Jump to content

Intel Kernel Memory Flaw - "Looking at a Ballpark Figure of 5-30% slow down"


Recommended Posts

Posted (edited)

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

 

Apparently affects almost all modern Intel CPUs (from around the first Core generation to current ones).

 

A bad enough security flaw that the Linux community as well as Microsoft are attempting to censor and obfuscate all discussion of it for the time being while they work on a fix. Makes it so that any old Javascript running on your browser can access your kernel memory and hijack your PC, I guess.

 

A reddit discussion thread for more information: https://www.reddit.com/r/Games/comments/7nqgpb/intel_cpus_processor_design_flaw_may_cause_5_to/

Edited by Bartimaeus
Quote

How I have existed fills me with horror. For I have failed in everything - spelling, arithmetic, riding, tennis, golf; dancing, singing, acting; wife, mistress, whore, friend. Even cooking. And I do not excuse myself with the usual escape of 'not trying'. I tried with all my heart.

In my dreams, I am not crippled. In my dreams, I dance.

Posted (edited)

30 % performance hit ?.

 

So, never update windows again ?

I mean, if you're okay with any javascript you happen to run across while browsing being able to hijack your PC, sure. Note that this can include poorly curated ads...

Edited by Bartimaeus
Quote

How I have existed fills me with horror. For I have failed in everything - spelling, arithmetic, riding, tennis, golf; dancing, singing, acting; wife, mistress, whore, friend. Even cooking. And I do not excuse myself with the usual escape of 'not trying'. I tried with all my heart.

In my dreams, I am not crippled. In my dreams, I dance.

Posted (edited)

30 % performance hit ?.

 

So, never update windows again ?

 

Time for a Ryzen build I guess. 

 

The 30% figure is not a "ballpark" as it is stated in the news articles but comes from a benchmark doing nothing but the sort of calls that will experience a slowdown after the fixes. It is a worst case scenario that doesn't apply to real life application/consumers and much less gamers - games are already designed in a way that avoid the sort of instructions that will experience a performance hit. Do not forgo the update. :)

 

There will still be a performance drop and it is both a security and PR disaster for Intel and just the sort of boost AMD could use to (finally, I guess) get more than a toe into the server market because that is the area that's most affected - both security and performance wise. It's an absolute nightmare for public  cloud services (Amazon EC2/AWS, Microsoft Azure, etc.).

Edited by majestic
  • Like 3

No mind to think. No will to break. No voice to cry suffering.

Posted

From what I've seen the minimum hit is ~5% though, since everything does system calls including games. Not nearly as bad as the worse case but since it's a straight hardware fault the only true fix is to redesign the processor. And I suspect from the secret squirrel response that there wouldn't even be an option not to update short of air gapping anyway.

 

Very good news for AMD though, it puts Ryzen on the same effective IPC as Intel already with a refresh coming that ought to have a decent potential boost to both IPC and overclock potential. Plus if Epyc does get a foot in the door for servers that's real money. Then again AMD does have their segfault issue as well.

Posted

From what I've seen the minimum hit is ~5% though, since everything does system calls including games. Not nearly as bad as the worse case but since it's a straight hardware fault the only true fix is to redesign the processor. And I suspect from the secret squirrel response that there wouldn't even be an option not to update short of air gapping anyway.

 

Very good news for AMD though, it puts Ryzen on the same effective IPC as Intel already with a refresh coming that ought to have a decent potential boost to both IPC and overclock potential. Plus if Epyc does get a foot in the door for servers that's real money. Then again AMD does have their segfault issue as well.

 

Barti's reddit link has game benchmarks for Linux showing no decrease in frame rate after the fix. Since system calls are mostly IO operations that makes sense. It also won't measurably affect latency times in online games because the bottleneck is the lag on the line, not the actual packet processing. We're not going to see a 5% measurable performance decrease in actual gaming in my opinion - but I might be wrong and extrapolating from Linux gaming isn't exactly a safe bet for a Microsoft patch.

 

What I'm really looking forward to is our databases at work dropping a 10+% in performance over night. Yay. Blargh.

 

It's only good news for AMD if they can deliver. I doubt they can cover a spike in demand considering that their production capacity is rather limited right now. But here's to hoping they can pick up some of Intel's slack - a bit of competition would be good for us.

No mind to think. No will to break. No voice to cry suffering.

Posted

What I'm really looking forward to is our databases at work dropping a 10+% in performance over night. Yay. Blargh.

 

 

I am looking forward to using this as a reason for client's systems running slow when they file tickets with me. 

 

Would be interesting to hear more on how this bug went undetected for so long.

Why has elegance found so little following? Elegance has the disadvantage that hard work is needed to achieve it and a good education to appreciate it. - Edsger Wybe Dijkstra

Posted

Well, maybe certain people knew. Like intelligence agencies. You can sell an exploit like that for a lot of money. The moment it's public, it's worthless though. 

 

Remember the theories around the last round of wannacry ransomware. 

Na na  na na  na na  ...

greg358 from Darksouls 3 PVP is a CHEATER.

That is all.

 

Posted

Well, seen that Intel discovered this as of Nov 2017 or 8 months ago (though in both cases it's '"Some say.." tier of FOAF BS).  

