• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Intel Processors Hit with LVI Security Vulnerabilities, Mitigation Hits Performance Hard

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,240 (7.55/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
You are absolutely correct! Without this the same easy exploits could be achievable to black hats, who now have much harder time than before due to having to beat a bunch a researchers to the party.
I concede to that argument. But those black hats now have a steady stream of ideas with which to build malware and target unpatched machines. We have a steady stream of patches that cost performance.
 
Last edited:
Joined
Jul 7, 2014
Messages
97 (0.03/day)
Processor Ryzen 5600X
Motherboard MSI B450i
Cooling CM MasterLiquid Lite 120
Memory 16GB Crucial Ballistix
Video Card(s) EVGA 3060 Ti
Storage Kingston A2000 NVMe
Display(s) ViewSonic VX2758A-2K-PRO
Case SilverStone SG13
Audio Device(s) O2+ODAC
Power Supply Corsair RMx 550W
Mouse Mionix Castor
Keyboard Keychron K7
Software W10 Pro
No the cannot be disabled already for a year+. Those are baked permanently in the kernel.

That's not really true. You can just boot with mitigations=off switch as per kernel-parameters

also, please refrain from the ”security through obscurity” -fallacy. https://www.isaca.org/resources/isa...cies-of-security-by-obscurity-full-disclosure
Nice advertisement. Hint: see who wrote the "article", what is his affiliation, and who publishes the "journal".
 
Joined
Oct 15, 2019
Messages
585 (0.31/day)
i concede to that argument. But those black hats now have a steady stream of ideas with which to build malware and target unpatched machines.
There are a lot easier attack vectors that can be utilized for unpatched systems. For example the openSSL vuneralbilities from a year ago. Do you think that should have been left unpatched as well?
 
Joined
Nov 18, 2010
Messages
7,534 (1.47/day)
Location
Rīga, Latvia
System Name HELLSTAR
Processor AMD RYZEN 9 5950X
Motherboard ASUS Strix X570-E
Cooling 2x 360 + 280 rads. 3x Gentle Typhoons, 3x Phanteks T30, 2x TT T140 . EK-Quantum Momentum Monoblock.
Memory 4x8GB G.SKILL Trident Z RGB F4-4133C19D-16GTZR 14-16-12-30-44
Video Card(s) Sapphire Pulse RX 7900XTX. Water block. Crossflashed.
Storage Optane 900P[Fedora] + WD BLACK SN850X 4TB + 750 EVO 500GB + 1TB 980PRO+SN560 1TB(W11)
Display(s) Philips PHL BDM3270 + Acer XV242Y
Case Lian Li O11 Dynamic EVO
Audio Device(s) SMSL RAW-MDA1 DAC
Power Supply Fractal Design Newton R3 1000W
Mouse Razer Basilisk
Keyboard Razer BlackWidow V3 - Yellow Switch
Software FEDORA 41
That's not really true.

Few CVE's are hard baked without options to switch off. That kernel.org documentation conflicts with Microsoft published info. Who's telling the truth then?

1583922635526.png
 
Joined
Jan 8, 2017
Messages
9,436 (3.28/day)
System Name Good enough
Processor AMD Ryzen R9 7900 - Alphacool Eisblock XPX Aurora Edge
Motherboard ASRock B650 Pro RS
Cooling 2x 360mm NexXxoS ST30 X-Flow, 1x 360mm NexXxoS ST30, 1x 240mm NexXxoS ST30
Memory 32GB - FURY Beast RGB 5600 Mhz
Video Card(s) Sapphire RX 7900 XT - Alphacool Eisblock Aurora
Storage 1x Kingston KC3000 1TB 1x Kingston A2000 1TB, 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s) LG UltraGear 32GN650-B + 4K Samsung TV
Case Phanteks NV7
Power Supply GPS-750C
There is something bewildering about the way these things are made public :


The hell is this supposed to be ?

AMD is safer only because its market footprint is too small in the datacenter space

No, AMD is safer, that's the end of it.
 
