You might by now have heard of "Downfall"¹, yet another speculative execution attack on Intel processors.

The mitigations are going to cost another 50% performance on "selected workloads" which, by Murphy's, will inevitably be yours.

I quote something I find really rather irritating:

"
[Q] Can I disable the mitigation if my workload does not use Gather?

[A] This is a bad idea. Even if your workload does not use vector instructions, modern CPUs rely on vector registers to optimize common operations, such as copying memory and switching register content, which leaks data to untrusted code exploiting Gather.
"

No, you can freely decide to ignore microcode mitigations if you know what you are doing. There are thousands of reasons why you should not continue piling up Intel's microcode fixes on your machines and performance is indeed one of them.

This attack is based on the "gather" part of the "scatter-gather" SIMD algorithms, these are pretty ubiquitous if you have ever done HPC and, well, if your HPC machine is one telnet away from the Internet then you have a bigger problem than microcode².

Now, please understand, perhaps "for once and for all", that these attacks have a very simple "root cause": in the 1990s pretty much every processor manufacturer on the planet decided that performance trumped everything else and, therefore, went down (unprotected) speculative execution³.

This means that it cannot be fixed within current architectures.

#SpeculativeExecution #NamedVulnerabilities #Downfall #Hype #MitigationsDoneWrong

__
¹ https://downfall.page
² I used to manage an HPC network in the 1990s, I was hacked by, of all places, Intel in Israel (Haifa), no I cannot discuss this further, yes, I detected them.
³ If you read the literature you will discover that even IBM mainframe processors went down that route (hint, hint).