Intel's Downfall mitigations take a significant toll on CPU performance, early testing...

[Shawn Knight]

In brief: A recently discovered security vulnerability impacting select Intel CPUs released between 2015 and 2019 has been patched thanks to a new software-level microcode update. Unfortunately, early testing has revealed some pretty significant performance penalties introduced by the mitigation effort.

Rob published a comprehensive report on Downfall yesterday. For the sake of brevity, I'll simply direct you to his article should you need to get up to speed on the vulnerability. Intel also has a list of affected processors.

Michael Larabel from Phoronix has put the microcode update to the test using a variety of processors including a pair of Xeon Platinum 8380 chips, a Xeon Gold 6226R, and a Core i7-1165G7 across multiple workloads in Linux.

The dual Xeon Platinum 8380 chips were about six percent slower in OpenVKL 1.3.1 but closer to 34 percent in some OSPRay 2.12 tests. In Neural Magic DeepSparse 1.5, the performance penalty reached nearly 21 percent in one test.

It's more of the same with the Xeon Gold 6226R CPU. In OSPRay 2.12, the performance hit in some instances was more than 32 percent, and in Neural Magic, up to 26 percent in one instance. Only a few tests were run on the Core i7-1165G7, with the performance impact ranging from 11.25 percent on the low end to around 39 percent on the high side.

The good news is that even in the worst case, the overhead wasn't as high as the 50 percent Intel said could be experienced in some instances.

It's worth noting that there is an opt-out mechanism in the microcode that allows users to disable the mitigation should they deem the performance hit too steep or don't believe they operate in an environment where they'd be susceptible to an attack. As Tom's Hardware notes, the complexity of the attack could also play into your decision on whether or not to bypass the mitigation.

Phoronix promised to explore additional workloads but as a one-man show, it's going to take Larabel some more time to get those results online.

Image credit: Ryan, Brecht Corbeel

Permalink to story.

https://www.techspot.com/news/99759-intel-downfall-mitigations-take-toll-cpu-performance-early.html

 

[antiproduct]

Time to go and update all the old Intel benchmarks, just so people know where their possibly current processor falls on the performance charts when compared to the new stuff.

 

[Neatfeatguy]

Maybe Intel builds the processors with some of these "vulnerabilities" on purpose. So when they patch them it slows down the older CPUs....making the new ones look so much better.

Kind of like how Apple used to slow down older phones (or maybe they still do?).

 

[hahahanoobs]

AVX2 and AVX-512 workloads involving the Gather instruction.

 

[VcoreLeone]

Time to go and update all the old Intel benchmarks, just so people know where their possibly current processor falls on the performance charts when compared to the new stuff.

which ones ?

 

[bandit8623]

Maybe Intel builds the processors with some of these "vulnerabilities" on purpose. So when they patch them it slows down the older CPUs....making the new ones look so much better.

Kind of like how Apple used to slow down older phones (or maybe they still do?).

100% what they are doing. they just didnt think amd would catch up in that time period. another reason I will likely be going amd. but will keep an open mind

 

[toooooot]

100% what they are doing. they just didnt think amd would catch up in that time period. another reason I will likely be going amd. but will keep an open mind

I don't think they are doing it on purpose. It is just that knowledge base is too sophisticated and tools to exploit CPUs became amazingly efficient.
I wonder if AI tools working day and night unlike humans would make the process even easier at finding CPU vulnerabilities.

 

[bandit8623]

I don't think they are doing it on purpose. It is just that knowledge base is too sophisticated and tools to exploit CPUs became amazingly efficient.
I wonder if AI tools working day and night unlike humans would make the process even easier at finding CPU vulnerabilities.

well thats interesting that they just knew to change gen 12 and up before the exploit was found? 12 and up dont have the problem. they knew about it before anyone else. cpu engineering is in the works years before released.

 

[HardReset]

well thats interesting that they just knew to change gen 12 and up before the exploit was found? 12 and up dont have the problem. they knew about it before anyone else. cpu engineering is in the works years before released.

They changed architecture and since CPU works different way, also vulnerabilities work in different way. That is very common.

Same applies to AMD. Zenbleed only works on Zen2, Zen and Zen3+ have different architecture.

