Announcement

Collapse
No announcement yet.

The Performance Impact Of Intel's Register File Data Sampling "RFDS" Mitigation

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Performance Impact Of Intel's Register File Data Sampling "RFDS" Mitigation

    Phoronix: The Performance Impact Of Intel's Register File Data Sampling "RFDS" Mitigation

    Earlier this week on Patch Tuesday was the disclosure by Intel of the Register File Data Sampling (RFDS) vulnerability and mitigation via updated CPU microcode and a kernel patch. RFDS is around malicious user-space software potentially being able to infer stale register values from kernel space. Register File Data Sampling affects recent Intel Atom / E-core bearing processors including the latest Raptor Lake Refresh processors. In this article are some initial benchmarks of the RFDS performance impact under Linux when using the Core i9 14900K processor.

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    By itself it's not the end of the world but not insignificant either.
    Unfortunately, it adds up.

    Will be interesting to see the ghostrace mitigation, if they decide to do something about it.

    Comment


    • #3
      Typo: performnace

      When will these vulnerabilities ever end?

      Comment


      • #4
        Originally posted by Mark Rose View Post
        Typo: performance

        When will these vulnerabilities ever end?
        Of course not. In fact, expect to see more. This is just a new way to get people to buy new hardware. By compelling them with scary vulnerabilities that never have real world exploits. Also seems software vendors are starting to apply that logic as well. Isn't it curious, shortly after Broadcom makes dramatic licensing changes, there's all of a sudden a major vulnerability with their hypervisor?

        Comment


        • #5
          i'm just not going to update my microcode. there has been so many i really don't care anymore. never will be protected. not worth the performance lost. my system is just a home system and i'm sure my wifi router has as many or more vulnerabilities anyways.

          Comment


          • #6

            Key quotes:

            Malicious software that is able to execute code locally may be able to infer data values previously held in floating point registers, vector registers, and/or integer registers of the same logical processor.

            [...]

            Similar to other data sampling attacks, RFDS does not directly allow an attacker to select specific data to attack; only the stale data that exists in register files is able to be inferred.

            [...]

            Also note that the processor structure which holds the registers, called a register file, may hold temporary values used within operations (for example, data moved by REP MOVS or the keys used by Key Locker operations or AES-NI) and these values may also be inferred using RFDS.

            [...]

            Although stale values in a specific register file (for example, integer register files or floating point/vector register files) will eventually be overwritten by new instructions, this can require hundreds of operations writing to that register file. Because many software routines use only integer operations and not floating point or vector operations, in practice, stale floating point/vector values may persist in the register file longer than stale integer values.
            So the attacker cannot control exactly what is leaked, but what is leaked can include disk encryption keys, so if you depend on FDE you want the mitigation.

            Intel will release a microcode update which will modify certain operations3 (VERW, RSM, Key Locker operations4, and entering or exiting Intel® SGX enclaves) to overwrite affected stale register values.

            On affected processors, software can execute the VERW instruction before changing security domains.

            [...]

            The VERW instruction may not overwrite integer register file data which is in use by Fast Store Forwarding Predictors. On processors which are affected by RFDS and support such predictors, software may choose to set IA32_SPEC_CTRL.PSFD (bit 7) to disable the use of these predictors.​
            If you install the microcode but use mitigations=off or reg_file_data_sampling=off, there should be no performance impact.​
            Last edited by yump; 15 March 2024, 01:49 PM.

            Comment


            • #7
              Originally posted by pieman View Post
              i'm just not going to update my microcode. there has been so many i really don't care anymore. never will be protected. not worth the performance lost. my system is just a home system and i'm sure my wifi router has as many or more vulnerabilities anyways.
              This is bad practice. Most of the things in microcode updates aren't MDS security mitigations. They are fixes for plain old correctness errata, which can be quite serious. And you can always boot with mitigations=off with any microcode version.

              Comment


              • #8
                Originally posted by yump View Post

                This is bad practice. Most of the things in microcode updates aren't MDS security mitigations. They are fixes for plain old correctness errata, which can be quite serious. And you can always boot with mitigations=off with any microcode version.
                i thought that microcode mitigation can impact performance as well. so using mitigation=off might be useless with newer microcode.

                Comment


                • #9
                  so basically, whenever Intel releases a cpu, substract 30% for all the future mitigations.

                  Comment


                  • #10
                    Will the kernel mitigation hurt performance on AMD CPUs?

                    Comment

                    Working...
                    X