"Downfall" Intel CPU Vulnerability Can Impact Performance By 50%

[AleksandarK]

Intel has recently revealed a security vulnerability named Downfall (CVE-2022-40982) that impacts multiple generations of Intel processors. The vulnerability is linked to Intel's memory optimization feature, exploiting the Gather instruction, a function that accelerates data fetching from scattered memory locations. It inadvertently exposes internal hardware registers, allowing malicious software access to data held by other programs. The flaw affects Intel mainstream and server processors ranging from the Skylake to Rocket Lake microarchitecture. The entire list of affected CPUs is here. Intel has responded by releasing updated software-level microcode to fix the flaw. However, there's concern over the performance impact of the fix, potentially affecting AVX2 and AVX-512 workloads involving the Gather instruction by up to 50%.

Phoronix tested the Downfall mitigations and reported varying performance decreases on different processors. For instance, two Xeon Platinum 8380 processors were around 6% slower in certain tests, while the Core i7-1165G7 faced performance degradation ranging from 11% to 39% in specific benchmarks. While these reductions were less than Intel's forecasted 50% overhead, they remain significant, especially in High-Performance Computing (HPC) workloads. The ramifications of Downfall are not restricted to specialized tasks like AI or HPC but may extend to more common applications such as video encoding. Though the microcode update is not mandatory and Intel provides an opt-out mechanism, users are left with a challenging decision between security and performance. Executing a Downfall attack might seem complex, but the final choice between implementing the mitigation or retaining performance will likely vary depending on individual needs and risk assessments.



View at TechPowerUp Main Site | Source

 

[CoD511]

Ouch.

Though I must admit I was expecting worse from the title of the article, potential impact on AVX2 and AVX-512 workloads seems far more limited than say, any and all workloads at least.

But regardless, I'm not sure if this is an odd thought.. but I can't shake the feeling sometimes that Intel purposely cuts corners to increase performance while increasing security vulnerabilities...

 

[TumbleGeorge]

Intel is not longer a company that I respect.

 

[freeagent]

-1 for engineering shortcuts.

Booo.

 

[R-T-B]

Before someone points out the similar AMD bug discoverd in the same timeframe, that one only impacts performance on Zen 3/4 by about a fraction of a percent. It's not in the same class at all.

This is a variant of meltdown and quite bad.

 

[Chaitanya]

Ouch.

Though I must admit I was expecting worse from the title of the article, potential impact on AVX2 and AVX-512 workloads seems far more limited than say, any and all workloads at least.

But regardless, I'm not sure if this is an odd thought.. but I can't shake the feeling sometimes that Intel purposely cuts corners to increase performance while increasing security vulnerabilities...

There are many many editing tools that heavily rely on AVX in some form, and there are whole range of applications for WS which will also will be impacted by the "fix".

 

[ViperXZ]

More and more security leaks are detected, that affect both Intel and AMD .. AMD to a somewhat lesser degree since Zen is a newer architecture.

 

[mb194dc]

Downfall requires admin access? and will only be relevant in use cases where multiple unconnected users share machines, ie shared server environments. So generally, it's not an issue.

There has been a trend towards security at hardware or other levels, when these are rarely (never?) exploited in the real world anyway. The best hacking tools are social engineering, user and configuration error and generally the human element. Not hardware!

 

[AnotherReader]

...post removed

I wish the forum members would stop making this into a fanboy pissing contest. Both AMD and Intel need to handle the case of SMT even more carefully as SMT makes it easier for different processes to eavesdrop on each other. Given the typical behaviour of OS schedulers, this is unlikely to be a concern for home users, but cloud providers should take note and stop scheduling different customers' code on the same CPU.

 

[efikkan]

Downfall requires admin access? and will only be relevant in use cases where multiple unconnected users share machines, ie shared server environments. So generally, it's not an issue.

