Major incoming CPU bugs

A place For General Chit Chat Etc
Site Admin
User avatar
Posts: 5844
Joined: Sat Feb 28, 2009 8:34 pm

Major incoming CPU bugs

Postby antus » Thu Jan 04, 2018 11:20 am

For those who havnt seen this on other sites yet, some interesting thinks are unfolding in the pc processor/operating system world right now. It looks like we need to choose between significantly degraded performance for certain work types, or security on our servers and workstations due to broken (mainly intel) CPUs. Which includes all of them produced in the last 10 years, and they cant be fixed.

Yesterday it sounded bad, today details have leaked ahead of the patches being released for mainstream operating systems.

https://www.wired.com/story/critical-in ... computers/

https://meltdownattack.com/

And I quite like Linus' comment to Intel regarding their patches submitted to the linux kernel: https://lkml.org/lkml/2018/1/3/797

> Any speculative indirect calls in the kernel can be tricked
> to execute any kernel code, which may allow side channel
> attacks that can leak arbitrary kernel data.

Why is this all done without any configuration options?

A *competent* CPU engineer would fix this by making sure speculation
doesn't happen across protection domains. Maybe even a L1 I$ that is
keyed by CPL.

I think somebody inside of Intel needs to really take a long hard look
at their CPU's, and actually admit that they have issues instead of
writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be
written with "not all CPU's are crap" in mind.

Or is Intel basically saying "we are committed to selling you shit
forever and ever, and never fixing anything"?

Because if that's the case, maybe we should start looking towards the
ARM64 people more.

Please talk to management. Because I really see exactly two possibibilities:

- Intel never intends to fix anything

OR

- these workarounds should have a way to disable them.

Which of the two is it?

Linus
Have you read the FAQ? For lots of information and links to significant threads see here: viewtopic.php?f=7&t=1396

User avatar
Posts: 4157
Joined: Mon Jan 04, 2010 10:23 am

Re: Major incoming CPU bugs

Postby The1 » Thu Jan 04, 2018 2:55 pm

Yeh it seems if I'm correct the cloud hyperv type systems will cope it hard and I am worried that people will not deploy the patch due to the performance loss. Amd seems to be ok as most of that stuff wasn't in use anyway, it will be interesting to see how the Intel/amd comparisons tighten up after the patches

Site Admin
User avatar
Posts: 5844
Joined: Sat Feb 28, 2009 8:34 pm

Re: Major incoming CPU bugs

Postby antus » Thu Jan 04, 2018 3:06 pm

The latest is that the Xen hypervisor has a good description of the vulnerabilities. https://xenbits.xen.org/xsa/advisory-254.html
The code execution vulnerability (meltdown) has been called intel only, so Intel will cop the big slowdowns.
The linux kernel has accepted the patch to not slow AMD.
https://git.kernel.org/pub/scm/linux/ke ... 6ac249a9ce
- "Exclude AMD from the PTI enforcement. Not necessarily a fix, but if AMD is so confident that they are not affected, then we should not burden users with the overhead"

The spectre vulnerability seems widespread, and includes intel/amd/arm Source for arm bug matrix: https://developer.arm.com/support/security-update
Patches for spectre have not yet been developed.
The slowdowns for workloads with high I/O (typically server) seem very real. For an example see this amazon thead https://forums.aws.amazon.com/thread.js ... dID=269858
There are some performance benchmarks for different workload types here: https://www.phoronix.com/scan.php?page= ... 6pti&num=1
PGSQL Database have documented observed slowdowns https://www.postgresql.org/message-id/2 ... narazel.de
I Imagine database workloads will be some of the worst affected, and now that there is a proof of concept that works in javascript under chrome, i'd be worried about malicious database stored procedures on shared servers.
Have you read the FAQ? For lots of information and links to significant threads see here: viewtopic.php?f=7&t=1396

Posts: 2595
Joined: Thu Apr 09, 2009 12:31 pm

Re: Major incoming CPU bugs

Postby immortality » Thu Jan 04, 2018 4:40 pm

A lot of this shit is over my head but I'm happy I don't use online cloud storage.

I guess database IT specialists are going to have some long nights ahead.

Site Admin
User avatar
Posts: 5844
Joined: Sat Feb 28, 2009 8:34 pm

Re: Major incoming CPU bugs

Postby antus » Thu Jan 04, 2018 5:08 pm

everyone using a cloud service. home users will be affected but not so much for the typical workflows. amd users wont be hurt as bad as intel as they dont need the workaround which causes the big slowdown for meltdown. Patches will be going mainstream from something like the 9th. Microsoft patches are in testing now in their insider programs too.
Have you read the FAQ? For lots of information and links to significant threads see here: viewtopic.php?f=7&t=1396

User avatar
Posts: 2083
Joined: Fri Mar 14, 2014 8:37 pm
Location: Bacchus Marsh, Vic

Re: Major incoming CPU bugs

Postby Gareth » Thu Jan 04, 2018 8:38 pm

Are you suggesting the xero accounting software that I use is going to get slower?.... FFS....
According to chemistry, alcohol is a solution...

User avatar
Posts: 6458
Joined: Mon Oct 08, 2012 6:41 pm
Location: Kyneton, Vic

Re: Major incoming CPU bugs

Postby vlad01 » Thu Jan 04, 2018 8:41 pm

AMD ftw!

Intel right about now with all their shit going going wrong in the past year.


https://www.youtube.com/watch?v=vnp-tk5J2PM
I'm the director of VSH (Vlad's Spec Holden), because HSV were doing it ass about.

Site Admin
User avatar
Posts: 5844
Joined: Sat Feb 28, 2009 8:34 pm

Re: Major incoming CPU bugs

Postby antus » Wed Jan 10, 2018 11:19 am

It looks our VPS provider patched for meltdown/specre vulns yesteday and in that they must have botched their first attempt as biggvl has reported a post going missing. I assume they tried a second time successfully but a post or two made during that time may have been lost :( If that happened to you - sorry about that!

Ive also had reports of trouble with posts being blocked due to flood protection. I checked the system time and the forum clock was out by several hours which I think could have been confusing the flood protection of the forums. Ive fixed the clock now so any problems similar to that should be resolved now to.

Ive also updated the OS under the fourms in my guest too. I dont expect the fixes will have much performance impact for the forum workloads where most the page rendering is in userland and the database is small enough most of the access would be from ram, not disk.
Have you read the FAQ? For lots of information and links to significant threads see here: viewtopic.php?f=7&t=1396

Posts: 2595
Joined: Thu Apr 09, 2009 12:31 pm

Re: Major incoming CPU bugs

Postby immortality » Wed Jan 10, 2018 11:52 am

Cheers Antus.

User avatar
Posts: 6458
Joined: Mon Oct 08, 2012 6:41 pm
Location: Kyneton, Vic

Re: Major incoming CPU bugs

Postby vlad01 » Wed Jan 10, 2018 8:24 pm

Some more news about this. Turns out intel's meltdown is only partly patched atm and they are working towards a microcode update at the processor level so there is likely some more performance impacts to come.

Number of services have reported notable slowdown already or heavy increase in CPU usage. Epic games released data on server stats, CPU usage for them doubled just about.

Some of ARM's processors are effected by a few variants of spectre, AMD confirmed to be only effected by one of the lesser significant variants of spectre which is software patched at OS level and expected to have next to 0 impact on performance. The ARM stuff is as far as I know all software patches and little performance impact as well.

I recall reading somewhere the 1 variant AMD is effected by in only on regular desktop CPUs and Epyc and Ryzen Pro is not effected due to their extra security features enabled in those lines, someone might be able to confirm this but does sound correct given which I read about the variant specifics.
I'm the director of VSH (Vlad's Spec Holden), because HSV were doing it ass about.

Next

Return to Off Topic

Who is online

Users browsing this forum: No registered users and 1 guest