Sign in to follow this  
Haswell

Intel chip flaw forces OS kernel redesign - 5-30% performance loss predicted

27 posts in this topic

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

Quote

A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.

Similar operating systems, such as Apple's 64-bit macOS, will also need to be updated – the flaw is in the Intel x86-64 hardware, and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or go buy a new processor without the design blunder.

More technical stuff:
http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table
https://news.ycombinator.com/item?id=16046636
Summary of attack vector https://news.ycombinator.com/item?id=16001476

AMD chips seem unaffected https://lkml.org/lkml/2017/12/27/2

@Folterknecht @OOPMan

Share this post


Link to post
Share on other sites

Is this a straight potential 30% hit to everyday users (gaming etc), or something that won't be that noticeable?  

Share this post


Link to post
Share on other sites
1 hour ago, cavman276 said:

Is this a straight potential 30% hit to everyday users (gaming etc), or something that won't be that noticeable?  

Oh, you'll probably notice it since this has to do with memory addressing

Share this post


Link to post
Share on other sites
1 hour ago, Sidus_Preclarum said:

I thought I read that he had just purchased those stocks recently at employee pricing, and then nearly promptly re-sold them at public value

Share this post


Link to post
Share on other sites
53 minutes ago, Fulcrous said:

Yeah, PCGamer said the same is expected with Windows.

It seems this issue mostly relates to systems run multiple OSes at once, such as cloud compute hardware nodes.

Share this post


Link to post
Share on other sites

https://github.com/torvalds/linux/commit/00a5ae218d57741088068799b810416ac249a9ce

Quote
   - Exclude AMD from the PTI enforcement. Not necessarily a fix, but if
     AMD is so confident that they are not affected, then we should not
     burden users with the overhead"

Looks like AMD users (for Linux) are in the clear for now.

 

13 hours ago, Fulcrous said:

NO hits to gaming/regular perf as expected.

https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/

One bench is fairly insignificant, need more data for CPU bottlenecks. BUT I think it wouldn't be that bad, or even noticeable to the unaware masses.

Share this post


Link to post
Share on other sites
On 03/01/2018 at 2:24 PM, Sidus_Preclarum said:

dt12jdw1q1801.png

Share this post


Link to post
Share on other sites

Wew, and I wanted intel for my next rig. Guess I'm cured of that. :doge: Also: some people went ahead with updating their windowses to get some ban-aid for this issue and get into trouble when running amd. Or so I've heard.

Share this post


Link to post
Share on other sites
4 hours ago, orzel286 said:

Wew, and I wanted intel for my next rig. Guess I'm cured of that. :doge:

Don't forget that while Meltdown mostly affects Intel, Spectre is a problem for AMD and ARM too.

Share this post


Link to post
Share on other sites
On 1/4/2018 at 2:41 AM, Haswell said:

Looks like AMD users (for Linux) are in the clear for now.

The pre Ryzen AMD CPUs are still vulnerable to Spectre.  SOme of them may be vulnerable to Meltdown.  I've seen conflicting info on that.

Share this post


Link to post
Share on other sites

https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/

Quote
  • With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.
  • With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
  • With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
  • Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

Much rip for old chips.

Share this post


Link to post
Share on other sites

rip my PC. Looks like when I upgrade it will have to be CPU, GPU, PSU and SSD.

 

FML

 

Now that brings up the question, what CPU? 

 

reading through it, looks like the spectre fixes are causing the performance drop so does that mean older AMD cards are rip too? 

Share this post


Link to post
Share on other sites
13 hours ago, MagicalFlyingFox said:

rip my PC. Looks like when I upgrade it will have to be CPU, GPU, PSU and SSD.

 

FML

 

Now that brings up the question, what CPU? 

 

reading through it, looks like the spectre fixes are causing the performance drop so does that mean older AMD cards are rip too? 

In hindsight I'm happy that I waited with Coffeellake (first wanted to see Z390) and instead switched from 3570K to 3770K. I 'll lean back and wait for new CPUs to be released.

The question is when these fixes will be implemented in hardware. Zen+ (spring '18) won't have them I'm pretty sure.

Share this post


Link to post
Share on other sites
16 hours ago, MagicalFlyingFox said:

rip my PC. Looks like when I upgrade it will have to be CPU, GPU, PSU and SSD.

 

FML

 

Now that brings up the question, what CPU? 

 

reading through it, looks like the spectre fixes are causing the performance drop so does that mean older AMD cards are rip too? 

Why? Not like you running VMs and stuff, impact will (is) marginal. 

Share this post


Link to post
Share on other sites

Intel benchmarks https://newsroom.intel.com/editorials/intel-security-issue-update-initial-performance-data-results-client-systems/

In summary, no more than 10% performance loss for artificial workloads on Win7 and Win10 up to Skylake. No stats for servers yet though.

Share this post


Link to post
Share on other sites

More Spectre and Meltdown variants found, 2018 just isn't Intel's year.

https://www.theregister.co.uk/2018/02/14/meltdown_spectre_exploit_variants/

Quote

When details of the Meltdown and Spectre CPU security vulnerabilities emerged last month, the researchers involved hinted that further exploits may be developed beyond the early proof-of-concept examples.

It didn't take long. In a research paper – "MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols" – out this month, bit boffins from Princeton University and chip designer Nvidia describe variants of Meltdown and Spectre exploit code that can be used to conduct side-channel timing attacks.

Updated to add

In a statement provided to The Register via email after this story was published, an Intel spokesperson suggested existing hardware mitigations would be adequate without specifically addressing the doubts raised by the researchers.

“We have received a copy of the research report,” the spokesperson said. “The side-channel analysis methods described in that report are similar to techniques disclosed by Google Project Zero and referred to as Spectre and Meltdown. Intel anticipates that the mitigations for Spectre and Meltdown will be similarly effective against the methods described in that report.”

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.