There has been a trend towards security at hardware or other levels, when these are rarely (never?) exploited in the real world anyway. The best hacking tools are social engineering, user and configuration error and generally the human element. Not hardware!

If that is accurate, then such mitigations should not be rolled out for everyone.
Multiple admins connected to a server isn't a concern, as admins can do everything anyways.
But there is one major use case where it is; cloud providers.
This has been the case for most major bugs found in recent years, incl. Meltdown, Spectre and others, they have some potential in hypervisors (albeit often little effective), but elsewhere, like single computers and normal servers, it's not a real world problem as you said.

This is the exact reason why good security is implemented in layers. You should always expect that a single layer can be compromised at some point. And this is one of the reasons why I have said for >5 years that cloud computing is stupid, as it allows a single bug to potentially bypass all layers of security.

But I'm not saying Intel (and potentially others) shouldn't fix all such bugs in future designs, they certainly should, because if there is future bug in a different layer, e.g. OS, driver, etc., then such bugs become very dangerous.

 

[Od1sseas]

13th Gen

 

[AnotherReader]

13th Gen

12th gen and Atom derived cores are safe too.

 

[ncrs]

Before someone points out the similar AMD bug discoverd in the same timeframe, that one only impacts performance on Zen 3/4 by about a fraction of a percent. It's not in the same class at all.

Just a small clarification: The AMD INCEPTION vulnerability affects every Zen generation, not only Zen 3/4. It requires mitigations in operating systems and in case of Zen 3/4 microcode updates.
In generations prior to Zen 3 the previous Indirect Branch Predictor Barrier (IBPB) mitigations for Spectre are being re-used for handling this issue.

Phoronix has not completed the AMD benchmarks yet, so the actual real world impact is unknown.

The Microsoft Windows patch article states:

In testing Microsoft has seen some performance impact with these mitigations, in particular when hyperthreading is disabled.

We'll have to wait for third party benchmarks.

 

[TheoneandonlyMrK]

Just a small clarification: The AMD INCEPTION vulnerability affects every Zen generation, not only Zen 3/4. It requires mitigations in operating systems and in case of Zen 3/4 microcode updates.
In generations prior to Zen 3 the previous Indirect Branch Predictor Barrier (IBPB) mitigations for Spectre are being re-used for handling this issue.

RTB was talking about Heartbleed that was reported earlier this week I think, Inception was the prequel

 

[AnotherReader]

If that is accurate, then such mitigations should not be rolled out for everyone.
Multiple admins connected to a server isn't a concern, as admins can do everything anyways.
But there is one major use case where it is; cloud providers.
This has been the case for most major bugs found in recent years, incl. Meltdown, Spectre and others, they have some potential in hypervisors (albeit often little effective), but elsewhere, like single computers and normal servers, it's not a real world problem as you said.

This is the exact reason why good security is implemented in layers. You should always expect that a single layer can be compromised at some point. And this is one of the reasons why I have said for >5 years that cloud computing is stupid, as it allows a single bug to potentially bypass all layers of security.

But I'm not saying Intel (and potentially others) shouldn't fix all such bugs in future designs, they certainly should, because if there is future bug in a different layer, e.g. OS, driver, etc., then such bugs become very dangerous.

If the attacker has got local execution of code of their choice, the game is over, because either the compromised account already has what the attacker is after or otherwise privilege escalation exploits are a dime a dozen.

This sort of bug is more relevant for cloud servers where supposedly isolated VMs could eavesdrop on each other this way though as I said earlier, simply assigning whole cores to processes would make this eavesdropping more difficult.

 

[ncrs]

RTB was talking about Heartbleed that was reported earlier this week I think, Inception was the prequel

Heartbleed is a 2014 OpenSSL vulnerability.

Maybe you meant Zenbleed? But that affects Zen 2, and not Zen 3/4 as R-T-B stated

 

[TheoneandonlyMrK]

Heartbleed is a 2014 OpenSSL vulnerability.

Maybe you meant Zenbleed? But that affects Zen 2, and not Zen 3/4 as R-T-B stated

Your right, these names could be chosen better, yep Zenbleed I meant, but your also right on affected Zen's.

Researchers have been busy eh

Any rate this Is Intel's shitstorm, I'll leave them to it.

 

[chrcoluk]

Some laziness on the part of CPU developers on the speculative branch stuff (which is where alot of the issues are), but almost all of the vulns so far are not very easy to pull off and most the risk is in shared usage of hardware between different users so like shared web hosting or VPS hosting type stuff.

Anyone who has disabled spectre/meltdown mitigations, will likely have this disabled as well as the same registry keys will probably be used.

 

[R-T-B]

Phoronix has not completed the AMD benchmarks yet, so the actual real world impact is unknown.

Yeah I was going with AMDs expected figures. There are not any hard benches yet and AMD also disputes that Zen 1/2 is affected so that portion is confusing. If they are the impact there is most likely worse.

It requires mitigations in operating systems

Not with the microcode patch, that I'm aware of. Linux doesn't even enable a kernel option for it for starters. It is a microcode only fix AFAIK.

Downfall requires admin access?

Architecturally, no. It could be used to grant a standard user admin privileges however.

Some laziness on the part of CPU developers on the speculative branch stuff (which is where alot of the issues are), but almost all of the vulns so far are not very easy to pull off and most the risk is in shared usage of hardware between different users so like shared web hosting or VPS hosting type stuff.

Anyone who has disabled spectre/meltdown mitigations, will likely have this disabled as well as the same registry keys will probably be used.

I'd be really careful disabling meltdown variants, personally. Javascript exploits for it are live in the wild. I guess you could always just "browse safe" but it only takes one mistake.

Fortunately AFAIK only two (the original and this) exist.

 

[ncrs]

Yeah I was going with AMDs expected figures. There are not any hard benches yet and AMD also disputes that Zen 1/2 is affected so that portion is confusing. If they are the impact there is most likely worse.

I don't know what you mean with "AMD also disputes that Zen 1/2 is affected", AMD-SB-7005 lists every Zen generation but I agree it's not stated very clearly that they are all affected.
However from the OS changes it's clear that every generation is affected, see next part.

Not with the microcode patch, that I'm aware of. Linux doesn't even enable a kernel option for it for starters. It is a microcode only fix AFAIK.

It is not microcode only. Here's the Linux mitigation commit, and the AMD Whitepaper that describes mitigation strategies on previous generations.
The Linux code clearly states:

Affected processors
-------------------

AMD Zen, generations 1-4. That is, all families 0x17 and 0x19.

Not every mitigation has a configuration knob in the kernel.
The comments here also imply some performance impact, but again - we'll need to wait for Phoronix benchmarks.

 

[R-T-B]

I was going by some older info that was a day or two old, thanks for correcting me.

 

[Denver]

intel is suffering a streak of bad luck.

 

[ncrs]

I was going by some older info that was a day or two old, thanks for correcting me.

You're welcome. I think this chain of misunderstanding (I've seen this replicated among many news sites) was caused by the inadequate wording in the original AMD statement. Fortunately due to magic of open-source we can see what the real deal is

 

[chrcoluk]

I'd be really careful disabling meltdown variants, personally. Javascript exploits for it are live in the wild. I guess you could always just "browse safe" but it only takes one mistake.

Foryunately AFAIK only two (the original and this) exist.

Any example of these javascript meltdown exploits out in the wild?

 

[unwind-protect]

Downfall requires admin access? and will only be relevant in use cases where multiple unconnected users share machines, ie shared server environments. So generally, it's not an issue.

There has been a trend towards security at hardware or other levels, when these are rarely (never?) exploited in the real world anyway. The best hacking tools are social engineering, user and configuration error and generally the human element. Not hardware!

Only a question of time until somebody triggers this from Javascript or Web assembly, so it is relevant to everybody surfing the web.