Analyzing Core i9-9900K Performance with Spectre and Meltdown Hardware Mitigations

[harlan4096]

One of the key aspects of the most recent Intel processor launch, its Core 9th Generation processors, is that the new design affords some hardware-based protection for a couple of the Spectre and Meltdown family of security vulnerabilities. When these vulnerabilities were first discovered, they were patched using a combination of software and firmware, which unfortunately led to some performance regressions over an unpatched processor. The ultimate goal is for a hardware patch, which is always enabled, that loses zero performance – we’re testing out what the new patches have for us today.

A Recap: Spectre and Meltdown

At the start of 2018, it was announced that two new architecture-based attack vectors had been discovered in modern computer processors. These vectors are based in what are called side-channel attacks: the ability to probe or infer what something else on the processor is doing without actually seeing the workload or its data. But more fundamentally than that, the reason these attacks can occur is down to how the processor is designed. Side-channel attacks on processor speculation, for example, can expose data that wasn’t even intended to be accessed by the program in the first place. And other side-channel attacks can break through memory permission barriers between software like a Buick through a barn.

Because security is the number one factor in all modern day computing (and unfortunately in some cases, an afterthought), this became a serious potential problem quite quickly. The specific vulnerabilities have so far mostly fallen under two broad headings which are now synonymous with these attacks: Spectre and Meltdown. For completeness, there are similar attacks that don’t fall under these headings, but side-channel security is still at the heart of what is being broken.

All vulnerable processor makers were told about these attack vectors around six months before the public, in what is known in the industry as responsible disclosure – find a vulnerability, inform the vulnerable parties, and give them sufficient time to fix the issue before going public, in order to prevent any nefarious individuals exploiting it (and creating what is called a 0-day). In that time, the known attacks were analysed and software-related patches were built. For example, over the course of 2018, Intel started with its newest and high-priority platforms first, and slowly worked its way back through its product catalogue. Other companies had executed similar plans, however Intel has by far been the most high profile of them all.

Full reading: https://www.anandtech.com/show/13659/ana...itigations