Some time ago, it became known about a new vulnerability in the speculative architecture of Intel processors, which was called (LVI). Intel has its own opinion about the dangers of LVI and recommendations for its mitigation. Your own defense against such attacks Google engineer. But you will have to pay for security with a decrease in processor performance by an average of 7%.
Earlier, we noted that the danger of LVI lies not in the specific mechanism discovered by the researchers, but in the very principle of the LVI side-channel attack, which was shown for the first time. Thus, a new direction was opened for threats that no one had previously suspected (in any case, this was not mentioned in the public space). Therefore, the value of the development of Google specialist Zola Bridges (Zola Bridges) lies in the fact that his patch mitigates the danger of even unknown new LVI attacks.
Earlier in the GNU project's assembler () changes were made that reduced the risk of the LVI vulnerability. These changes included adding LFENCE, which established a strict sequence between memory accesses before and after the barrier. Testing the patch on one of the Intel processors of the Kaby Lake generation showed a performance decrease of up to 22%.
The Google developer proposed his own patch with the addition of LFENCE instructions to the LLVM compiler set, and called the protection SESES (Speculative Execution Side Effect Suppression). The proposed protection option mitigates both LVI threats and others like them, for example, Specter V1/V4. The implementation of SESES allows the compiler to add LFENCE instructions at the right places during the generation of machine code. For example, substitute them before each instruction to read from memory or write to memory.
LFENCE instructions disable preemptive execution of all subsequent instructions until previous memory reads have completed. Obviously, this affects the performance of processors. The researcher found that, on average, SESES protection reduced the performance of tasks using the protected library by 7,1%. In this case, the spread of productivity decrease ranged from 4 to 23%. The researchers' initial forecast was more pessimistic, suggesting a performance decrease of up to 19 times.
Source: 3dnews.ru