All Intel CPUs Affected by Hardware Vulnerability causing 5-30% Performance Slowdown
Huge hardware security flaw exposed on all modern processors in the past week. Meltdown and Spectre exploits allow execution of malicious code by exploiting the way virtual memory is handled at the processor and kernel level. Spectre CPU bugs, that all modern processors are affected by, involve how code branches and how arrays are bounded but will be easy to patch without a performance hit. Meltdown bug, which impacts every Intel CPU from the two decades, on the other hand will require irreversible OS patches that will cause performance hits of 5-30% depending on how kernel intensive the CPU activity is. This WILL affect all Intel based Windows, Linux and MacOS machines. This is probably THE worst bug in the last decade.
Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.
Google says AMD processors are vulnerable, so might want to wait until more info comes out
Only for Spectre, not Meltdown. Google Project Zero says Meltdown, and the huge performance hit that fix causes, is specific to Intel processors. AMD systems will not be impacted https://googleprojectzero.blogspot.c...with-side.html
Quote:
The researchers say they haven't been able to perform the same kind of kernel memory-based speculation on AMD or ARM processors, though they hold out some hope that some way of using this speculation offensively will be developed. While AMD has stated specifically that its chips don't speculate around kernel addresses in this way, ARM has said that some of its designs may be vulnerable, and ARM employees have contributed patches to Linux to protect against Meltdown.
Again, read the article. There are two distinct bugs, Spectre and Meltdown. Spectre affects everyone, Meltdown affects Intel only and is the one that causes the performance hit at the kernel level.
Reading the first article it made it sound at the end that it was more of an issue for cloud providers right? Or is the big concern the performance slapdown everyone is going to get?
Edit: so install your updates, life moves on as normal, everyone gets a slowdown, the base concept of how processors are built has to change. That’s gonna take a while.
Last edited by ResAlien; 01-04-2018 at 09:28 AM.
The Following 3 Users Say Thank You to ResAlien For This Useful Post:
Reading the first article it made it sound at the end that it was more of an issue for cloud providers right? Or is the big concern the performance slapdown everyone is going to get?
Depends on what you do with your machine. Anyone who does kernel and specifically virtual memory intensive activities will be impacted. Reason why cloud providers will be hit hard is virtualization on servers for cloud activities is inherently virtual memory/IO intensive and most servers are Intel based atm because of market share. Also unpatched the bug allows one VM to write to the protected memory of another VM, but patched it would result in an up to 30% performance hit. The security implications are massive if left unpatched.
Quote:
Michael Larabel, the open-source guru behind the Linux-centric Phoronix website, has run a gauntlet of benchmarks using Linux 4.15-rc6, an early release candidate build of the upcoming Linux 4.15 kernel. It includes the new Linux KPTI protections for the Intel CPU kernel flaw. The Core i7-8700K saw a massive performance decrease in FS-Mark 3.3 and Compile Bench, a pair of synthetic I/O benchmarks. PostgreSQL and Redis suffered a loss, but to a far lesser degree. Finally, H.264 video encoding, timed Linux kernel compilation, and FFmpeg video conversion tasks didn’t lose anything.
Your mileage will indeed vary, it seems. Keep in mind that Phoronix’s testing was conducted on a non-final release, and that the Linux and Windows kernels are two very different beasts. More testing will need to be performed to see how the Meltdown patch affects Windows PCs and Macs.
A note of caution: The bug will have an impact on some programs, but the chance of a widespread 30% reduction in performance is slim. Phoronix conducted testing on the patched Linux 4.15-rc6 kernel with an Intel Core i7-6800K and an i7-8700K. It tested applications that are confined to the user space, which are typically indicative of what you would see on a desktop system, and found that these applications "should see minimal change (if any) in performance." That means you will likely see little to no performance impact on your next desktop session, be it gaming or otherwise...
...The performance impact is more pronounced in PostgreSQL, which is an open source object-relational database system. PostgreSQL has issued a warning about performance regression that includes benchmarks showing a 17-23% reduction in performance with the new patch. Redis also appears to suffer a performance loss, but to a lesser extent.
So yeah, data farms will see a hit but the day to day user probably won't even notice. Still sucks.
Other outlets have reported an Intel spokeswoman said Krzanich's decision to sell the shares was unrelated to the security vulnerability disclosed this week.
Yeah, I'm just going to go ahead and call bull#### on that one.
The Following 5 Users Say Thank You to Sr. Mints For This Useful Post:
Intel now being sued in multiple class action lawsuits across the US... incoming refund cheques for all?
Quote:
Three class action complaints have been filed against Intel over the Meltdown and Spectre CPU security flaws that were discovered by researchers earlier this year and widely publicized earlier this week.
The three lawsuits—filed in California, Indiana, and Oregon (PDF)—cite not just the security vulnerabilities and their potential impact, but also Intel's response time to them. Researchers notified Intel about the flaws in June. Now, Intel faces a big headache. The vast majority of its CPUs in use today are impacted, and more class action complaints may be filed beyond these three.
The three complaints also cite suggestions that devices using Intel's CPUs will see significant slowdown as a result of addressing the security flaws. However, that point is in some dispute. In the course of its various public efforts to mitigate damage and address concerns, Intel has publicly said in a statement that these concerns are overblown