Originally Posted by speed_demon
I'll have to link to the article I read earlier. From what I read in the other article, 9th gen chips are not affected in the same way as previous chips and disabling hyperthreading appears to be a partial solution to the vulnerability.
The software mitigation was mentioned in another article as being up to a 40% decrease in performance during benchmarks - Though I'm doubtful the performance difference is quite that extreme.
Edit: Here we are - https://www.tomshardware.com/news/in...ack,39333.html
And another site that affected users are being pointed to for further info - https://mdsattacks.com/
From the source site's FAQ #1 (https://mdsattacks.com/
), it seems that 9th gen chips may actually be more affected in some ways than previous gen chips (underlined for emphasis):
Am I affected?
Very likely. Our attacks affect all modern Intel CPUs in servers, desktops and laptops. This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware. Processors from other vendors (AMD and ARM) do not appear to be affected. Official statements from these vendors can be found in the RIDL and Fallout papers.
It's interesting how some articles are not mentioning this at all. The Ars Technica article
overlooks the advice given by the researchers of disabling HT (only makes a very brief mention to the problem), and also the above about the 9th gen chips. TPU's article
is a bit better, but still doesn't cover the quote above and just says what Intel says, like Ars.
I had to go read the Fallout paper (available from the https://mdsattacks.com/
site), and it's right there on the first page:
Fallout affects all processor generations we have tested. However, we notice a worrying regression, where the newer Coffee Lake R processors are more vulnerable to Fallout than older generations.
And right there on page 2:
In an attempt to claw back some of the performance loss, and to permanently eliminate Fore-shadow and Meltdown related issues, Intel announced already back in 2018 strong, silicon-based Meltdown defenses in future processors enumerating Rogue Data Cache Load resilience (RDCLNO) . With the recent release of the 9th generation Coffee Lake R microarchitecture, such Meltdown-resistant processors are finally available on the mass consumer market. The RDCLNO security feature promises to obviate the need for KPTI and other defenses, while improving overall performance . However, while Intel claims that these fixes address Meltdown and Foreshadow, it remains unclear whether new generations of Intel processors are properly protected against Meltdown-type transient execution attacks. Thus, in this work we set out to investigate the fol-lowing question:
Is kernel data safe in the new generation of processors? Can ad-hoc software mitigations be safely disabled on post-Meltdown Intel hardware?
1.1 Our Contribution
Unfortunately, in this paper, we answer these questions in the negative.
Security Analysis of Speculation Mechanisms and Coffee Lake Refresh. As a final contribution, we present the first analysis of various exception-creation and exception-suppression mechanisms used to mount Fallout across various Intel architectures. As we show, not all creation and suppression mechanisms are interchangeable, and the exact combination is, in fact, architecture dependent. Finally, we show that the hardware change in exception creation and suppression introduced by Intel in the latest Coffee Lake Refresh architecture make them more vulnerable to our attack.
6 Conclusions and Future Work
Flushing-Based Countermeasures. Because the store buffer is not shared across hyperthreads, leaks can only occur when the security domain changes within a hyperthread. Thus, flushing the store buffer on security domain change is sufficient to mitigate the attack. In particular, we verified that using MFENCE as part of the switch from kernel mode to user mode thwarts the attack.
Limitations. As mentioned above, the attacks described in Section 4 are unable to leak information across hyperthreads. Moreover, as Meltdown software countermeasures (KPTI) flush the buffer on leaving the kernel, and as the store buffer is automatically flushed on change of the CR3 register (i.e., on context switch), only latest generation Coffee Lake R machines are vulnerable to the attack described in Section 4. Ironically, the hardware mitigations present in newer generation Coffee Lake R machines make them more vulnerable to Fallout than older generation hardware.
The news sites are not doing their work properly.