• pnutzh4x0rA
    link
    fedilink
    English
    arrow-up
    22
    ·
    edit-2
    1 year ago

    I think this is missing an article link: https://www.phoronix.com/review/downfall

    Downfall, or as Intel prefers to call it is GDS: Gather Data Sampling. GDS/Downfall affects the gather instruction with AVX2 and AVX-512 enabled processors. At least the latest-generation Intel CPUs are not affected but Tigerlake / Ice Lake back to Sandy Bridge is confirmed to be impacted. There is microcode mitigation available but it will be costly for AVX2/AVX-512 workloads with GATHER instructions in hot code-paths and thus widespread software exposure particularly for HPC and other compute-intensive workloads that have relied on AVX2/AVX-512 for better performance.

    Rough day for CPU makers…

    Update: Of course there is a dedicated page for it: https://downfall.page/

  • interolivary@beehaw.org
    link
    fedilink
    arrow-up
    18
    ·
    edit-2
    1 year ago

    Speculative execution seems to be an unending source of woes, especially for Intel (but not just them.) Not all that surprising considering how hard it is to not leak eg. timing information accidentally, but you’d sort of expect that CPU manufacturers would have learned from the N+1 previous speculative execution vulnerabilities. Then again, they’re in the business of making faster CPUs, so it’s not like they’ll just swear off speculation forever

    • upstream@beehaw.org
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      1 year ago

      A lot of those patches aren’t really needed if you “trust” the software that you run. Obviously, some are, but a lot of these are only interesting to exploit in shared environments.

      • MangoKangaroo@beehaw.org
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        If it ends up in intel-ucode I may not get much of a choice. If it becomes a matter of a BIOS update, then I might just not bother. I don’t know which way these things typically go.

    • anlumo@feddit.de
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Are you sure that your server even uses AVX extensions for performance-critical operations?

      • SenorBolsa@beehaw.org
        link
        fedilink
        arrow-up
        17
        ·
        edit-2
        1 year ago

        People just generally don’t understand design or manufacturing at all it might as well be magic to the layman “all you gotta do is…” yeah sure that would make a better product in absolute quality terms, if it’s possible at all, but you have to balance it against 100 other things.

        There’s a reason there are rooms full of relatively high paid individuals with fancy degrees or decades of experience.

        • interolivary@beehaw.org
          link
          fedilink
          arrow-up
          13
          ·
          1 year ago

          And speculative execution is the stuff you do on top of your fancy ALU to make sure you waste less time – so it’s not like we haven’t already tried the simple idea, but that we’ve moved on from it