News Intel CPUs see slight performance loss with new security fixes — E-cores and Atom chips not hugely affected by RFDS vulnerability

[Admin]

Linux's mitigation for the RFDS security vulnerability in Atom-based CPU cores will cost users a little bit of performance.

Intel CPUs see slight performance loss with new security fixes — E-cores and Atom chips not hugely affected by RFDS vulnerability : Read more

 

[Alvar "Miles" Udell]

So 0-39% difference in Linux, but what about under Windows? Perhaps TomsHardware could test?

 

[evdjj3j]

So 0-39% difference in Linux, but what about under Windows? Perhaps TomsHardware could test?

Maybe the Tomshardware of 10-15 years ago.

 

[Alvar "Miles" Udell]

Maybe the Tomshardware of 10-15 years ago.

About 2018 when Future PLC bought Purch (Toms, Anandtech, and many others included) TH really started to go downhill. We started to get fewer articles like "Who's Who In Power Supplies: Brands, Labels, And OEMs" and more what are essentially press releases and "as reported by (site)" articles, making TH more like Techradar (same owner) and just a news website instead of a review site.

 

[bit_user]

Intel's mitigation for RFDS includes an operating system-level patch and microcode.

Unlike some mitigations, this one requires both.

An OS patch and a new microcode are necessary to mitigate RFDS. At least through motherboard vendor websites, we haven't seen any BIOS updates mentioning security mitigations for RFDS. However, Linux users got the new microcode through an update to Linux.

Yup. Mainstream Linux distros ship microcode updates as normal installable packages. Unless you disable them, you'll get new microcode patches as part of installing regular updates.

What Phoronix did not test is the impact of restricting work to running on just the E-cores (or P-cores, for that matter). It seems like the mitigation should only affect syscall overhead on the E-cores, having no effect on the P-cores. It sure would be nice to have some confirmation of this, in the form of actual data!

If true, it could mean that the performance impact on E-cores is significantly worse than suggested in the benchmarks we've seen, so far.

 

[bit_user]

So 0-39% difference in Linux,

No, you read too quickly. 39% was the estimated impact of the Downfall mitigation. This is completely different.

 

[The Historical Fidelity]

These security threats just keep coming and coming…

 

[bit_user]

These security threats just keep coming and coming…

A lot of them are hyperthreading/SMT-related, but here's a good example of one that's not!

 

[RichardtST]

I don't want any of these "fixes" that affect performance. I am the only one on my machine. If the attacker has enough control to execute these attacks then they already have complete control of my machine anyway. I don't want this. I want speed. There are no other users. I want an easy way to turn them all off!

 

[bit_user]

I don't want any of these "fixes" that affect performance. I am the only one on my machine.

This one should be easy to disable, in software. Linux gives you a knob to let you do just that.

If the attacker has enough control to execute these attacks then they already have complete control of my machine anyway. I don't want this. I want speed.

A lot of these vulnerabilities allow an attacker to steal data by running unprivileged code on your machine, and many of them have been demonstrated to be exploitable via Javascript (or similar) running in a web browser.

So, my advice would be to do your online financial transactions (and other sensitive accounts) from a machine with all updates applied & mitigations enabled. You could even go a step further and disable hyperthreading, though some vulnerabilities (like this one), don't depend on it.

If you have another machine that's just for gaming or some task like video editing or software development, then it's probably fine to disable mitigations on that machine. That's what I do, FWIW.

I want an easy way to turn them all off!

It's a good question whether there's an easy way to do that on Windows. Anyone?

 

[lolvatveo]

Intel have to release new microcode unlock all overclock CPU, IGPU, ALL MB CHIPSET for all things Intel locked overclock (6th gen CPU to now) to compensate customers. If there is nothing to compensate, they can be sued.

 

[Pierce2623]

I personally think it’s ridiculous that it’s basically impossible to opt out of mitigations for vulnerabilities that require physical access to the machine.

 

[Dingledooda]

"Note that none of the cores affected by RFDS support Intel® Hyper-Threading Technology (Intel® HT Technology), although hybrid processors may contain both affected cores and cores which support Intel® HT Technology. The RFDS method can only infer stale data values from software that ran on that affected logical processor.

For processors with hybrid architectures (for example, processors code named Alder Lake) only the Intel Atom cores (E-cores; for example, Gracemont) are affected but all processors within the system will enumerate consistently"

So processors that only have P-cores or if the E-cores are disabled in bios there isn't even a need to update?