigations enabled" scenario, though selectively applied, and completely disabled during the no-mitigations run.

          [1] This is particularly important on windows, because they can't just recompile the world to use repolines on AMD hardware. People always use old versions of software and issuing IBPB on every context switch protects *all* applications regardless of whether they've been recompiled.

          Comment


          • #35
            Originally posted by Developer12 View Post

            Do you know and understand the ways spectre v2 is mitigated? I said *IBPB* which is distinct from both IBRS and retpoline. AMD chips don't even possess IBRS.

            *IBPB* is issued during context switches to prevent past branches from affecting future predictions. That's it's entire purpose. [1]

            In this test IBPB was enabled during the "mitigations enabled" scenario, though selectively applied, and completely disabled during the no-mitigations run.

            [1] This is particularly important on windows, because they can't just recompile the world to use repolines on AMD hardware. People always use old versions of software and issuing IBPB on every context switch protects *all* applications regardless of whether they've been recompiled.
            Zen 4 have IBRS, it's enabled automatically when you enter ring 0 and disabled once you exit. Spectre V2 can be exploited by another process running on a sibling processor so only doing mitigation when scheduling processes is not enough to mitigate it. Also Michael runs a single process for each benchmark so the number of context switched due to scheduling should be quite low (though he doesn't pin threads to cores so some scheduling does happen within the same process of course).

            IBPB is used to protect from the scheduling issue as you write, but are there enough such cases in benchmarks of single processes at a time to create this type of overhead? Unsure if IBPB can be disabled while keeping the repolines/IBRS but if that is the case then it would be interesting to see a run of that to figure this out, because if AMD doesn't do a real barrier with IBPB then things can get real ugly here and it would be a strange path of them to take.

            edit: I also fail to see how this would benefit them in mitigations=on vs off since this is benchmark runs, aka the entire machine only runs a single application so there would be no benefit from "oh this is a new application so lets do retraining" since it's the same application and also retraining from scratch is what every cpu have to do after IBPB anyway so I still fail to see how this could explain it.
            Last edited by F.Ultra; 05 October 2022, 08:44 PM.

            Comment


            • #36
              Originally posted by F.Ultra View Post

              Retbleed was first announced in 2022, did you mean some other patches? The only ones I can recall having criticism from Linus was the one from Amazon for the snoop vulnerability and that was criticism, he didn't reject it.
              But the mitigation that defeats it-- IBRS-- was recommended by Intel in 2018 to both Microsoft and Linux, and patchsets were proposed. Torvalds rejected them partly because of performance. Microsoft implemented them, which is why Retbleed did not affect Windows (noted by Intel, among others).

              I've provided links elsewhere in this thread, but googling the following should get you some sources:
              • Windows IBRS retbleed
              • Linux IBRS 2018 Torvalds

              Comment


              • #37
                Originally posted by Developer12 View Post

                Do you know and understand the ways spectre v2 is mitigated? I said *IBPB* which is distinct from both IBRS and retpoline. AMD chips don't even possess IBRS.
                Funny, then, that AMD identified IBRS as one of two mitigations against Spectre v2 (CVE-2017-5715) in their technical guidance. (page 5, section 5, paragraph 2), and reference it as a feature supported by their processors (page 2, "Presence").

                Comment


                • #38
                  Originally posted by ll1025 View Post
                  Torvalds rejected them partly because of performance.
                  You said that multiple times but faild to prove it anywhere.

                  I've provided links elsewhere in this thread
                  No you didn't.

                  • Windows IBRS retbleed
                  • Linux IBRS 2018 Torvalds
                  The only thing I found so far is Linus ranting about intel not fixing their CPU's and let the kernel dev's fix intels errors.
                  And I'm totaly with this argument.

                  Comment


                  • #39
                    Oh good grief, talk about lazy.
                    Originally posted by Anux View Post
                    You said that multiple times but faild to prove it anywhere.
                    ...
                    The only thing I found so far is Linus ranting about intel not fixing their CPU's and let the kernel dev's fix intels errors.
                    Intel provided the patchset. Linus rejected it, in part for performance reasons. See the bottom, to quote:

                    But since we already know that the IBRS overhead is <i>huge</i> on
                    existing hardware, all those hardware capability bits are just
                    complete and utter garbage. Nobody sane will use them, since the cost
                    is too damn high.​
                    And yet here we are, adding IBRS to kernel 5.19 via commit 6ad0ad2bf8a6, when Windows added it years ago and was unaffected by retbleed because of it:
                    Originally posted by LITERALLY MICROSOFT
                    Our original mitigations for Spectre variant 2 made use of new capabilities exposed by CPU microcode updates to restrict indirect branch speculation when executing within kernel mode (IBRS and IBPB).​
                    and
                    Originally posted by LITERALLY INTEL
                    Windows operating system uses IBRS by default, so no update is required.
                    EDIT: Also interesting is discussion from others on IBRS, which boils down to whether a "theoretical issue" is worth patching. Linus and others seemed to have settled on no, despite Intel and AWS engineers making it clear that IBRS was still necessary.
                    Last edited by ll1025; 07 October 2022, 12:13 PM.

                    Comment


                    • #40
                      My response with sources is en-route but requires approval because it has all of the sources.

                      I literally got them by googling the above phrases, checking the bleepingcomputer article and its link to the intel advisory, the lkml response by Torvalds, and Microsoft's own write-up on Spectre v2 Mitigations.

                      But since you want me to deliver them, you get to wait until my post is approved.
                      Last edited by ll1025; 07 October 2022, 09:32 AM.

                      Comment

                      Working...
                      X