英特尔特定寄存器缓冲器数据采样 CPU 漏洞

新的 CPU 漏洞又来了,又是与预测执行机制有关,又是主要影响英特尔处理器。Linux 内核主线刚刚合并了补丁或微码去缓解“特定寄存器缓冲器数据采样(Special Register Buffer Data Sampling或 SRBDS)”漏洞影响。Spectre、Meltdown 等预测执行攻击的补丁主要是应用于核心内部,新的漏洞允许攻击者跨核心泄露敏感信息。被称为 CrossTalk 的攻击允许攻击者控制一个 CPU 核心的代码执行,去泄露不同核心上的软件执行敏感数据。Phoronix 测试了微码对 RdRand 性能的影响,结果显示性能下跌达到了惊人的 97%,打了微码之后的 RdRand 得分只有原来的 3%。

https://www.solidot.org/story?sid=64639



https://www.phoronix.com/scan.php?page=news_item&px=RdRand-3-Percent
RdRand Performance As Bad As ~3% Original Speed With CrossTalk/SRBDS MitigationWritten by Michael Larabel in Intel on 9 June 2020 at 03:58 PM
Following today’s disclosure by Intel of the CrossTalk/SRBDS vulnerability that is MDS-based and vulnerable across physical cores with affected instructions, Intel released new CPU microcode to mitigate the most prone/significant instructions. I’ve been benchmarking the impact of this new microcode on multiple systems and will have a full report tonight or tomorrow morning… But here is a look specifically at the look at the impact on the RdRand performance.

RDRAND, RDSEED, and EGETKEY are the instructions currently being mitigated with the new microcode. As explained in the earlier article, mitigating CrossTalk involves locking the entire memory bus before updating the staging buffer and unlocking it after the contents have been cleared. This locking and serialization now involved for those instructions is very brutal on the performance, but thankfully most real-world workloads shouldn’t be making too much use of these instructions.

The formal benchmarks I have running on three systems at the moment are comprised of both synthetic and real-world tests. But as a teaser here is a look at the RdRand performance impact itself using the well known Stress-NG kernel micro-benchmarks. The only change before/after on this Intel Xeon system was updating to the newly-released CPU microcode.

RdRand is now at ~3% the original speed for this hardware random number generator instruction for this Intel Xeon system. With other systems in looking at the RdRand performance, I am seeing similar massive penalties, but fortunately less so for more real-world workloads.

Linux kernel patches were also posted a short time ago for hitting the stable kernel series that when using this new CPU microcode will allow disabling the Special Register Buffer Data Sampling mitigation. Booting with mitigation=off on a patched kernel will allow disabling the SRBDS mitigation or if just wanting to disable this new microcode-based mitigation while keeping the other CPU security mitigations enabled, srbds=off is also to be supported by the forthcoming kernel series. With these new patches, the status will also be reported via /sys/devices/system/cpu/vulnerabilities/srbds.

Intel’s formal guidance on Special Register Buffer Data Sampling notes that most client systems do not see enough RdRand/RDSEED/EGETKEY to warrant a significant performance impact but that workloads more common to servers may be impacted. Intel supports system administrators disabling the mitigation if no untrusted software is running on the software, if RDRAND/RDSEED is only used where the random value is not important for security, or where RDRAND/RDSEED is mixed with other entropy sources.

Stay tuned for the full set of CrossTalk / Special Register Buffer Data Sampling mitigation benchmarks tonight or tomorrow. For those that appreciate my relentless benchmarking, you can show your support by joining premium, making a PayPal tip, or foregoing any ad-block usage on this site.

评论 24

  1. 1#

    intel又开始倒吸牙膏了

    darkclown
  2. 2#

    RdRand现在谁在用?


    systemd?




    @轮子妈 @兔姐

    风车车
  3. 3#

    其实intel漏洞多不是坏事,说明intel产品在实际生产中经过了千锤百炼,暴露出了很多问题,体现了intel的包容、开放、心胸宽广。


    反观AMD,就没几个人用,也没暴露出什么问题,体现了其闭塞、心胸狭隘。

    你想要和一个包容的人一起工作,还是和一个狭隘的人一起工作?

    风车车
  4. 4#

    风车车
    其实intel漏洞多不是坏事,说明intel产品在实际生产中经过了千锤百炼,暴露出了很多问题,体现了intel的包 ...

    说的好,intel yes

    zuozuo1989
  5. 5#

    风车车
    其实intel漏洞多不是坏事,说明intel产品在实际生产中经过了千锤百炼,暴露出了很多问题,体现了intel的包 ...

    有一点道理,就像win和mac
    不过我觉得主要是因为这两年黑客开始重视cpu挖洞导致的,以前注意力不在这块

    darkclown
  6. 6#

    风车车
    其实intel漏洞多不是坏事,说明intel产品在实际生产中经过了千锤百炼,暴露出了很多问题,体现了intel的包 ...

    包容的人应该关爱狭隘的人:AMD YES

    暴疯狂笑
  7. 7#

    风车车
    其实intel漏洞多不是坏事,说明intel产品在实际生产中经过了千锤百炼,暴露出了很多问题,体现了intel的包 ...

    说的好。

    我輩樹である
  8. 8#

    darkclown
    有一点道理,就像win和mac
    不过我觉得主要是因为这两年黑客开始重视cpu挖洞导致的,以前注意力不在这块 ...

