Retbleed Impact, Overall CPU Security Mitigation Cost For Intel Xeon E3 v5 Skylake | #linux | #linuxsecurity


Since the disclosure of Retbleed earlier this month as the newest CPU security vulnerability around speculative execution, I’ve posted some Intel/AMD benchmarks looking at the mitigation cost for the affected older generations of processors. Last week I also looked at the accumulated CPU mitigation cost on AMD Zen 1. Today is a similar comparison over on the Intel Xeon E3 v5 “Skylake” side with looking at the cost of just the Retbleed mitigations and then the overall CPU mitigation cost when toggling all of the various vulnerabilities with the “mitigations=off” flag.

After the article looking at the Zen 1 combined mitigation cost, the next obvious question is about the combined cost now for Skylake given its past popularity and being affected now by Retbleed in addition to all of the past vulnerabilities. Out-of-the-box the Skylake CPUs have to deal with ITLB Multihit, L1TF, MDS, MMIO Stale Data, Retbleed, Spectre V4 SSB, Usercopy/SWAPGS, Spectre V2, SRBDS, and TSX Async Abort (TAA).

Run-time disabling of the CPU security vulnerabilities can be achieved via the “mitigations=off” kernel parameter or “retbleed=off” as the flag for just disabling Retbleed protection. In the case of this Xeon E3 v5 Skylake CPU for testing, Retbleed mitigations were by way of IBRS.

From an Intel Xeon E3-1245 v5 server, I ran fresh benchmarks on Ubuntu 20.04 LTS with the latest Linux 5.19 kernel state as of 25 July Git. Tests were carried out in the out-of-the-box/default mode on Linux 5.19 and then again with disabling new Retbleed mitigations using “retbleed=off”, and then again with “mitigations=off” for run-time disabling all possible mitigations. The CPU microcode and other system software was maintained the same throughout testing.



Original Source link

Leave a Reply

Your email address will not be published.

fifty one − = forty nine