• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

NVIDIA GeForce 390.65 Driver with Spectre Fix Benchmarked in 21 Games

R0H1T said:
design flaw
Click to expand...
But this what I'm trying to help you understand. These vulnerabilities are not "design flaws". The term "design flaw" directly implies defect. That is not the case. The CPU's affected by these problems will operate perfectly well and stable and will keep doing so even if the vulnerability is exploited. While the vulnerability takes advantage if a trick of a hardware function, those functions are not in and of themselves defects. Does that makes sense?
 
lexluthermiester said:
But this what I'm trying to help you understand. These vulnerabilities are not "design flaws". The term "design flaw" directly implies defect. That is not the case. The CPU's affected by these problems will operate perfectly well and stable and will keep doing so even if the vulnerability is exploited. While the vulnerability takes advantage if a trick of a hardware function, those functions are not in and of themselves defects. Does that makes sense?
Click to expand...
Alright how about unintended consequences? But meltdown is definitely avoidable ~
A *competent* CPU engineer would fix this by making sure speculation
doesn't happen across protection domains. Maybe even a L1 I$ that is
keyed by CPL.

I think somebody inside of Intel needs to really take a long hard look
at their CPU's, and actually admit that they have issues instead of
writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be
written with "not all CPU's are crap" in mind.

Or is Intel basically saying "we are committed to selling you shit
forever and ever, and never fixing anything"?

Because if that's the case, maybe we should start looking towards the
ARM64 people more.

Please talk to management. Because I really see exactly two possibibilities:

- Intel never intends to fix anything

OR

- these workarounds should have a way to disable them.

Which of the two is it?

Linus
Click to expand...
 
R0H1T said:
From TPU ~
Security Update
Fixed CVE-2017-5753: Computer systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Click to expand...
Interesting. That release directly implies NVidia saw the possibility of potential vulnerability. They didn't mention MLTDWN&SPCTR specically, but it seems likely now that such an attack is possible, reagrdless of how complex and unlikely. I concede on that point. Although, this does go to show just how complex these new discoveries really are and how scary the potential is.
 
lexluthermiester said:
Interesting. That release directly implies NVidia saw the possibility of potential vulnerability. They didn't mention MLTDWN&SPCTR specically, but it seems likely now that such an attack is possible, reagrdless of how complex and unlikely. I concede on that point. Although, this does go to show just how complex these new discoveries really are and how scary the potential is.
Click to expand...
That's why I said it's a developing situation. Everything we think is secure may not be, then there's this ~
According to rough estimates in the Harvard study he co-authored, as many as one third of all zero-days used in a given year may have first been discovered by the NSA.
Click to expand...

I'd err on the side of caution & assume everything is vulnerable, but every individual can also choose their level of cautiousness or security.
 
R0H1T said:
That's why I said it's a developing situation. Everything we think is secure may not be, then there's this ~
Click to expand...
That's actually what I was referring to with the "scary" comment. And what seems to be clear is that this is a problem for everyone on all platforms. It may have started with Intel, but they are not directly responsible any more than anyone else.
R0H1T said:
I'd err on the side of caution & assume everything is vulnerable, but every individual can also choose their level of cautiousness or security.
Click to expand...
Agreed. It's going to take time to solve these problems.

BTW, Thank You for the links. Been doing a ton of research on these problems as they will directly affect my work, but those specific points I had not found/gotten to. I don't mind admitting that these developments leave me more than a little alarmed and deeply concerned.
EDIT: I'm also very glad that I keep many personal systems on a closed network that has no internet access.. Perhaps that might be a possible solution elsewhere.
 
Last edited:
I still don't see the relevancy of this test even if GPU's are affected because they access kernel memory space. CPU's access their own part of internal memory to predict caching and compute of stuff that goes through the CPU, making it faster. Blocking it from doing that gimps its performance. GPU's never even needed to access that part of memory in such a way the CPU does on itself.
 
When you read up on Meltdown and Spectre, when it comes to mitigation measures Spectre is far worse. Meltdown fix is simple, kernels get KAISER-based patches, there is a performance hit but it will essentially be done. Spectre needs a much more complex approach - firmware/microcode patches plus potentially vulnerable software to take mitigation measures. Compilers have been improved to do some of this automatically but that would still mean recompiling the software. These measures partially overlap with Meltdown things but not only that. If you want an example, see what all major browser vendors did with patches. Things like making timers less accurate :)

GPUs are not affected. Driver does stuff on CPU that might be vulnerable to Spectre variants so mitigation measures are taken.
Mitigation measures introduce additional delays, that means performance hot for CPU-limited situations. So far, small hits, but still.

From the previous page of the topic:
xorbe said:
The gpu driver runs with priveledge, and by recoding key indirect branches, it closes a side band data leak.
Click to expand...
 
Last edited:
This benchmark makes no sense to me.

Someone has a proper graph?
 
TheDeeGee said:
This benchmark makes no sense to me.

Someone has a proper graph?
Click to expand...
Basically the new Nvidia driver with the Security fix DOES NOT AFFECT PERFORMANCE IN A NEGATIVE WAY but did show about a .1% increase in performance.
 
The graph is very bad as far as grasping the results go. But there clearly is an effect to performance. Nothing changes about how GPU does its work, it is all about CPU and what driver is doing on it. You would need to look at situations that are more CPU dependent.
Note where the bigger performance hits occur - Divinity Original Sin 2 at 1080p, Dawn of War 3 at 1080p. These are the more CPU-heavy situations.
Yes, GTA5 at high resolutions does get hit more and more but I would suspect this is specific to that game, perhaps something about how assets or draw calls are distributed as that is a massive open world.
 
spectatorx said:
Exactly my thoughts. How is gpu driver supposed to fix cpu related problems, especially cpu architecture flaws.
Click to expand...
Indeed. Not to mention, last time I've checked meltdown (which is to spectre what nuclear bomb is to a hand grenade) was not fixable, could only be mitigated.
 
medi01 said:
Indeed. Not to mention, last time I've checked meltdown (which is to spectre what nuclear bomb is to a hand grenade) was not fixable, could only be mitigated.
Click to expand...
This is not addressing Meltdown, it is addressing Spectre. At least primarily.
 
lexluthermiester said:
Interesting. That release directly implies NVidia saw the possibility of potential vulnerability. They didn't mention MLTDWN&SPCTR specically, but it seems likely now that such an attack is possible, reagrdless of how complex and unlikely. I concede on that point. Although, this does go to show just how complex these new discoveries really are and how scary the potential is.
Click to expand...

As I precisely stated in post 10 of this very thread ...
 
You must log in or register to reply here.
Back
Top