Intel CPU design flaw |Meltdown, Spectre a ine|

[Krteq]

Ano, zcela urcite.

When it came to evaluating different desktop workloads on the Core i5 8400, the RdRand performance was impacted as expected but given that RdRand / RDSEED is not used prolifically especially by desktop workloads, for the other benchmarks the performance was basically unchanged.

Já někde psal o desktopu? Tak určitě na desktopu provozuješ hned několik SQL instancí a aplikace využívající RNG instrukce

[hnizdo]

Já někde psal o desktopu? Tak určitě na desktopu provozuješ hned několik SQL instancí a aplikace využívající RNG instrukce

Takze jeste jednou.

The "good" news is that RdRand isn't used prolificily by real-world workloads. So when stressing a wide range of server-ish workloads, the overall impact from the SRBDS mitigation was not impacted to within a few percent the original performance as a worst case.

Nekolik procent je tedy dle tebe naprosto nepouzitelne.

[mr.qeg]

Nemohly by tyto instrukce mít uplatnění v kryptografii, což už by real-world bylo? Ale nevím, budu muset pogooglit.

[Krteq]

Tak z nejpoužívanějších SW využívající RDRAND je třeba OpenSSL atd.

A ano, cokoliv "crypto" používá RNG, záleží pak na implementaci v SW jestli přímo používá instrukce RDRAND, RDSEED apod.

[killerek]

Tak to by mohlo byt neprijemne i pro Checkpoint FW, ktere se nasazuji i jako virtualky. Ono i v tech Checkpoint boxech je Xeon.

[Krteq]

The Record - First Fully Weaponized Spectre Exploit Discovered Online

[Krteq]

Další zranitelnost Intel CPUs (+ ARM)

Branch History Injection aka "Spectre-BHB" (CVE-2022-0001, CVE-2022-0002)

Phoronix.com - BHI: The Newest Spectre Vulnerability Affecting Intel & Arm CPUs

[Krteq]

... a dopad oprav na výkon u nových CPUs





Phoronix.com - In Light Of Spectre BHI, The Performance Impact For Retpolines On Modern Intel CPUs

[hnizdo]

Oho, strašidelné obrázky.

"Gaming, web browser usage, and other conventional desktop tasks not heavy on I/O or networking didn't see any measurable hit with the "eibrs,retpoline" option."

Tak jdeme zase spát.

[Krteq]

Jo tááák, takže workstation a enterprise segment zase přestal existovat?

[DOC_ZENITH]

Jo tááák, takže workstation a enterprise segment zase přestal existovat?

Konkurečně vzato přestal existovat vydáním ZEN2 Epyců. A Sapphire-rapids ještě neni venku, takže Intel v serverech konkuruje pouze cenou.

//Baneshee - promaz OT

[Krteq]

Oh shiiiiit

Phoronix - VMware: ESXi VM Performance Tanks Up To 70% Due To Intel Retbleed Mitigation

[hnizdo]

To je u rtbleed zda se normalni. Stary intely,z Zeny 1 a 2 maji pod linuxem s mitigacemi dvojnasobnou latenci context swicth. I/O, java sly do kopru... Takze to bude vypadat stejne i pod ESXi.

3950x - But more pressing is if using the newer retbleed=ibpb option for issuing Indirect Branch Prediction Barriers as the safest over the untrained return thunks mitigation but with the highest performance impact. Running with Retbleed IBPB mitigations yielded just 75% the completely unmitigated performance or a 20% hit over the default (untrained return thunks)

https://www.phoronix.com/review/amd-3950x-retbleed/5

[Krteq]

Intel Gather Data Sampling/DOWNFALL - údajně vysoký dopad opravy (paper udává "up to 50%") na AVX2/AVX-512 výkon u Core/Xeonů

Intel DOWNFALL: New Vulnerability Affecting AVX2/AVX-512 With Big Performance Implications

Downfall Attacks

[Krteq]

Další rok, další nášup Intel zranitelností

Training Solo (3 zraintelnosti v jednom "balíku"):

• History-based attacks
  Affected: All Intel CPUs with eIBRS, including Intel’s latest generation Lion Cove which features the BHI_NO feature. Selected ARM CPUs, see vendor website.
• Indirect Target Selection (ITS) (CVE-2024-28956)
  Affected: Multiple Intel CPU generations (i.e., Intel Core 9th-11th, Intel Xeon 2nd-3rd). Please refer to Intel’s advisory for a complete list.
• Lion Cove BPU issue (CVE-2025-24495)
  Affected: Intel CPUs with Lion Cove core (Lunar Lake / Arrow Lake)

VUSec - Training Solo: New Set Of Serious Security Vulnerabilities Exposed For Intel & Arm CPUs

---------------------------------------------
Branch Privilege Injection:

Intel has developed a microcode update for affected processors and provided us with one to evaluate on Alder Lake. We were able to verify that the microcode update stops our primitives that we use in the paper to detect the vulnerabilities. Our performance evaluation shows up to 2.7% overhead for the microcode mitigation on Alder Lake. We have also evaluated several potential alternative mitigation strategies in software with overheads between 1.6% (Coffee Lake Refresh) and 8.3% (Rocket lake). Please refer to our paper for more details.

...

- Is my machine affected?
All intel processors since the 9th generation (Coffee Lake Refresh) are affected by Branch Privilege Injection. However, we have observed predictions bypassing the Indirect Branch Prediction Barrier (IBPB) on processors as far back as 7th generation (Kaby Lake).

- Does Branch Privilege Injection affect non-Intel CPUs?
No. Our analysis has not found any issues on the evaluated AMD and ARM systems.

COMSEC - Branch Privilege Injection: Exploiting Branch Predictor Race Conditions