Personal computing discussed

Moderators: renee, Flying Fox, morphine

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 8
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Intel Processor bug incoming?

Thu Jan 04, 2018 11:40 am

Man, this pair of exploits has turned into a major dumpster fire...
Nostalgia isn't what it used to be.
 
chuckula
Minister of Gerbil Affairs
Posts: 2109
Joined: Wed Jan 23, 2008 9:18 pm
Location: Probably where I don't belong.

Re: Intel Processor bug incoming?

Thu Jan 04, 2018 11:49 am

just brew it! wrote:
Man, this pair of exploits has turned into a major dumpster fire...


Some men just want to watch the CPUs burn leak information.
4770K @ 4.7 GHz; 32GB DDR3-2133; Officially RX-560... that's right AMD you shills!; 512GB 840 Pro (2x); Fractal Define XL-R2; NZXT Kraken-X60
--Many thanks to the TR Forum for advice in getting it built.
 
Glorious
Gerbilus Supremus
Posts: 12343
Joined: Tue Aug 27, 2002 6:35 pm

Re: Intel Processor bug incoming?

Thu Jan 04, 2018 11:52 am

I'm personally loving the official PR statements of both AMD and Intel: Classic understatement & misdirection without outright lying.

It's like they are throwing gasoline on the internet's hellish fire of confusion and poorly informed speculation.
 
Kougar
Minister of Gerbil Affairs
Posts: 2306
Joined: Tue Dec 02, 2008 2:12 am
Location: Texas

Re: Intel Processor bug incoming?

Thu Jan 04, 2018 1:40 pm

This is some seriously crazy stuff, been great to read the posts in this thread as it helps me understand at least a little bit of this. I won't quote a million posts, but I have a question that I'm not sure can be answered yet. The performance impact of patching Meltdown is understood, but not Spectre.

If I understand correctly there currently there is no complete immunization possible against Spectre, just patch stopgaps against specific vectors, and a CPU hardware change is required for full immunization. So does anyone have even a vague idea what kind of performance impact these hardware changes to prevent Spectre will incur on future hardware? Nevermind that every Out-of-Order CPU vender is affected by it and will have to make their own changes.
 
thecoldanddarkone
Minister of Gerbil Affairs
Posts: 2449
Joined: Wed Mar 26, 2003 4:35 pm

Re: Intel Processor bug incoming?

Thu Jan 04, 2018 3:16 pm

This is for my p51. Which links to the Intel-sa-00088

[Important updates]
- Enhancement to address CVE-2017-5715. (this update was released on Christmas Day). I couldn't figure out why it was so important... Timing is everything...
I7 4930k, 32 GB Ballistix DDRL3@2133 , 1.2 TB Intel 750 AIC, 500 GB mx200, Sapphire R9 Fury, asus x79 ws, HP ZR24w, edifier s730
HP Pro x2 612- i5-4302Y, 8 gigs of memory, 256 ssd
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Intel Processor bug incoming?

Thu Jan 04, 2018 4:37 pm

Kougar wrote:
If I understand correctly there currently there is no complete immunization possible against Spectre, just patch stopgaps against specific vectors, and a CPU hardware change is required for full immunization. So does anyone have even a vague idea what kind of performance impact these hardware changes to prevent Spectre will incur on future hardware? Nevermind that every Out-of-Order CPU vender is affected by it and will have to make their own changes.

Off the top of my head, you'd need a way for the compiler to tell the CPU not to speculatively execute beyond a certain point if the result of a prior test is not yet known. So it's basically the cost of the extra CPU instruction to do that, and the loss of efficiency in the CPU's pipelines since you'll have more pipeline stalls/bubbles. For code that doesn't do a lot of the potentially vulnerable "double indirect" memory references the penalty would probably be pretty small (as in, not noticeable except in synthetic benchmarks).

But who knows...
Nostalgia isn't what it used to be.
 
DancinJack
Maximum Gerbil
Posts: 4494
Joined: Sat Nov 25, 2006 3:21 pm
Location: Kansas

Re: Intel Processor bug incoming?

Thu Jan 04, 2018 4:59 pm

https://security.googleblog.com/2018/01 ... cpu_4.html

Google with a nice little workaround for their servers.
i7 6700K - Z170 - 16GiB DDR4 - GTX 1080 - 512GB SSD - 256GB SSD - 500GB SSD - 3TB HDD- 27" IPS G-sync - Win10 Pro x64 - Ubuntu/Mint x64 :: 2015 13" rMBP Sierra :: Canon EOS 80D/Sony RX100
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Intel Processor bug incoming?

Thu Jan 04, 2018 5:09 pm

DancinJack wrote:
https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html

Google with a nice little workaround for their servers.

Good to know they're seeing "negligible" performance impact. Management where I work is asking questions about these exploits, and we need to tell them how costly (or not) the kernel patch is likely to be in terms of performance.