Last edited:

Ned Flanders

New Member
Joined
Dec 4, 2019
Messages
3 (0.00/day)
AMD is safer only because its market footprint is too small in the datacenter space, most of these side-channel attacks affect datacenters, and you can't hack AMD processors for rich bounties (it's similar to the "Macs don't get viruses" fallacy of the 1990s and 2000s).

@btarunr
Whats your opinion on the fact that Meltdown doesn't work on AMD CPUs because the AMD µarch does not (and apparently never did) allow speculative execution across privilege domains (Userspace - Kernelspace). This doesn't sound to me as a question of market share. If AMD was at 80% marketshare, they would still not allow speculative execution across privilege domains while Intels µarch does.
 
Last edited:
Joined
Jun 3, 2010
Messages
2,540 (0.48/day)
At this point I think the only way Intel can fight these vulnerability discoveries is by killing the bug bounty program, or significantly reducing the bounty. The program has clearly sprung up a cottage industry of security researchers (uni professors and their college grad minions) bruteforcing Intel processors for vulnerabilities that they can write papers on (earn citations), report back to Intel, and claim the cash bounties. The BBP has become a fountainhead of headache for CTOs and CIOs.

AMD is safer only because its market footprint is too small in the datacenter space, most of these side-channel attacks affect datacenters, and you can't hack AMD processors for rich bounties (it's similar to the "Macs don't get viruses" fallacy of the 1990s and 2000s).
Respected editors, can we please get past this AMD bulverism?
AMD is safe because 'meltdown' does not work on the AMD platform. This is not a personal opinion. It just doesn't. I encourage you to find this observation and report as necessary.
Don't skew the argument.
If you read the impact of this, they say somewhere Intel will have to serialize accesses to its ports, effectively turning off speculative execution in some cases.

I cannot even believe this was posted a moment back:
LVI necessitates compiler patches to insert explicit lfence speculation barriers which serialize the processor pipeline after potentially every vulnerable load instruction.
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
13,171 (2.81/day)
Location
Concord, NH, USA
System Name Apollo
Processor Intel Core i9 9880H
Motherboard Some proprietary Apple thing.
Memory 64GB DDR4-2667
Video Card(s) AMD Radeon Pro 5600M, 8GB HBM2
Storage 1TB Apple NVMe, 4TB External
Display(s) Laptop @ 3072x1920 + 2x LG 5k Ultrafine TB3 displays
Case MacBook Pro (16", 2019)
Audio Device(s) AirPods Pro, Sennheiser HD 380s w/ FIIO Alpen 2, or Logitech 2.1 Speakers
Power Supply 96w Power Adapter
Mouse Logitech MX Master 3
Keyboard Logitech G915, GL Clicky
Software MacOS 12.1
How many real exploits (not PoCs,) actually exist that use these vulnerabilities though?

The reality is that a lot of these exploits (not all of them,) are so hard to use that their usefulness is almost non-existent. Spectre is a great example of a vulnerability that is susceptible to academic papers, but not real users. Making a PoC that can sometimes leak tiny amounts of data under the right conditions doesn't amount to a usable vector for attack, particularly if how you exploit it requires you to give away that you're trying to break the system (like putting it under full load.)
 
Joined
Aug 2, 2012
Messages
1,986 (0.44/day)
Location
Netherlands
System Name TheDeeGee's PC
Processor Intel Core i7-11700
Motherboard ASRock Z590 Steel Legend
Cooling Noctua NH-D15S
Memory Crucial Ballistix 3200/C16 32GB
Video Card(s) Nvidia RTX 4070 Ti 12GB
Storage Crucial P5 Plus 2TB / Crucial P3 Plus 2TB / Crucial P3 Plus 4TB
Display(s) EIZO CX240
Case Lian-Li O11 Dynamic Evo XL / Noctua NF-A12x25 fans
Audio Device(s) Creative Sound Blaster ZXR / AKG K601 Headphones
Power Supply Seasonic PRIME Fanless TX-700
Mouse Logitech G500S
Keyboard Keychron Q6
Software Windows 10 Pro 64-Bit
Benchmark Scores None, as long as my games runs smooth.
More performance reductions.

My 4770K... i mean Pentium 3 by now is ready!
 
