Re: Intel Processor bug incoming?
Posted: Wed Jan 03, 2018 2:40 pm
Ninjitsu wrote:They seem to be suggesting that there's too much conflicting information at the moment, and that 30% perf hits are overstated.
A lot of that is from micro-benchmarks that are largely synthetic and are intended to illustrate the impact where it's directly felt. The hit is also dependent on the specific variant of micro-architecture: just because the Intel CPUs since Westmere finally have ASIDs doesn't mean that the performance using them is identical. And if you don't have PCID support at all, that's more pain.
It really comes down to the workload: the more syscalls your code does, the worse it is. It's impossible to just give one number, computationally intense stuff that sits in tight execution loops shouldn't show any discernible difference (like prime95). If you are constantly doing I/O and stuff like a database, you'll probably feel it hard.
JBI wrote:You're probably right, but Zen is enough of a departure from Bulldozer/Piledriver design that I don't think we can take it for granted.
AMD guy claims "AMD processors" as a whole.
when the timeline is:
Early-mid 2016: "Hey, that intel micro-architecture, prefetch seems fishy, and oh wow, what about-"
Late-2016: "It's definitely possible to detect side-channel information about kernel addresses"
Early-2017: "So like now there are actually three different ways to potentially defeat KASLR out there, we're going to have to get serious about actually unmapping kernel space guys. Yes, I know..."
Mid-2017: "So I couldn't *ACTUALLY* read kernel memory, which is good I guess!"
Late-2017: "We're unmapping kernel space. Now. It's happening. Deal with it. Happy Holidays?"
I mean, yes, this about micro-architecture, so yes, AMD is automatically different and they are (presumably officially) saying "We're in the clear guys!", but I mean, wow. Do we really think the well is dry with this new concept/technique? After it produced such a bounty? Or should we just bunker down, take the hit, and accept that this time has finally come?
I mean, this isn't just AMD, right? If two-three years from now Intel says "we got this, it's all safe, we're good, unleash us!" are you -sure- we're not going to get bit? I ain't. And, mind you, KASLR has got so many holes that it's been basically hopeless anyway. Having the have perfect AS isolation instead of privilege-shackles might just be the better way forward anyway, right? So, rip off the band-aid, and force the vendors to adapt. It might never be *quite* as good, but we're likely to make it much less worse in future architectures.
EDIT: Yeah, What Ryu and chuckula say: KASLR has *many* problems so maybe we just ought to make it impossible for userspace to *EVER* see kernelspace instead of hoping our strict ruleset of "no peeking!" and hand-slapping won't ever have any holes. Like I said, should we trust Intel when they've "fixed the (specific) glitch"? If not, why would we trust AMD now? If we can make it less painful in newer architectures to have real isolation, isn't that just superior overall?