LLVM Lands Performance-Hitting Mitigation For Intel LVI Vulnerability

The LVI mitigation in LLVM also hurt the LAME MP3 encode performance but with virtually no impact to the FLAC code-base.

Google's LevelDB key-value store was also seeing a measurable hit to the performance when compiling by Clang with the LVI mitigation enabled.

The common SQLite embedded database library is another real-world application seeing a sizable performance hit from LLVM's LVI mitigation.

If doing any local web development or SOHO hosting from an Intel Core i9 setup, the Nginx web server performance did see a minor hit to the performance.

With the geometric mean from this initial set of LLVM LVI benchmarks, the impact of enabling LVI with the set of tested applications was about a 9% hit. This was less overall than the GNU Assembler mitigations that utilize more LFENCE instructions for mitigation against the Load Value Injection attack.

From this initial round of testing today on an Intel Core i9 9900K following this LVI mitigation being merged into the LLVM/Clang 11.0 code-base, there is certainly a measurable performance penalty when compiling software with the new "-mlvi-cfi" option. At least for now, however, the LLVM LVI mitigation is not being enabled by default -- similar to the GNU toolchain behavior. It remains to be seen if the option will be see any default enabling in either toolchain but so far at least Intel has characterized Load Value Injection as being mainly a theoretical attack. In any case, it was significant enough for Intel's compiler engineers to punctually mitigate it with these compiler toolchain changes.