Looks like they don't have a simple workaround for Spectre (Variant 1) though; this does not surprise me, given the nature of the exploit.
Nostalgia isn't what it used to be.
 
fhohj
Gerbil Team Leader
Posts: 232
Joined: Tue Dec 10, 2013 4:10 pm

Re: Intel Processor bug incoming?

Thu Jan 04, 2018 6:42 pm

so TS has an article up where they benched an 8700K with the most recent AC. there was no noticeable difference to the user.
 
DancinJack
Maximum Gerbil
Posts: 4494
Joined: Sat Nov 25, 2006 3:21 pm
Location: Kansas

Re: Intel Processor bug incoming?

Thu Jan 04, 2018 7:33 pm

fhohj wrote:
so TS has an article up where they benched an 8700K with the most recent AC. there was no noticeable difference to the user.


That's not really surprising though. These patches aren't really going to hit desktop usage. Hopefully Phoronix has some more stuff up after all the patches get outed.
i7 6700K - Z170 - 16GiB DDR4 - GTX 1080 - 512GB SSD - 256GB SSD - 500GB SSD - 3TB HDD- 27" IPS G-sync - Win10 Pro x64 - Ubuntu/Mint x64 :: 2015 13" rMBP Sierra :: Canon EOS 80D/Sony RX100
 
chuckula
Minister of Gerbil Affairs
Posts: 2109
Joined: Wed Jan 23, 2008 9:18 pm
Location: Probably where I don't belong.

Re: Intel Processor bug incoming?

Thu Jan 04, 2018 8:09 pm

I JUST UPGRADED AND IT'S SO SLOW THAT THE KEYBOARD SCANNER CAN ONLY TAKE UPPER CASE LETTERS.

Ok not really. Kernel 4.14.11 with KPTI enabled seems to be OK so far.
4770K @ 4.7 GHz; 32GB DDR3-2133; Officially RX-560... that's right AMD you shills!; 512GB 840 Pro (2x); Fractal Define XL-R2; NZXT Kraken-X60
--Many thanks to the TR Forum for advice in getting it built.
 
DancinJack
Maximum Gerbil
Posts: 4494
Joined: Sat Nov 25, 2006 3:21 pm
Location: Kansas

Re: Intel Processor bug incoming?

Thu Jan 04, 2018 8:38 pm

chuckula wrote:
I JUST UPGRADED AND IT'S SO SLOW THAT THE KEYBOARD SCANNER CAN ONLY TAKE UPPER CASE LETTERS.

Ok not really. Kernel 4.14.11 with KPTI enabled seems to be OK so far.

There are quite a few more patches incoming. I saw a few had been merged, but people are definitely still working.
i7 6700K - Z170 - 16GiB DDR4 - GTX 1080 - 512GB SSD - 256GB SSD - 500GB SSD - 3TB HDD- 27" IPS G-sync - Win10 Pro x64 - Ubuntu/Mint x64 :: 2015 13" rMBP Sierra :: Canon EOS 80D/Sony RX100
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Intel Processor bug incoming?

Thu Jan 04, 2018 9:57 pm

Bruce Schneier has a piece up at CNN about these vulnerabilities.

http://www.cnn.com/2018/01/04/opinions/ ... index.html

Bruce Schneier wrote:
It shouldn't be surprising that microprocessor designers have been building insecure hardware for 20 years. What's surprising is that it took 20 years to discover it. In their rush to make computers faster, they weren't thinking about security. They didn't have the expertise to find these vulnerabilities. And those who did were too busy finding normal software vulnerabilities to examine microprocessors.

Security researchers are starting to look more closely at these systems, so expect to hear about more vulnerabilities along these lines.


Bruce Schneier wrote:
Now that they -- and the research into the Intel ME vulnerability -- have shown researchers where to look, more is coming -- and what they'll find will be worse than either Spectre or Meltdown.

There will be vulnerabilities that will allow attackers to manipulate or delete data across processes, potentially fatal in the computers controlling our cars or implanted medical devices. These will be similarly impossible to fix, and the only strategy will be to throw our devices away and buy new ones.


I'd accuse the man of being pessimistic, but I don't believe that. I believe he's being a realist.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Intel Processor bug incoming?

Thu Jan 04, 2018 10:01 pm

fhohj wrote:
so TS has an article up where they benched an 8700K with the most recent AC. there was no noticeable difference to the user.


I can't place that TS acronym to a news site that I know off the top of my head.

I presume this was a Windows based test? If so I wouldn't expect anyone to see a difference. From what I can tell the KPTI patch is an opt-in design in Windows.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
DancinJack
Maximum Gerbil
Posts: 4494
Joined: Sat Nov 25, 2006 3:21 pm
Location: Kansas

Re: Intel Processor bug incoming?