So no, I don't except this to be intentional. Side channel attacks are quite new thing and neither AMD or Intel has long time experience to protect against them.

 

[VcoreLeone]

They changed architecture and since CPU works different way, also vulnerabilities work in different way. That is very common.

Same applies to AMD. Zenbleed only works on Zen2, Zen and Zen3+ have different architecture.

So no, I don't except this to be intentional. Side channel attacks are quite new thing and neither AMD or Intel has long time experience to protect against them.

the more common the thing becomes, the more people will try to exploit it.
when first vulnerabilities were uncovered, ppl thought zen was immune to attacks, when it just wasn't given enough time to be exploited with its own, unique type of vulnerabilities.

 

[HardReset]

the more common the thing becomes, the more people will try to exploit it.
when first vulnerabilities were uncovered, ppl thought zen was immune to attacks, when it just wasn't given enough time to be exploited with its own, unique type of vulnerabilities.

Exactly. No wonder who thought Zen would be immune. It's just that creating those exploits take time and of course there was no time to develop attacks against Zen immediately after release. Unless some major breakthroughs happen, side channel attacks will harm every future CPU architecture. Most of these attacks rely on speculative execution and that's just too good feature to abandon.

 

[VcoreLeone]

Exactly. No wonder who thought Zen would be immune. It's just that creating those exploits take time and of course there was no time to develop attacks against Zen immediately after release. Unless some major breakthroughs happen, side channel attacks will harm every future CPU architecture. Most of these attacks rely on speculative execution and that's just too good feature to abandon.

changing not refreshing will help keep uarchs unexploited for longer.

 

[HardReset]

changing not refreshing will help keep uarchs unexploited for longer.

Naturally but it's also much slower not to recycle anything from previous architectures.

 

[rmcrys]

Maybe Intel builds the processors with some of these "vulnerabilities" on purpose. So when they patch them it slows down the older CPUs....making the new ones look so much better.

Kind of like how Apple used to slow down older phones (or maybe they still do?).

It is a simple as this:

- each time they try to make shortcuts on how a cpu works in order to be faster, that leaves a hole to vulnerabilities. Sometimes it's not that they reinvent the wheel, they just found a way to accelerate a process, jumping from a A to D, not having to go through B and C, but many of these schemes are way too dangerous

- so many of these at a architectural level to improve speed, then bringing most of them generation over a generation, then you have vulnerabilities on many chips.

So, do they do this on purpose? Well yes:

1) they want and need the performance increase, so this is the easy way

2) some of the holes are known others don't, but the chance that someone finds them is low and as it can't be proven that it was done on purpose, they can't be suited

3) on most cases, a software fix can be done, doing harm to the performance, so... older CPUs will be even slower, so..... people will need to buy new ones of a sudden.

4) if they can do these stuff and get faster chips and, worse case scenario, they will mitigate and even sell more newer chips, it's a win-win situation for them.

Done

 

[Bobbydpue]

The "exploit" requires physical access so it's not really an exploit. With physical access a person has full access to the system anyway.

 

[antiproduct]

which ones ?

I guess maybe just do a whole refresh and have a major CPU benchmark list. I guess that'd probably be too much work, but it'd be interesting to see. I know if I had an older CPU that got this patch creating slowed performance, I'd probably want to see how my CPU stacked up against newer processors so I could judge if I wanted an upgrade sooner rather than later.

 

[VcoreLeone]

I know if I had an older CPU that got this patch creating slowed performance, I'd probably want to see how my CPU stacked up against newer processors so I could judge if I wanted an upgrade sooner rather than later.

some affect new only, but not old.

AMD 'Inception' Vulnerability Affects Zen 3 and 4

AMD is not aware of any Inception exploits outside of security research circles.

www.tomshardware.com

Unfortunately for AMD and its users, Inception affects the latest AMD Ryzen processor families based on Zen 3 and Zen 4 cores — across data center, desktop, HEDT, and mobile.
AMD says that users of products based on the Zen or Zen 2 CPU architectures don't need any patching "because these architectures are already designed to flush branch type predictions from the branch predictor.

and perf hit can be significant, at least on linux.

AMD's Inception Fix Causes Up to 54% Performance Drop

Tests on wide variety of workloads completed on an Epyc / Linux system show up to 54% drop in performance.

www.tomshardware.com