Joined
Nov 18, 2010
Messages
7,534 (1.47/day)
Location
Rīga, Latvia
System Name HELLSTAR
Processor AMD RYZEN 9 5950X
Motherboard ASUS Strix X570-E
Cooling 2x 360 + 280 rads. 3x Gentle Typhoons, 3x Phanteks T30, 2x TT T140 . EK-Quantum Momentum Monoblock.
Memory 4x8GB G.SKILL Trident Z RGB F4-4133C19D-16GTZR 14-16-12-30-44
Video Card(s) Sapphire Pulse RX 7900XTX. Water block. Crossflashed.
Storage Optane 900P[Fedora] + WD BLACK SN850X 4TB + 750 EVO 500GB + 1TB 980PRO+SN560 1TB(W11)
Display(s) Philips PHL BDM3270 + Acer XV242Y
Case Lian Li O11 Dynamic EVO
Audio Device(s) SMSL RAW-MDA1 DAC
Power Supply Fractal Design Newton R3 1000W
Mouse Razer Basilisk
Keyboard Razer BlackWidow V3 - Yellow Switch
Software FEDORA 41

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
42,195 (6.64/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
Give credit to @biffzinker for posting this news yesterday.
 
Joined
Oct 5, 2017
Messages
595 (0.23/day)
I concede to that argument. But those black hats now have a steady stream of ideas with which to build malware and target unpatched machines. We have a steady stream of patches that cost performance.
Attempting to hide security vulnerabilities both downplays the severity of the problem, and also encourages businesses people rely on to safeguard their data, to also ignore the extent of the issue as the public will not hold them sufficiently accountable.

Think of it this way: Which would you rather have? A world where facebook gets hacked, they say it was an "unexpected and little known vulnerability" and everyone believes them because only Project 0 and Krebsonsecurity ever posted about it?

Or a world where facebook gets hacked, everyone knows the name of the exploit and facebook has to cough up a good reason they weren't secured against it from the day the vulnerability was made public because it was on Techradar, Gizmodo and TPU?

also -

it puts multi-tenant machines, such as physical servers handling multiple tenants via virtual servers.
Presumably you accidentally missed out the words "at risk" ?
 
Joined
Dec 28, 2012
Messages
3,880 (0.89/day)
System Name Skunkworks 3.0
Processor 5800x3d
Motherboard x570 unify
Cooling Noctua NH-U12A
Memory 32GB 3600 mhz
Video Card(s) asrock 6800xt challenger D
Storage Sabarent rocket 4.0 2TB, MX 500 2TB
Display(s) Asus 1440p144 27"
Case Old arse cooler master 932
Power Supply Corsair 1200w platinum
Mouse *squeak*
Keyboard Some old office thing
Software Manjaro
I concede to that argument. But those black hats now have a steady stream of ideas with which to build malware and target unpatched machines. We have a steady stream of patches that cost performance.
Are you really arguing that these exploits being made public knowledge is giving black hats more info then they already have?

Dude, how many times you going to stick your tongue on the stove before you figure out the stove is hot? Quit with these side arguments that security through obscurity is a good thing. Windows exploits are constantly made public knowledge, and as a result is harder to get into then the likes of MacOs that hid their exploits for years and as a result are leakier then a rusty sieve.

Despite all those patches "costing" performance, intel is still on top for gaming performance, and AMD already humiliated them in everything else. Your average end user doesnt notice significant differences from these patches.

Name a ransomware that leverages a CPU-level vulnerability. Bonus points for one that leverages a side-channel attack vector.
You cant, because they were patched by intel thanks to their bounty program making them aware of issues.

just one swing and a miss after another today eh?
 
Joined
Apr 12, 2013
Messages
7,531 (1.77/day)
Think of it this way: Which would you rather have? A world where facebook gets hacked, they say it was an "unexpected and little known vulnerability" and everyone believes them because only Project 0 and Krebsonsecurity ever posted about it?