 

Some tests with pre- and post-patch are out (in German though)

 

https://www.hardwareluxx.de/index.php/news/hardware/prozessoren/45319-intel-kaempft-mit-schwerer-sicherheitsluecke-im-prozessor-design.html

 

https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/

  • Like 2

Why has elegance found so little following? Elegance has the disadvantage that hard work is needed to achieve it and a good education to appreciate it. - Edsger Wybe Dijkstra

Posted

All of this makes me wish I did better in my Computer Architecture classes.  Then I might be earning big money :lol:

Why has elegance found so little following? Elegance has the disadvantage that hard work is needed to achieve it and a good education to appreciate it. - Edsger Wybe Dijkstra

Posted

Doom loses 10 fps near as i can tell. It's not the end of the world I guess. 

 

Yeah, it's basically in the 3-5% reduction range for games (well, the four games tested, and not in GPU limited scenarios like 4k) which isn't great but also isn't a catastrophe except PR wise.

  • Like 1
Posted

 

Doom loses 10 fps near as i can tell. It's not the end of the world I guess. 

 

Yeah, it's basically in the 3-5% reduction range for games (well, the four games tested, and not in GPU limited scenarios like 4k) which isn't great but also isn't a catastrophe except PR wise.

 

Indeed. Guess I was wrong, although technically not even Battlefront dropped by a full 5%, but it's close enough. They should probably test SWTOR. That game has a nightmarish amount of disk usage - enough to make people claim that it killed their SSDs.

No mind to think. No will to break. No voice to cry suffering.

Posted

Hm, so right now there are two vulnerabilities - Meltdown and Spectre. The Intel one is Meltdown and is more urgent.

 

https://meltdownattack.com/

  • Like 1

Why has elegance found so little following? Elegance has the disadvantage that hard work is needed to achieve it and a good education to appreciate it. - Edsger Wybe Dijkstra

Posted

May not be that related, but things like this are why I've never been very happy with the world going more and more completely computer/electronic-storage dependent. Wouldn't take much for all that info to be lost. Backup and backup and physical hardcopy as much as possible, man. Also, it's why I don't use the "cloud," at least in terms of modern usage of the term. More and more I want to retreat from it but it's such a part of the world now it's impossible to do so completely unless you want to go mountain-man.

 

I didn't see it linked to, so I'll just add this general-report forbes article to it. Probably has nothing too different, but never hurts to read more perspectives, especially for non-techie people.

https://www.forbes.com/sites/thomasbrewster/2018/01/03/intel-meltdown-spectre-vulnerabilities-leave-millions-open-to-cyber-attack/#5f0170bd3932

 

...at any rate, a small drop in gaming performance isn't something I'm likely to notice on a personal level, if I must endure it at some point. It'll be interesting to see how this all pans out in the long run. And kinda makes me glad I (still) haven't built a new PC yet so I can wait and see before doing so.

“Things are as they are. Looking out into the universe at night, we make no comparisons between right and wrong stars, nor between well and badly arranged constellations.” – Alan Watts
Posted

Contrary to what AMD would like you to believe, AMD chips are also affected by the Meltdown and Spectre security exploits, as are ARM chips. This is very far reaching. The Linux kernel has already had a couple preliminary patches made available (FOSS is agile like that), presumably Windows and Apple engineers are testing patches as I write this.

sky_twister_suzu.gif.bca4b31c6a14735a9a4b5a279a428774.gif
🇺🇸RFK Jr 2024🇺🇸

"Any organization created out of fear must create fear to survive." - Bill Hicks

Posted

That doesn't look bad at all. If (and it's a big if) the rumours about meltdown requiring some further fixing are true it might still get worse but at the moment it certainly doesn't look significant for the average desktop user.

 

Contrary to what AMD would like you to believe, AMD chips are also affected by the Meltdown and Spectre security exploits, as are ARM chips. This is very far reaching. The Linux kernel has already had a couple preliminary patches made available (FOSS is agile like that), presumably Windows and Apple engineers are testing patches as I write this.

 

Everyone and everything (nearly) is effected by Spectre, even including RISC chips. The only source I've seen for everyone being effected by Meltdown though is Intel FUD trying to conflate the two issues. Everything else says it's Intel specific.

  • Like 2
Posted

Following this on Reddit with the typical fanboys and inability to read and conclusion jumping has been fun.

 

I guess we are lucky it is hard to exploit Spectre

  • Like 2

Why has elegance found so little following? Elegance has the disadvantage that hard work is needed to achieve it and a good education to appreciate it. - Edsger Wybe Dijkstra

Posted (edited)

It needs to be pointed out that this isn't a "kernel" flaw: the kernel is software e.g. Linux. Intel only makes the CPU and its microcode. The flaw is in the CPU but its being mitigated -- at a substantial cost -- by Linux. Epic Games' Fortnite's servers experienced much more than a 30 or even 50 percent slowdown btw, so these slowdowns aren't just theoretical.

 

https://www.epicgames.com/fortnite/forums/news/announcements/132642-epic-services-stability-update

Edited by Jozape
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...