FYI: A warning on possible upcoming performance losses for Intel CPUs

https://www.theregister.co.uk/2018/0...u_design_flaw/

A fundamental design flaw (Kernel memory vulnerability) in Intel chips of the past ten years has caused a security vulnerability at the very lowest, most basic and most hidden level of the architecture that Intel cannot fix by themselves. The workaround is that operation systems, both Windows and Linux, need to apply rewrites for the Kernel that will soon be distributed via the OS' usual patch distribution channels. The fix comes at a hefty cost for some, older Intel chips may be threatened to lose up to 30% of performance, with newer chips said to get away with lower losses, as low as 5% - but a loss nevertheless.

The Linux fix seems to also adress AMD chips, but it is unclear to me whether that is due to a newly revealed weakness in AMD chips as well, or is just a precautionary measure.

If in the coming weeks you observe a loss in performance in your systems, this likely is the explanation.

 

I've read that the perfmorance loss doesnt include gaming performance (rather other tasks). Just fyi

 

While that seems to be true for Linux, we are still waiting to see how DirectX will be affected.
https://www.pcworld.com/article/324...cpu-kernel-bug-faq-how-it-affects-pc-mac.html

 

Note that Apple seems to mull something, too, they too use Intel chips.

More info here (thanks @Rotareneg at SBP forums):
https://www.reddit.com/r/sysadmin/comments/7nl8r0/intel_bug_incoming/

 

I read something saying the performance losses may not affect everyday PC and laptop users, but in data centres with servers running Intel chips where every second of performance counts, the effects could be more significant.

 

Some bench results, seems like gaming is not affected.
https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/

 

Just to clarify, this security issue does not affect AMD CPUs, because memory references between Kernel and process memory are not allowed by design on them. Only Intel CPUs fill caches speculatively to speed up processes:

- Tom Lendacky, AMD dev; source: Computerbase

So the workaround of Page-Table-Isolation (PTI) is just that, a workaround. It splits the kernel and user page tables, so a potentially malicious user process can not see the ones of the kernel. The Translation-Lookaside-Buffer (TLB) of an Intel CPU translates a logical address into a physical address and this buffer has to be deleted after every syscall with PTI, which makes Intel CPUs slower. As for performance, Intel users will see a loss of a handful of per cent at most after the impending Windows patch, dependant on game engine and settings. Older iterations are probably more affected than newer ones. The 20% or 30% figures are worst case scenarios with specific syscalls to exacerbate the impact of PTI.

A Linux patch was distributed yesterday for the now older Linux Kernel 4.14.11 and will be available for 4.15 and higher. This is a potential expoit that affects Windows, Linux and MacOS, however no specific attack of this sort has hit the papers yet. The OS developers have to rectify this on a kernel level. Intel specifically has to do that on a root hardware level and has responded as such:

- slashdot

 

I agree that most applications won't see a big slow-down, but from what I've seen, the worst-case slow-down is at least a factor of FOUR.

 

The worst performance loss demionstrated was beyond 50%. But that will not reepresent the standard range of what will be seen in the coming days, the real affects will be in low one digit range, for gamers probbaly irrelevant. Graphics boards under gamiung cidnitions also take no loss. But SSDs could lose some.

Google delivers a statement saying that CPUs not just by Intel but also AMD and ARM are affected.

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

 

AMD are not affected at all as they do not use the same method of keeping pipes open. I do not know about ARM.

edit: intel has power and will use any means to make it seem like others are suffering also, to distract from their F.U.C.K.W.I.T behaviour. Gateway to knowledge.

 

Google seems to have broken the embargo to discuss these attacks, and their statement is referencing 2 different attacks. Intel's statement they put out today, not only being the normal PR BS that they shirk all responsibility in, but they are also being purposely being obtuse by referencing the second attack which affects AMD and ARM.

The Spectre attack affects Intel, AMD, and ARM, but is not the big one everyone is talking about, and wont have a performance decrease when patched up. Meltdown is the big attack that only affects Intel, and is the security fix that is going through Microsoft, Apple, and Linux. This is the one that has supposed big time performance loss in certain applications and scenarios. For normal gaming, the impact will likely be minimal and not have much affect, but for applications that do a lot of syscalls, the impact could be much greater.

