Intel’s mitigations for new Spectre V2 vulnerability affect CPU performance by up to 35%

by ·

Branch History Injection (BHI) is a new variant of the Spectre V2 vulnerability that affects several Intel and Arm processors, was announced earlier this week by the Systems and Network Security Group at Vrije Universiteit Amsterdam. Tests conducted by Phoronix showed that affected processors experienced up to a 35 percent performance drop under the new BHI mitigations.

Intel plans to release security updates for the company’s affected processors, but the patching process will take longer due to the high number of affected processors. Intel’s Haswell series of processors are the most vulnerable of the company’s chips. The Linux community has launched mitigations to fix the affected CPUs on its operating system, and the kernel has been updated shortly after the vulnerability was announced.

The researcher recommends enabling retpoline to mitigate BHI. The recommendation includes processors currently equipped with critical Spectre V2 hardware mitigations. For Intel platforms, this would require eIBRS (Enhanced Indirect Branch Restricted Speculation) and additional retpoline to work in parallel with each other, as eIBRS is not sufficient to defend against BHI.

As shown by Phoronix’s Intel Core i9-12900K results, after activating Retpolines, the performance loss is 26.7%, and the latter is 14.5%. This is the price of these mitigations, all external I/O from the chip is slowed down. Processes such as image processing and internet browsing were affected and did not show a negligible impact.The Core i7-1185G7 benchmark results show that the execution efficiency is reduced by 35.6%, and in the Flexible IO Tester, the execution efficiency is reduced by 34.1%. Second, processes that do not rely on I/O or system management do not experience severe performance degradation, such as gaming, Internet browsing, and other everyday tasks.

It is conceivable that Intel and software engineers will need additional time and effort to reduce the impact of BHI mitigation. However, for now, it can be very difficult to roll out such a patch across servers and different frameworks that do a lot of I/O upgrade work.

Tags: