Intel recently disclosed Downfall, a security vulnerability that affects multiple generations of Intel processors – some of which used to be the best CPUs on the market. The chipmaker has rolled out an updated software-level microcode with a fix for the flaw. However, it has caused some alarms since there’s a potential claimed performance impact of up to 50% on AVX2 and AVX-512 workloads involving the Gather instruction.
As a quick recap, Downfall (CVE-2022-40982) is associated with the memory optimization feature inside Intel processors. Downfall exploits the Gather instruction, which speeds up the processor where Intel chips fetch data scattered in different places in the memory. The Gather instruction inadvertently exposes internal hardware registers to software, allowing the latter to tap into data kept by other software. Downfall affects Intel mainstream and server processors, spanning from the Skylake to the Rocket Lake microarchitecture. Therefore, you’re likely affected unless you own one of Intel’s more recent processors, such as Alder Lake, Raptor Lake, or Sapphire Rapids. Intel has put up an extensive list of all the affected chips.
The main concern is how the mitigation will affect the performance of Intel processors. Leading Linux publication Phoronix has evaluated the impact of the Downfall mitigations on Linux. The news outlet tested a pair of Xeon Platinum 8380 (Ice Lake) processors, a Xeon Gold 6226R (Cascade Lake) chip, and a Core i7-1165G7 (Tiger Lake) part. Phoronix utilized diverse real-world software packages that form part of the Intel oneAPI software.
The two Xeon Platinum 8380 were around 6% slower in OpenVKL 1.3.1. With OSPRay 2.12, Phoronix recorded performance hits of up to 34%. The mitigations caused significant decreases in AI workloads, such as Neural Magic DeepSparse 1.5, Tencent NCNN, and QMCPACK, with up to 17% reductions.
The Xeon Gold 6226R benchmark results revealed similar performance deterioration. The Cascade Lake chip lost up to 33% in OSPRay 2.12 and up to 20% in Neural Magic DeepSparse 1.5.
As for the Core i7-1165G7, Phoronix only ran three benchmarks on it, but they were enough to show the performance degradation from the Downfall mitigations. For example, the Core i7-1165G7 delivered 11% lower performance in OpenVLK 1.3.1. On OSPRay 2.12, the mitigations shaved off between 19% to 39% of performance from the Core i7-1165G7.
The good news from Phoronix’s initial set of results is that the performance decrease from the Downfall mitigation was lower than Intel’s forecasted 50% overhead. However, the bad news is that the performance penalty is still significant. AVX instructions aren’t limited to AI or HPC workload tests, either. You can find them in other workloads, such as video encoding or transcoding. Logically, it would be interesting to see which workloads are negatively impacted by the Downfall mitigations. From Phoronix’s preliminary tests, HPC workloads are the most affected.
The microcode update isn’t mandatory. If you want to turn off the mitigation, Intel offers an opt-out mechanism to restore your processor’s performance in vectorization-heavy workloads. Then there is the debate on the complexity of successfully carrying out a Downfall attack. The exploit sounds like a difficult feat overall, but ultimately, it depends on whether you value your security more than performance or vice versa.