SiSoftware Sandra Titanium (2018) SP4/a Update: Retpoline and hardware support

We are pleased to release SP4/a (Service Pack 4/a – version 28.61) update for Sandra Titanium (2018) with the following updates:

Sandra Titanium (2018) Press Release

  • Reporting of Operating System (Windows) speculation control settings for the recently discovered vulnerabilities:
    • Kernel Retpoline mitigation status in recent Windows 10 / Server 2019 updates
    • Kernel Address Table Import Optimisation status (as above)
    • L1TF – L1 data terminal fault mitigation status
  • Hardware Support:
    • AMD Ryzen2 (Matisse), Stoney Ridge support
    • Intel CometLake (CML), CannonLake (CNL), IceLake (ICL) support (based on public information)
  • CPU Benchmarks:
    • Image Processing: SIMD code improvement (SSE2/SSE4/AVX/AVX2-FMA/AVX512)
  • Memory/Cache Benchmarks
    • Return memory controller firmware version to Ranker
  • GPGPU Benchmarks:
    • CUDA SDK 10.1
    • OpenCL: Processing (Fractals/Mandelbrot) variable vector width based on reported FP16/32/64 optimal SIMD width.
  • Ranker, Price & Information Engines
    • HTTPS (encryption) support for all engines as well as the main website

What is Retpoline?

It is a mitigation against ‘Spectre‘ 2 variant (BTI – Branch Target Injection) that affects just about all CPUs (not just Intel but AMD, ARM, etc.). While ‘Spectre’ does not have the same overall performance impact degradation as ‘Meltdown‘ (RDCL – Rogue Data Cache Load) it can have a sizeable impact on some processors and workloads. At this time no CPUs contain hardware mitigation for Spectre without performance impact.

Retpoline (Return Trampoline) is a faster way to mitigate against it without restricting branch speculation in kernel mode (using IBRS/IBPB) and has recently been added to Linux and now Windows version 1809 builds with KB4482887. Note that it still needs to be enabled in registry via the Mitigation Features Override flags as by default it is not enabled.

What CPUs can Retpoline be used on?

Unfortunately Retpoline is only safe to use on some CPUs: AMD CPUs (though does not engage on Ryzen, see below), Intel Broadwell or older (v5 and earlier) – thus not Skylake (v6 or later).

Windows speculation control settings reporting:

Intel Haswell (Core v4), Broadwell (v5) – Retpoline enabled, KATI enabled
Kernel Retpoline Speculation Control – Enabled

Kernel Address Table Import Optimisation – Enabled

(Note RDCL mitigations KVA, L1TF are also enabled as required)

Intel Skylake (Core v6), Kabylake (v7), Skylake/Kabylake-X (v6x) – no Retpoline, KATI can be enabled
Kernel Retpoline Speculation Control – no

Kernel Address Table Import Optimisation – no/yes (can be enabled)

(Note RDCL mitigations KVA, L1TF are enabled as required)

Intel Coffeelake-R (Core v8r), Whiskeylake/AmberLake (Core v8r), CometLake* – no Retpoline but KATI enabled
Kernel Retpoline Speculation Control – no

Kernel Address Table Import Optimisation – Enabled

(Note CPU does not require RDCL mitigation thus no KVA, L1TF required)

Intel Atom Braswell (Atom v5), GeminiLake/ApolloLake (Atom v6) – no Retpoline but KATI enabled
Kernel Retpoline Speculation Control – no

Kernel Address Table Import Optimisation – Enabled

(Note RDCL mitigations KVA, L1TF are enabled as required)

AMD Ryzen (Threadripper) 1, 2 – no Retpoline, no KATI
Kernel Retpoline Speculation Control – no (should be usable?)

Kernel Address Table Import Optimisation – no (should be usable)

(Note CPU does not require RDCL mitigation thus no KVA, L1TF required)

From our somewhat limited testing above it seems that:

  • Intel Haswell/Broadwell (Core v4/v5) and perhaps earlier (Ivy Bridge/Sandy Bridge Core v3/v2) users are in luck, Retpoline is enabled and should improve performance; unfortunately KVA (Meltdown mitigation) remains.
  • Intel Coffeelake-R (Core v8r refresh), Whiskylake ULV (v8r) users do benefit a bit more for their investment – while Retpoline is not enabled, KATI is enabled and should help. Not requiring KVA is the biggest gain of CFL-R.
  • Intel Skylake (Core v6), Kabylake (v7) and Coffeelake (v8) are not able to benefit from Retpoline but KATI can work on some systems (driver dependent). However, on our Skylake ULV, Skylake-X test systems KATI could not be enabled. We are investigating further.
  • Intel Atom (v4/v5+) users should be able to use Retpoline but it seems it cannot be enabled currently. KATI is enabled.
  • AMD Ryzen (Threadripper) 1, 2 users should also be able to use Retpoline but it seems it cannot be enabled currently. While KVA is not required, mitigations for Spectre v2 are required and should be enabled. We are investigating further.

Commercial version customers can download the free updates from their software distributor; Lite users please download from your favourite download site.

Download Sandra Lite