Or a world where facebook gets hacked, everyone knows the name of the exploit and facebook has to cough up a good reason they weren't secured against it from the day the vulnerability was made public because it was on Techradar, Gizmodo and TPU?
I'd rather FB die the way of the Dodo or Myspace if we're being generous :nutkick:
 
Joined
Oct 5, 2017
Messages
595 (0.23/day)
I'd rather FB die the way of the Dodo or Myspace if we're being generous :nutkick:
Yeah but we're talking about things that might actually happen in the short-medium term. Facebook isn't going anywhere for at least a while.
 
Joined
Feb 23, 2019
Messages
6,068 (2.88/day)
Location
Poland
Processor Ryzen 7 5800X3D
Motherboard Gigabyte X570 Aorus Elite
Cooling Thermalright Phantom Spirit 120 SE
Memory 2x16 GB Crucial Ballistix 3600 CL16 Rev E @ 3800 CL16
Video Card(s) RTX3080 Ti FE
Storage SX8200 Pro 1 TB, Plextor M6Pro 256 GB, WD Blue 2TB
Display(s) LG 34GN850P-B
Case SilverStone Primera PM01 RGB
Audio Device(s) SoundBlaster G6 | Fidelio X2 | Sennheiser 6XX
Power Supply SeaSonic Focus Plus Gold 750W
Mouse Endgame Gear XM1R
Keyboard Wooting Two HE
Joined
Mar 18, 2015
Messages
2,963 (0.84/day)
Location
Long Island
I have seen dozens of announced vulnerabilities for both AMD and Intel CPUs ... what I have never seen is a doumented instance of any of these vulnerabilities ever being exploited. So all that's really of note here is fanboi bickering which has as much valididity as "ntel is still on top for gaming performance, and AMD already humiliated them in everything else ". The definition used for "everything else" is specious.

A PC is a tool ... a tool can only be judged at how well it does it's job, so let's define it's job.

a) Did you build a PC to run benchmarks and get your name on leader boards ?
b) Did you build a PC based upon performance in things that you might do one o do few times a year ?
c) Did you build a PC to play games and run applications on a frequent bias.
d) Did you build your PC to run apps you will never use

Practical people build the boxes based upon c) and c) only ... fanbois squawk about a) and b). Let's look aty TPUs test results. Three is no "Best CPU" .. only the best CPU for a specific set of applications. Looking at 3900X vs 9900KF


1. Cinebench - a) category ... we have yet to be asked to do a build which maximizes Cinebench performance or had a client who uses it to make a living, it's the medical equivalent of a scalpel in a Chiropractice office. We do have lots of folks who use CAD, adding all the PCs in all the offices we've been in, there's prhaps 1 rendering box for every 200 CAD boxes and AutoCAD at $5,000 per seat ($2,00 per year) is not exactly on a any significant % of PCs.

Gotta give an easy win to AMD here, but a 0.50 on market significance.

2. Game / Software Development - d) category ... again an easy win here for AMD; Again, not a lot of market significance, as above, teeny user base.

3. Web Related - c) Category ... performance is split between red and green camps but with differences of /10th of a second, who cares ? Uses can not react quick enough to take advantage of it.

4. Machine Learning \/ Physics / Brain Simulation - d) category. The size of the market here is completely insignificant, and if the % of users here who run this stuff ia mor than 0.2% Id be shocked... Another win for AMD, but not one that will matter to 99+% of the forum audience.

5. Office Suites - Finally a category c) item ... stuff most folks will use frequently enough to matter in a CPU choice. We get a 4% win for Intel in Word, a 1% win for Intel in Powerpoint and a 1% win for AMD in Excel ... the win goes to Intel but the margin is so small as to render in insignificant as "user lag" will make it unnoticable.

6, Image and Video Editing - Another category c) items and here finally one that matters. A 10% advantage to Intel here in Image Editing and a 4.5% advantage in Video Editing. While not a bit thing market share wise, it's over 100 times more significant tham machine learning, brain simulation, software development, etc. 1st significant win for either side here. Google OCR is in the test and it's significant one ... we might use it 3-4 times a year so we use Adobe OCR to do thatas do most of our clients.

7. Virtualization - As we're speaking to desktops not Server functions I'd skip this. Suffice to say Intel gets the win on VM Ware ... AMD gets significant wins in MySQL and jav ... a Bog reason to go AMD ,..if you use them. No relevance if you don't.

