Announcement

Collapse
No announcement yet.

Intel DOWNFALL: New Vulnerability Affecting AVX2/AVX-512 With Big Performance Implications

Collapse
X
Collapse
 
  • Page of 5
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 template Next
  • #1

    Intel DOWNFALL: New Vulnerability Affecting AVX2/AVX-512 With Big Performance Implications

    Phoronix: Intel DOWNFALL: New Vulnerability Affecting AVX2/AVX-512 With Big Performance Implications

    This Patch Tuesday brings a new and potentially painful processor speculative execution vulnerability... Downfall, or as Intel prefers to call it is GDS: Gather Data Sampling. GDS/Downfall affects the gather instruction with AVX2 and AVX-512 enabled processors. At least the latest-generation Intel CPUs are not affected but Tigerlake / Ice Lake back to Sandy Bridge is confirmed to be impacted. There is microcode mitigation available but it will be costly for AVX2/AVX-512 workloads with GATHER instructions in hot code-paths and thus widespread software exposure particularly for HPC and other compute-intensive workloads that have relied on AVX2/AVX-512 for better performance.

    Intel DOWNFALL: New Vulnerability Affecting AVX2/AVX-512 With Big Performance Implications - Phoronix
    https://www.phoronix.com/review/downfall
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
    • Likes 1
  • #2
    Uh, this sounds bad.
    What about AMD? Are they affected?
    • Likes 4

    Comment

    • #3
      Originally posted by spheenik View Post
      Uh, this sounds bad.
      What about AMD? Are they affected?
      AMD is not affected by Downfall. But they did disclose Inception today - https://www.phoronix.com/news/AMD-INCEPTION
      Michael Larabel
      https://www.michaellarabel.com/
      • Likes 13

      Comment

      • #4
        Excited to see the benchmarks. It's concerning that Intel and the researcher appear to have such opposing viewpoints on the severity. I hope the performance implications aren't as bad as suspected.
        • Likes 4

        Comment

        • #5
          Just sounds like a security researcher trying to make a name for himself by exaggerating the risk to me. I'll need a lot of independent review and analysis of the difficulty of an exploit before I'd be willing to install that microcode patch.

          Also, "DOWNFALL"? Is this security research, or someone who's been spending too much time writing James Bond fan fiction?
          Last edited by andyprough; 08 August 2023, 01:17 PM.
          • Likes 8

          Comment

          • #6
            "mitigations=off" is the obvious answer here for any non-security-critical user, as you won't get 100% security anyway, you just might as well enjoy the performance that you paid for.

            [Edit:] According to Intel's CPU overview, my Haswell-EP is not affected. As the article mentioned Sandy Bridge+, that should be corrected accordingly.
            Last edited by ms178; 08 August 2023, 01:35 PM.
            • Likes 10

            Comment

            • #7
              That page states the microcode update was released in march

              Comment

              • #8
                Originally posted by ms178 View Post
                [Edit:] According to Intel's CPU overview, my Haswell-EP is not affected. As the article mentioned Sandy Bridge+, that should be corrected accordingly.
                Yeah was a typo, meant Sky rather than Sandy, that correction has been made.
                Michael Larabel
                https://www.michaellarabel.com/
                • Likes 6

                Comment

                • #9
                  Originally posted by Jorgp2 View Post
                  That page states the microcode update was released in march
                  Which page? I haven't seen that and Intel indicated not available yet (pre-briefing)... And on an Ice Lake server with June microcode when using today's Linux Git kernel:

                  $ cat /sys/devices/system/cpu/vulnerabilities/gather_data_sampling
                  Vulnerable: No microcode

                  Michael Larabel
                  https://www.michaellarabel.com/
                  • Likes 1

                  Comment

                  • #10
                    It is interesting that Intel provided an extensive document on how to mitigate this bug:
                    Access Denied
                    https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html


                    Most of the content is to reduce the potential performance loss of certain workloads. It seems like the performance penalty could be very huge. That Intel in encouraging its customers to change their sourcecode
                    • Likes 5

                    Comment

                    Previous 1 2 3 4 5 template Next
                    Working...
                    X