来源:Tom's Hardware
原英文标题:《Intel CPUs Suffer Performance Hit From New Spectre-v2 Mitigations》
Branch History Injection (BHI), a new flavor of the Spectre-v2 vulnerability that affects both new and old Intel processors and specific Arm models, recently came to light. Linux publication Phoronix conducted testing that shows the new BHI mitigations could produce severe performance penalties up to 35%.
分支历史记录注入 (BHI) 是 Spectre-v2 漏洞的一种新版本,会影响新旧英特尔处理器和特定 Arm 型号,最近曝光。Linux出版物Phoronix进行了测试,表明新的BHI缓解措施可能会产生高达35%的严重性能损失。
——
Intel will release a software update for its processors to mitigate BHI, but it may take a while since processors starting from Haswell going forward are vulnerable to the exploit. However, the Linux community was quick to act, and mitigations for BHI already formed a part of the Linux kernel in a matter of minutes after BHI's announcement.
英特尔将为其处理器发布软件更新以缓解BHI,但可能需要一段时间,因为从Haswell开始的处理器容易受到攻击。然而,Linux社区很快就采取了行动,在BHI宣布后的几分钟内,BHI的缓解措施已经构成了Linux内核的一部分。
——
VUSec, the Systems and Network Security Group at Vrije Universiteit Amsterdam who discovered BHI, recommended enabling Repotlines (return and trampoline) to mitigate BHI. The recommendation still stands for modern processors that already carry the necessary hardware mitigations for Spectre V2. In Intel's case, that would be eIBRS, but as the VUSec researchers highlighted, it isn't enough to fight off BHI, which is the reason to have eIBRS and Retpolines working in tandem.
阿姆斯特丹自由大学(Vrije Universiteit Amsterdam)的系统和网络安全小组VUSec发现了BHI,他建议启用Repotlines (return 和 trampoline) 来缓解BHI。该建议仍然适用于已经为Spectre V2提供必要硬件缓解措施的现代处理器。在英特尔的案例中,这将是eIBRS,但正如VUSec研究人员所强调的那样,仅仅对抗BHI是不够的,这就是eIBRS和Retpolines协同工作的原因。
According to Phoronix's Core i9-12900K (Alder Lake) results, networking and storage performance went down the toilet after enabling Retpolines. The publication recorded a 26.7% performance loss on the former and 14.5% on the latter. That's the hallmark of these mitigations: Any external I/O from the chip takes a hard hit. Workloads like web browsing or image manipulation in GIMP didn't show a huge impact.
根据Phoronix的Core i9-12900K(Alder Lake)结果,在启用Retpolines后,网络和存储性能下降了。该出版物记录了前者26.7%的性能损失和14.5%的后者性能损失。这就是这些缓解措施的标志:来自芯片的任何外部I/ O都会受到重创。GIMP中的Web浏览或图像处理等工作负载并未显示出巨大的影响。
——
The Core i7-1185G7 (Tiger Lake) took an even more detrimental hit to storage performance. The results showed 35.6% and 34.1% lower performance in OSBench and Flexible IO Tester, respectively. But again, workloads that don't rely on I/O or networking didn't show significant performance loss. These include gaming, web browsing, and other daily tasks.
Core i7-1185G7(Tiger Lake)对存储性能造成了更大的不利影响。结果显示,OSBench和Flexive IO Tester的性能分别降低了35.6%和34.1%。但同样,不依赖于 I/O 或网络的工作负载并未出现显著的性能损失。这些包括游戏,网页浏览和其他日常任务。
——
Phoronix noted that AMD processors aren't safe from BHI even though modern Zen chips already leverage Retpolines. The problem is that AMD's LFENCE/JMP-based implementation of Retpolines isn't good enough to fend off BHI, so the chipmaker is shifting to general Retpolines. The impact of the transition for AMD processors is unknown, but Phoronix is already conducting new tests to find out.
Phoronix指出,AMD处理器对BHI来说并不安全,尽管现代Zen芯片已经利用了Retpolines。问题在于,AMD基于LFENCE/JMP的Retpolines实现不足以抵御BHI,因此芯片制造商正在转向通用Retpolines。这种转变对AMD处理器的影响尚不清楚,但Phoronix已经在进行新的测试以找出答案。
——
It's possible Intel and other software developers will be able to reduce the impact of the BHI mitigations with additional time and effort, but for the time being, enabling the patches could prove very painful on servers and other systems that do a lot of I/O intensive work.
英特尔和其他软件开发人员有可能通过额外的时间和精力来减少BHI缓解措施的影响,但就目前而言,启用补丁可能会在服务器和其他需要大量I / O密集型工作的系统上证明是非常痛苦的。 |