 

Meanwhile their CEO sold almost all his stock in November, leaving only the bare minimum required

 

https://www.theverge.com/2018/1/3/16846540/intel-processor-security-flaw-bug-response
https://www.theverge.com/2018/1/3/16846784/microsoft-processor-bug-windows-10-fix

Windows patches for ARM, AMD and Intel CPUs are now in the wild.

In fact a whole armada of patches is reported by some admins to come in, outside the usual timeline of Microsoft.

It also gets vrpeported by some people that if AV is not compatible with these patches, they will not install automatically. Woody Leonhard's well-known blog is at Defcon 2, so status and quality of these patches also currently is unknown and unconfirmed.

Its all a damn nasty and confused mess. Currently. Companies start to point fingers at each other, maybe breaking communication embargos to save themselves.

 

In a perfect and innocent world this would only be a technical problem, however this story evokes the usual IT drama as well. In every field, a typical kind of drama arises when things go south, it's usually fingerpointing in he PC business. In this case a) Intel did not know about this attack vector and this security issue is just new or b) the Intel hardware architects knew what they were doing and took a calculated risk by quote on quote 'making their products faster than the competition'-
It'll get interesting with the cloud computing vendors and customers who use Intel server clusters and are dependant on I/O performance. I wonder what the service contracts say about that. Ultimately, this can't be fixed with a microcode update to fix the bug and to retain the old performance. Must have software updates are doable, must have hardware upgrades are a PITA.

 

Update is out, btw. My PC didn't blow and didn't slow to a crawl, surprise, no noticeable changes playing CPU hungry games like Divison either.

 

I suppose it's possible they didn't know, but AMD having mitigation in place from the start suggests it's a relatively obvious thing to avoid.

I think it's more likely a price thing than speed though (adding hardware makes costs higher), the fix is only slow because it's software preventing use of the hardware feature entirely.

 

I wonder if the update comes with a new back door hidden away a bit better this time, those pesky Assange's and Snowden's of this world kind of spoiled the party on this bug (AKA design feature)

 

Actually it is TWO major bugs, named "Spectre" and "Meltdown". The one affects only Intel, the other affects Intel, ARM and AMD. Reports say Intel knows it since month.

I want Intel getting sued into a deep black holefor nevertheless releasing the 8th generation chips. They should have delayed it instead of knowingly releasing a porked product. Mind you: it was a new product release, not just continuation of an old production line.

 

Yes, gaming seems to be less or non-affected. Some business tasks are less happy. I had a call from a buddy this morning who works in a company doing industrial photo editing and establishing CAD graphics on this basis. Their machines went to a crawl yesterday late afternoon. Its so serious that timetables for processing their orders until end of next week is under threat. They probably must replace some of their machines. What they have, pretty much is a worst case meltdown, and it potentially threatens them on an existential level.

Its like with the messups Windows updates are causing since three years, frequently. Us gamers usually do not take much notice of it - you have to ask and talk to IT amdins to learn about the slow motion disaster Microsoft has unleashed with "Windows 10 as a service" and cumulative mandatory beta testing of unmature techcnical fixes and repairs by private and business customers. Its from this perpsective why I dispise Windows and Microsoft so much and with a passion. The private crowd, the ordinary public usually does not take note this. The damages caused in the US and European and Japanese and Korean economy, last year were estimated by some IT monitor to range in the higher three digits range of millions for 2015. Especially for small enterprises and private businesses, such loss of money due to blocked, failing or misfunctioning IT hardware easily can become life-threatening.

Our society's whole dependency on computers and the amount of non-existing protection and hardening of our IT infrastructure, is life-threatening. In the IT-networks, world war three already is in full swing.

 

https://www.youtube.com/watch?time_continue=434&v=_qZksorJAuY

i7 8700K pre and post update benchmarking. Gaming practically is unaffected, but 4K SSD reading sees a drop of 20-25%. Also, while desktop users look as beuign mostly unaffected, for sever centres the small chnages there are could accumulate and show to be of a more serious net effect.