Benchmarking The Updated Intel CPU Microcode For SRBDS / CrossTalk Mitigation
Written by Michael Larabel in Software on 10 June 2020. Page 1 of 3. 24 Comments

Following yesterday's disclosure of CrossTalk / SRBDS after a nearly two year embargo period for this Special Register Buffer Data Sampling vulnerability, I have been running benchmarks on multiple systems for the past nearly 24 hours. Here are some preliminary data points for both synthetic and real-world workloads on various Intel CPUs before/after mitigating SRBDS with the updated Intel microcode.

With the embargo lift yesterday, Intel published new CPU microcode for affected CPUs from Haswell through Coffeelake/Whiskeylake and Skylake X. Intel has some data that Ivy Bridge is affected too, but there has not been any new Ivybridge microcode mitigations we have seen yet.

Intel Linux developers also published kernel patches in the process of appearing in the various stable kernel branches. These kernel patches simply report the presence of SRBDS mitigation via sysfs as well as offering a "srbds=off" kernel option for those wanting to disable this mitigation even when updating to the latest Intel CPU microcode. Similarly, the existing "mitigations=off" global flag will also now disable SRBDS on affected CPUs.

As outlined in yesterdays' article, the updated CPU microcode is designed to protect the RDRAND / RDSEED / EGETKEY instructions. Mitigating CrossTalk involves locking the entire memory bus before updating the staging buffer and unlocking it after the contents have been cleared. This locking and serialization now involved for those instructions but fortunately most workloads aren't heavy on those instructions overall. The security researchers who discovered this CrossTalk vulnerability did warn that other instructions like RDMSR that issue off-core requests could still be leaked, but at this time Intel isn't protecting those instructions due to the performance penalty. We'll see if in the future Intel determines other instructions need to face similar mitigations for Special Register Buffer Data Sampling.

One of the systems I have been testing with has been a Xeon E3-1275 v6 Kabylake...

And a Xeon E3-1245 v5 Skylake.

Intel has warned server workloads to be more likely impacted than desktops, but I also tested SRBDS mitigations with some desktop workloads too using a Core i5 8400 Coffeelake desktop.

With all the systems, the testing was done with the previous and new microcode images.


Related Articles

Trending Linux News

çeviri malatya oto kiralama parça eşya taşıma şehirler arası nakliyat şehirlerarası evden eve nakliyat istanbul bursa şehirler arası nakliyat malatya oto kiralama istanbul evden eve nakliyat ofis taşıma ofis taşımacılığı evden eve nakliyat evden eve nakliyat büyü aşk büyüsü ayırma büyüsü medyum medyum şikayetleri medyum yorumları büyü aşk büyüsü bağlama büyüsü dua aşk duası aşk büyüsü büyü aşk büyüsü bağlama büyüsü medyum dolunay medyum aşk büyüsü medyum medyum şikayetleri medyum yorumları metal galvanizli sac paslanmaz sac metal hrp sac paslanmaz çelik mekjoy.com seo seo kursu sex shop istanbul sex shop ataşehir sex shop İstanbul evden eve nakliyat eşya depolama eşya depolama viagra fiyatı cialis fiyat b374k shell