    英特尔近年问题有一大半是一个问题车轱辘转,就是状态恢复不完备。
    黑客只是对着这个问题反复薅罢了。
    英特尔是针对有风险的具体指令来修正,而黑客针对底子问题举一反三。

    af_x_if
  9. 9#

    50收便宜有漏洞的10900K

    shidan
  10. 10#

    风车车
    其实intel漏洞多不是坏事,说明intel产品在实际生产中经过了千锤百炼,暴露出了很多问题,体现了intel的包 ...

    爵 士 人 生   灯 等灯等灯

    sky也许
  11. 11#

    10代有受影响吗

    csqaclp
  12. 12#

    风车车
    其实intel漏洞多不是坏事,说明intel产品在实际生产中经过了千锤百炼,暴露出了很多问题,体现了intel的包 ...

    其实你这个逻辑   真有人说过   而且非常理直气壮

    chenwen834
  13. 13#

    黑客估计要在股市上发一笔合法的横财 233333

    wun_008
  14. 14#

    intel这一套机制的原理上溯到P6,也就是Pentium Pro

    尼玛这么多年了,围绕着这个轴,要有多少漏洞有多少漏洞

    不彻底推倒重建就解决不了的

    不过推倒重建,导致兼容性问题,intel最重要的卖点就没了

    panzerlied
  15. 15#

    风车车
    其实intel漏洞多不是坏事,说明intel产品在实际生产中经过了千锤百炼,暴露出了很多问题,体现了intel的包 ...

    不是你的这个ID,我TM都傻了

    还体现了无产阶级大无畏的牺牲精神?!

    这时候应该有国际歌响起

    dsboylw
  16. 16#

    panzerlied
    intel这一套机制的原理上溯到P6,也就是Pentium Pro

    尼玛这么多年了,围绕着这个轴,要有多少漏洞有多少漏 ...

    没有到P6,Intel披露最早只到Xeon 51/52/53/54xx系列存在漏洞,而更早的XeonMP则没有。似乎最早的酷睿架构在分支预测和乱序执行方面违反了某些基本的安全设计原则,看来当初酷睿逆袭Athlon64也不是没有付出代价。

    fly-fox
  17. 17#

    fly-fox
    没有到P6,Intel披露最早只到Xeon 51/52/53/54xx系列存在漏洞,而更早的XeonMP则没有。似乎最早的酷睿架 ...

    这类漏洞谁知道是不是故意的呢???????

    fycmouse
  18. 18#

    Affected processors
    --------------------
    Core models (desktop, mobile, Xeon-E3)[这里没提到E5/E7系列] that implement RDRAND and/or RDSEED may
    be affected.

    A processor is affected by SRBDS if its Family_Model and stepping is
    in the following list, with the exception of the listed processors
    exporting MDS_NO while Intel TSX is available yet not enabled. The
    latter class of processors are only affected when Intel TSX is enabled
    by software using TSX_CTRL_MSR otherwise they are not affected.


      =============  ============  ========
      common name    Family_Model  Stepping
      =============  ============  ========
      IvyBridge      06_3AH        All

      Haswell        06_3CH        All
      Haswell_L      06_45H        All
      Haswell_G      06_46H        All

      Broadwell_G    06_47H        All
      Broadwell      06_3DH        All

      Skylake_L      06_4EH        All
      Skylake        06_5EH        All

      Kabylake_L     06_8EH        <= 0xC
      Kabylake       06_9EH        <= 0xD
      =============  ============  ========
    不在名单的上CPU,或者更新的CPU,只需要关闭TSX就不受影响。就不用去黑8系以后的CPU了



    T.JOHN
  19. 19#

    fly-fox
    没有到P6,Intel披露最早只到Xeon 51/52/53/54xx系列存在漏洞,而更早的XeonMP则没有。似乎最早的酷睿架 ...

    Xeon 51 系列就是第一代酷睿的核心

    我隐约记得当时Intel采取了非常激进的内存指令预取,使得内存性能暴增,彻底逆袭了Athlon 64

    Xeon 54 系列,对应最后一代775针脚的酷睿四核心(Q9550 QX9650 这些)

    然后就是 Core i7 ,1366针脚了。。。。

    至于那个上古时代的Xeon MP,其实是奔腾四的 NetBurst 架构,差异非常巨大。
    (我现在还留着一套 Xeon MP 的玩具)

    Mufasa
  20. 20#

    intel这30亿花的真亏。。。看看人amd变着花样的发。

    bxy6126
  21. 21#

    又到了I饭刚出血买买买支持intel的时候了

    wxlg1117
  22. 22#

    T.JOHN
    Affected processors
    --------------------
    Core models (desktop, mobile, Xeon-E3)[这里没提到E5/E7系列] ...

    “只需要关闭TSX就不受影响”,这不是还要关闭TSX么,也有影响。

    yiyiyao
  23. 23#

    fycmouse
    这类漏洞谁知道是不是故意的呢???????

    故意倒不至于,但是为了尽快反超Athlon,放弃了安全倒是有可能。

    fly-fox
  24. 24#

    Mufasa
    Xeon 51 系列就是第一代酷睿的核心

    我隐约记得当时Intel采取了非常激进的内存指令预取,使得内存性能暴增 ...

    所以说当初酷睿的逆袭不是没有代价的,只是这个代价来的太晚,但是也更致命。结合金坷垃离开Intel,也许Intel的王朝真的到了落幕的时候了。
    另外,酷睿虽然逆袭了Athlon,但是在服务器市场,依然不敌Opteron。只到同样内置内存控制器的Nehalem架构Xeon55/56出现,才真正超越AMD。

    fly-fox