NVIDIA GeForce 390.65 Driver with Spectre Fix Benchmarked in 21 Games

[lexluthermiester]

design flaw

But this what I'm trying to help you understand. These vulnerabilities are not "design flaws". The term "design flaw" directly implies defect. That is not the case. The CPU's affected by these problems will operate perfectly well and stable and will keep doing so even if the vulnerability is exploited. While the vulnerability takes advantage if a trick of a hardware function, those functions are not in and of themselves defects. Does that makes sense?

 

[W1zzard]

No benchmarks should be taking place until the microcode updates come out from Intel/Motherboard manufacturers. Until then these fixes are minimal.

As mentioned in the text, I've used the updated 1003 BIOS from ASUS https://www.asus.com/News/V5urzYAT6myCC1o2

 

[R0H1T]

But this what I'm trying to help you understand. These vulnerabilities are not "design flaws". The term "design flaw" directly implies defect. That is not the case. The CPU's affected by these problems will operate perfectly well and stable and will keep doing so even if the vulnerability is exploited. While the vulnerability takes advantage if a trick of a hardware function, those functions are not in and of themselves defects. Does that makes sense?

Alright how about unintended consequences? But meltdown is definitely avoidable ~

A *competent* CPU engineer would fix this by making sure speculation
doesn't happen across protection domains. Maybe even a L1 I$ that is
keyed by CPL.

I think somebody inside of Intel needs to really take a long hard look
at their CPU's, and actually admit that they have issues instead of
writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be
written with "not all CPU's are crap" in mind.

Or is Intel basically saying "we are committed to selling you shit
forever and ever, and never fixing anything"?

Because if that's the case, maybe we should start looking towards the
ARM64 people more.

Please talk to management. Because I really see exactly two possibibilities:

- Intel never intends to fix anything

OR

- these workarounds should have a way to disable them.

Which of the two is it?

Linus

 

[lexluthermiester]

From TPU ~
Security Update
Fixed CVE-2017-5753: Computer systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Interesting. That release directly implies NVidia saw the possibility of potential vulnerability. They didn't mention MLTDWN&SPCTR specically, but it seems likely now that such an attack is possible, reagrdless of how complex and unlikely. I concede on that point. Although, this does go to show just how complex these new discoveries really are and how scary the potential is.

 

[R0H1T]

Interesting. That release directly implies NVidia saw the possibility of potential vulnerability. They didn't mention MLTDWN&SPCTR specically, but it seems likely now that such an attack is possible, reagrdless of how complex and unlikely. I concede on that point. Although, this does go to show just how complex these new discoveries really are and how scary the potential is.

That's why I said it's a developing situation. Everything we think is secure may not be, then there's this ~

According to rough estimates in the Harvard study he co-authored, as many as one third of all zero-days used in a given year may have first been discovered by the NSA.

I'd err on the side of caution & assume everything is vulnerable, but every individual can also choose their level of cautiousness or security.

 

[lexluthermiester]

That's why I said it's a developing situation. Everything we think is secure may not be, then there's this ~

That's actually what I was referring to with the "scary" comment. And what seems to be clear is that this is a problem for everyone on all platforms. It may have started with Intel, but they are not directly responsible any more than anyone else.

I'd err on the side of caution & assume everything is vulnerable, but every individual can also choose their level of cautiousness or security.

Agreed. It's going to take time to solve these problems.

BTW, Thank You for the links. Been doing a ton of research on these problems as they will directly affect my work, but those specific points I had not found/gotten to. I don't mind admitting that these developments leave me more than a little alarmed and deeply concerned.
EDIT: I'm also very glad that I keep many personal systems on a closed network that has no internet access.. Perhaps that might be a possible solution elsewhere.

 

[RejZoR]

I still don't see the relevancy of this test even if GPU's are affected because they access kernel memory space. CPU's access their own part of internal memory to predict caching and compute of stuff that goes through the CPU, making it faster. Blocking it from doing that gimps its performance. GPU's never even needed to access that part of memory in such a way the CPU does on itself.

 

[londiste]

When you read up on Meltdown and Spectre, when it comes to mitigation measures Spectre is far worse. Meltdown fix is simple, kernels get KAISER-based patches, there is a performance hit but it will essentially be done. Spectre needs a much more complex approach - firmware/microcode patches plus potentially vulnerable software to take mitigation measures. Compilers have been improved to do some of this automatically but that would still mean recompiling the software. These measures partially overlap with Meltdown things but not only that. If you want an example, see what all major browser vendors did with patches. Things like making timers less accurate

GPUs are not affected. Driver does stuff on CPU that might be vulnerable to Spectre variants so mitigation measures are taken.
Mitigation measures introduce additional delays, that means performance hot for CPU-limited situations. So far, small hits, but still.

From the previous page of the topic:

The gpu driver runs with priveledge, and by recoding key indirect branches, it closes a side band data leak.

 

[TheDeeGee]

This benchmark makes no sense to me.

Someone has a proper graph?

 

[DRDNA]

This benchmark makes no sense to me.

Someone has a proper graph?

Basically the new Nvidia driver with the Security fix DOES NOT AFFECT PERFORMANCE IN A NEGATIVE WAY but did show about a .1% increase in performance.

 

[londiste]

The graph is very bad as far as grasping the results go. But there clearly is an effect to performance. Nothing changes about how GPU does its work, it is all about CPU and what driver is doing on it. You would need to look at situations that are more CPU dependent.
Note where the bigger performance hits occur - Divinity Original Sin 2 at 1080p, Dawn of War 3 at 1080p. These are the more CPU-heavy situations.
Yes, GTA5 at high resolutions does get hit more and more but I would suspect this is specific to that game, perhaps something about how assets or draw calls are distributed as that is a massive open world.

 

[medi01]

Exactly my thoughts. How is gpu driver supposed to fix cpu related problems, especially cpu architecture flaws.

Indeed. Not to mention, last time I've checked meltdown (which is to spectre what nuclear bomb is to a hand grenade) was not fixable, could only be mitigated.

 

[londiste]

Indeed. Not to mention, last time I've checked meltdown (which is to spectre what nuclear bomb is to a hand grenade) was not fixable, could only be mitigated.

This is not addressing Meltdown, it is addressing Spectre. At least primarily.

 

[xorbe]

Interesting. That release directly implies NVidia saw the possibility of potential vulnerability. They didn't mention MLTDWN&SPCTR specically, but it seems likely now that such an attack is possible, reagrdless of how complex and unlikely. I concede on that point. Although, this does go to show just how complex these new discoveries really are and how scary the potential is.

As I precisely stated in post 10 of this very thread ...

 

[lexluthermiester]

As I precisely stated in post 10 of this very thread ...

Alright, admitted I was wrong. No need to rub it in..

 

[lexluthermiester]

This is a thing. Very interesting read.
https://www.techspot.com/news/72691-nvidia-gpus-arent-immune-spectre-security-flaw.html

 

[londiste]

This is a thing. Very interesting read.
https://www.techspot.com/news/72691-nvidia-gpus-arent-immune-spectre-security-flaw.html

Nope, it isn't. Just the usual crappy level of "tech journalism".
GPUs do not speculate.
Driver patches are taking care of the problem that might occur with drivers running stuff on CPU as with any other piece of software.

 

[lexluthermiester]

Nope, it isn't. Just the usual crappy level of "tech journalism".
GPUs do not speculate.
Driver patches are taking care of the problem that might occur with drivers running stuff on CPU as with any other piece of software.

Oh. Ok.