8, File Compression / Encryption - A category b) items for most. less and less as time goes by. Big Win for AMD on the compression / Bit win for Intel on encryption ... Who cares ? Not many

9, Media and Sound recording - Would be at thing for youtubers, musicans and similar sorts and similar sorts, AMD dominates the media / Intel dominates the sound... if those are your thang, pay attention ...if not like most, ignore.

10. No one argues the gaming so not worth mentioning.

In short, there is no best CPU... there's only best for you do on your PC. If office suites, gaming, Adobe products or AutoCAD are your thing, Intel is the onbviois choice. If doing brain simulation, encoding, rendering, virtualization is your thing, AMD is the obvious choice.... just look at what YOU do and decide accordingly. As to the invulberabilitoes... call me when ya ready to publish "Patient O's" story. As of yet , I have not seen any instance of theese invulnerabilities being exploited. Until that happens, I'm not paying attention.
 
Joined
Mar 20, 2008
Messages
898 (0.15/day)
System Name Raptor
Processor Core i7 13700K
Motherboard MSI Z690 Tomahawk WiFi
Cooling ArcticFreezer 420
Memory Corsair VENGEANCE® 32GB (2x16GB) DDR5 5600MHz C36
Video Card(s) Palit GameRock 3080Ti OC
Storage M.2 Addlink S70 Lite , Samsung SSD 980 PRO 2TB, SanDisk Ultra II 480GB, 1TB seagate
Display(s) ASUS TUF VG27AQL1A
Case LANCOOL III
Audio Device(s) Realtek® ALC4080 Codec + Philips SHP9500
Power Supply Seasonic GX-1000
Mouse G502 Proteus Spectrum
Keyboard ASUS CERBERUS
Software Windows 10
I'll be happy if there is a way to avoid fixing these Vulnerabilities , I can't afford losing anymore performance even if it's a fraction .
 
Joined
Nov 13, 2007
Messages
10,763 (1.73/day)
Location
Austin Texas
System Name stress-less
Processor 9800X3D @ 5.42GHZ
Motherboard MSI PRO B650M-A Wifi
Cooling Thermalright Phantom Spirit EVO
Memory 64GB DDR5 6000 CL30-36-36-76
Video Card(s) RTX 4090 FE
Storage 2TB WD SN850, 4TB WD SN850X
Display(s) Alienware 32" 4k 240hz OLED
Case Jonsbo Z20
Audio Device(s) Yes
Power Supply Corsair SF750
Mouse DeathadderV2 X Hyperspeed
Keyboard 65% HE Keyboard
Software Windows 11
Benchmark Scores They're pretty good, nothing crazy.
Also they're not going to ramrod a security patch that drops your performance by 30% -- at that point it will be a toggle or a Windows defender app monitor feature. Just like for phishing sites or malware. It will come down to users having more control. You can easily make sure that only the code you want is running; and let the users let applications in one by one, in addition to a scan of known malware.
 
