Re: Intel Microcode updates
On Tue, Jun 11, 2019 at 08:00:49PM +0200, Davide Prina wrote:
On 10/06/19 20:31, Michael Stone wrote:
On Mon, Jun 10, 2019 at 07:46:47PM +0200, Davide Prina wrote:
On 10/06/19 13:16, Michael Stone wrote:
Your CPU is not supported my Intel, so you either accept the
risk or buy a new one.
you have another choice: disable the SMP & C. and all mitigation
That's not correct, but will set your performance back 20 years.
why is it not correct?
I have read that most of this hardware bug is related to the execution
of the possible future operation, while the system is executing the
OK this solution will slow down a lot your CPU.
It's simply not correct that every one of these hardware bugs can be
mitigated by running on only a single thread. I think you're confusing
SMP (multiple processors) with speculative execution (within a
processor), but this really isn't the right forum to sort that out.
* you will get only mitigation and not bug correction. Mitigation
== the attack is more hard, but it can be done successfully. I
That is also not correct.
Because "mitigation" simply does not mean "the attack...can be done
successfully". In some cases the mitigations make an attack unlikely, in
other cases the mitigations change the behavior of the system to make an
attack impossible, and in some cases the mitigations add capabilities
which can be used to prevent attacks but which require additional
changes in programs.
* your CPU run slower because of these mitigation (I have rad that
for some task you can have 50% or less performance),
That depends on the CPU, some see significant impacts, others see
none or were never vulnerable to some of these issues.
that true, but I never read that a processor type with a
spectre/meltdown/& C. have been released with a new CPU version that
is immune to this bug, so you always need this software mitigation.
"etc" covers a lot of ground when we're talking about (currently) 12
seperately-identified vulnerabilities. Many CPUs weren't vulnerable to
every one of the vulnerabilities. Getting one not vulnerable to the
vulnerabilities that are most expensive to mitigate is a good starting
place. Some have functionality that makes the mitigations less expensive
than others. Again, this isn't the right place to tell people what CPU
to buy or to discuss the performance characteristics of more than half a
dozen different CPU families. As a specific example, AMD processors were
not vulnerable to the "meltdown" bug. As a further specific example,
some vulnerable intel CPUs support the PCID instructions which make the
mitigation much less expensive by allowing the kernel to selectively
flush the TLB rather than flushing the whole thing. So just for that one
vulnerability the cost ranges from "nothing/not vulnerable" to "modest"
to "severe"--though the cost is also heavily dependent on the workload
and whether a single user thread does most of the work or whether there
are frequent system calls or contention on the system.
There's enough misinformation about this class of attacks without
I have try to read the research that describe those hardware bugs,
probably I don't have understand all or I don't have read all the
Then it's probably best that you not tell thousands of people the wrong