Are these mitigations still necessary? I thought Intel has released a microcode update to fix it.

Interesting. I personally choose the performance option.

There is no fix, only mitigations that affect performance (microcodes included). A fix would require a change in hardware design, which means most processors for the next year or so will still have this bug.

Main difference vs microcode is that (opensource) software mitigations are pretty much guaranteed to protect you as their source is available, while microcodes are opaque blobs where you can't be sure of what they do at all.

This is also the case for Windows.

No, they microcode updates only allow certain mechanisms like IBRS, IBPB and STIBP to be used. That is AFAIK only about spectre variant 2 and generally much slower than solutions like retpoline, while arguably being more save.

So no, especially meltdown is not going to be fixed by microcode updates but only by new hardware. On AMD you don't need have meltdown, so the difference in performance should be much smaller.

Cool to see recently upstream kernels 3.2 and 3.16 get mitigated too:

Maybe it is time for quarterly all-around recapitulation mitigations aftermath... i mean including older distros, but also Windows 7 because Windows versions other than Windows 10 and nearly 3 years after still represents majorty

That said and going a bit further maybe to note how 32bit Linux OS (if updated) is same safe now, but only on AMD CPUs since these are not affected by Meltdown and mitigation for that is missing for 32bit

That is kind of weird to me since Intel had more newer 32bit only CPUs released

He said "screw" 3 times (screw it, screw them, screw Skylake) i think one time is enough and has best performance

It is broken hardware, things are best summed with just one or two words He prefer to screwing things around, i prefer to just say what really is - so it is broken hardware, these are hardware design flaws... ideally no one should need software fixes like these shitty mitigations, but it is what it is

Spectre and the derivative techniques based on it (e.g meltdown) exploits a feature of the CPU that predicts upcoming instructions and precomputes so that in case they are used no additional computing will be necessary in real time.

Lets say if the CPU was a housemate and knew that tomorrow is Saturday it would dry-clean freshen up and iron your 3 most probable night club outfits so that if the time comes for you to go out and party at Saturday night, you would not need to wait for those things to happen because the housekeeper (cpu) has already taken care of them the day before.

And it does that for more than 1 outfit (since the cpu/house keeper does not know what you will use it can only predict what is plausible for you to wear given previous instructions or in our example's case her/his memory about your routine and taste in clothes)

Hackers can get advantage of this because those precomputations leave a footprint which if they give a bait calculation they can find its track and in that way learn some things on how to manipulated the memory on which those tracks exist within the CPU.

So the only fix/mitigation is to disable that prediction feature.


And the only performance draw back you gonna see is in software that takes advantage of this prediction feature and the impact will depend on how frequently it uses that feature...

For example this is a reason why in video games where the memory changes depending on an unpredictable and non normalized input (user's movements etc) you see close to 0 difference because that feature of the CPU has little to no application in that situation.


Or in other words if you know how an application works you know if you gonna get a performance hit by the "mitigation" aka by having that prediction feature of the CPU disabled.

well it obviously is inaccurate to a varying degree since I wrote a metaphor to convey what is happening.

metaphors are obviously not 100% accurate lol.

They are used though to convey an underlying fact.

And last time I checked (e.g here https://www.kb.cert.org/vuls/id/584653) the underlying problem as a matter of fact is the branch prediction features of the CPUs mainly made by Intel which are there to increase performance.


So if you want to get more technicall you can just read the link I assumed that the user I was responding to (as well as most of the world) would not be interested in that and would like a simple explanation hence the housekeeper metaphor as well as the other analogies I used.

Interesting to se those SQL benches