Joined
May 9, 2012
Messages
8,525 (1.86/day)
Location
Ovronnaz, Wallis, Switzerland
System Name main/SFFHTPCARGH!(tm)/Xiaomi Mi TV Stick/Samsung Galaxy S23/Ally
Processor Ryzen 7 5800X3D/i7-3770/S905X/Snapdragon 8 Gen 2/Ryzen Z1 Extreme
Motherboard MSI MAG B550 Tomahawk/HP SFF Q77 Express/uh?/uh?/Asus
Cooling Enermax ETS-T50 Axe aRGB /basic HP HSF /errr.../oh! liqui..wait, no:sizable vapor chamber/a nice one
Memory 64gb DDR4 3600/8gb DDR3 1600/2gbLPDDR3/8gbLPDDR5x/16gb(10 sys)LPDDR5 6400
Video Card(s) Hellhound Spectral White RX 7900 XTX 24gb/GT 730/Mali 450MP5/Adreno 740/Radeon 780M 6gb LPDDR5
Storage 250gb870EVO/500gb860EVO/2tbSandisk/NVMe2tb+1tb/4tbextreme V2/1TB Arion/500gb/8gb/256gb/4tb SN850X
Display(s) X58222 32" 2880x1620/32"FHDTV/273E3LHSB 27" 1920x1080/6.67"/AMOLED 2X panel FHD+120hz/7" FHD 120hz
Case Cougar Panzer Max/Elite 8300 SFF/None/back/back-front Gorilla Glass Victus 2+ UAG Monarch Carbon
Audio Device(s) Logi Z333/SB Audigy RX/HDMI/HDMI/Dolby Atmos/KZ x HBB PR2/Moondrop Chu II + TRN BT20S
Power Supply Chieftec Proton BDF-1000C /HP 240w/12v 1.5A/4Smart Voltplug PD 30W/Asus USB-C 65W
Mouse Speedlink Sovos Vertical-Asus ROG Spatha-Logi Ergo M575/Xiaomi XMRM-006/touch/touch
Keyboard Endorfy Thock 75% <3/none/touch/virtual
VR HMD Medion Erazer
Software Win10 64/Win8.1 64/Android TV 8.1/Android 13/Win11 64
Benchmark Scores bench...mark? i do leave mark on bench sometime, to remember which one is the most comfortable. :o
why every time i read ... "Mitigation Hits Performance Hard" i think .... "awwww the improvements Intel implemented to make their CPU's faster turn out to be vulnerabilities, shucks ... who knew ..."
well, can also take it like that, if the CPU was faster with all the vulnerabilities ..: "Intel did take shortcuts in their design to make their CPU faster"
was it on purpose or not ... was it truly vulnerabilities they had no clue about it until some "bug-hunter" found them?

alright, alright, i know AMD has vulnerabilities too (well what... 2? oh ... ) but i think even with mitigations, their performance will keep close to their actual level without them (if they need one ofc)
 
Joined
Feb 3, 2017
Messages
3,755 (1.32/day)
Processor Ryzen 7800X3D
Motherboard ROG STRIX B650E-F GAMING WIFI
Memory 2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s) INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage 2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s) 42" LG C2 OLED, 27" ASUS PG279Q
Case Thermaltake Core P5
Power Supply Fractal Design Ion+ Platinum 760W
Mouse Corsair Dark Core RGB Pro SE
Keyboard Corsair K100 RGB
VR HMD HTC Vive Cosmos
why every time i read ... "Mitigation Hits Performance Hard" i think .... "awwww the improvements Intel implemented to make their CPU's faster turn out to be vulnerabilities, shucks ... who knew ..."
well, can also take it like that, if the CPU was faster with all the vulnerabilities ..: "Intel did take shortcuts in their design to make their CPU faster"
Nope. This idea has been making rounds again and it is simply wrong. These vulnerabilities did not help Intel CPU to be faster. These were not shortcuts but an oversight at some level.

Mitigations are software workarounds to hardware problem and this makes them really hard on performance. If you look at the performance of Intel's newer revisions of CPUs with issues fixed, the vulnerabilities (at least the known vectors) cannot be exploited any more, software mitigations are not applied and the performance is the same as before.

Edit:
OK, performance is not quite the same as before because Spectre did make some software changes necessary. However, this 3-4% performance hit (based on Phoronix' testing) is universal across all CPUs.

Also they're not going to ramrod a security patch that drops your performance by 30%
They are not. Intel will deploy mitigations for SGX but consider risk of exploiting the vulnerability in other places small enough to not apply general mitigation. There will be some coordination with OS development to minimize the possibility of OS-level gadgets this type of attack could use. Researchers did seem to agree this was reasonable.
 
Last edited:
Joined
Sep 15, 2007
Messages
3,946 (0.63/day)
Location
Police/Nanny State of America
Processor OCed 5800X3D
Motherboard Asucks C6H
Cooling Air
Memory 32GB
Video Card(s) OCed 6800XT
Storage NVMees
Display(s) 32" Dull curved 1440
Case Freebie glass idk
Audio Device(s) Sennheiser
Power Supply Don't even remember
Intel security article: But, but ,AyyyyMDeeeee! Reeeeee!

Take your intel love affair down a few notches. AMD chose to be safe. Intel choice IPC at all costs. Or they're completely incompetent, it's your pick.
 
Top