Thu Jan 04, 2018 11:08 pm

It took me a second to think what site it was too. It's an abbreviation i've never come across before.

https://www.techspot.com/article/1554-m ... e-windows/
i7 6700K - Z170 - 16GiB DDR4 - GTX 1080 - 512GB SSD - 256GB SSD - 500GB SSD - 3TB HDD- 27" IPS G-sync - Win10 Pro x64 - Ubuntu/Mint x64 :: 2015 13" rMBP Sierra :: Canon EOS 80D/Sony RX100
 
SkyWarrior
Gerbil
Posts: 54
Joined: Wed Jun 21, 2006 10:27 pm
Location: Turkey

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 12:58 am

Another patched one here. Patched 2 Linux Workstations and 1 Mac mini. Nothing noticable in terms of performance.
Rare is common where I work...
 
fhohj
Gerbil Team Leader
Posts: 232
Joined: Tue Dec 10, 2013 4:10 pm

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 6:19 am

DancinJack wrote:
It took me a second to think what site it was too. It's an abbreviation i've never come across before.


Yeah same here. I was gonna do what you did and link the page but as I was gonna do that I realized I didn't have any idea what the policy was about linking to other benchmark/pc hobby sites, and I don't really regular anymore so I left it out thinking you guys would figure it out. Conscientiousness or over-thinking YOU DECIDE!
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 9:07 am

Why would we not want people to link to other sites?
Nostalgia isn't what it used to be.
 
SuperSpy
Minister of Gerbil Affairs
Posts: 2403
Joined: Thu Sep 12, 2002 9:34 pm
Location: TR Forums

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 9:33 am

Brief write-up of the major players responses by Ars' Peter Bright: https://arstechnica.com/gadgets/2018/01 ... -about-it/
Desktop: i7-4790K @4.8 GHz | 32 GB | EVGA Gefore 1060 | Windows 10 x64
Laptop: MacBook Pro 2017 2.9GHz | 16 GB | Radeon Pro 560
 
chuckula
Minister of Gerbil Affairs
Posts: 2109
Joined: Wed Jan 23, 2008 9:18 pm
Location: Probably where I don't belong.

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 9:44 am

SuperSpy wrote:
Brief write-up of the major players responses by Ars' Peter Bright: https://arstechnica.com/gadgets/2018/01 ... -about-it/


The ARS article is pretty comprehensive and not particularly mouth-breathing crazy, which is somewhat refreshing since too many sites have decided that clickbaitiness is more important than a rational discussion (incidentally, TR has also been very fact-based and level headed in its reporting).
4770K @ 4.7 GHz; 32GB DDR3-2133; Officially RX-560... that's right AMD you shills!; 512GB 840 Pro (2x); Fractal Define XL-R2; NZXT Kraken-X60
--Many thanks to the TR Forum for advice in getting it built.
 
defaultluser
Gerbil
Posts: 98
Joined: Tue Feb 14, 2017 11:58 am

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 10:21 am

Is there any chance of TechReport doing a more in-depth test with frame minimums and "time spent below" graphs?

I've seen enough quick benchmarks to know the average frame-rates of video games are unaffected, but we all know how worthless that is.

I'm hopeful we'll get a more in-depth look here soon, so we can be sure there's no impact.
 
cphite
Graphmaster Gerbil
Posts: 1202
Joined: Thu Apr 29, 2010 9:28 am

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 10:35 am

chuckula wrote:
I JUST UPGRADED AND IT'S SO SLOW THAT THE KEYBOARD SCANNER CAN ONLY TAKE UPPER CASE LETTERS.

Ok not really. Kernel 4.14.11 with KPTI enabled seems to be OK so far.


I knew you were kidding because capital letters are bigger, and would therefore be slower...
 
Captain Ned
Global Moderator
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 10:35 am

defaultluser wrote:
Is there any chance of TechReport doing a more in-depth test with frame minimums and "time spent below" graphs?

While such info would be nice to know, it's WAAAAYYYY down the list of important items to research WRT Meltdown and its mitigations.
What we have today is way too much pluribus and not enough unum.
 
chuckula
Minister of Gerbil Affairs
Posts: 2109
Joined: Wed Jan 23, 2008 9:18 pm
Location: Probably where I don't belong.

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 10:36 am

cphite wrote:
chuckula wrote:
I JUST UPGRADED AND IT'S SO SLOW THAT THE KEYBOARD SCANNER CAN ONLY TAKE UPPER CASE LETTERS.

Ok not really. Kernel 4.14.11 with KPTI enabled seems to be OK so far.


I knew you were kidding because capital letters are bigger, and would therefore be slower...


Your technical expertise is obviously much greater than Intel's QA department!
4770K @ 4.7 GHz; 32GB DDR3-2133; Officially RX-560... that's right AMD you shills!; 512GB 840 Pro (2x); Fractal Define XL-R2; NZXT Kraken-X60
--Many thanks to the TR Forum for advice in getting it built.
 
captaintrav
Gerbil First Class
Posts: 178
Joined: Thu Dec 12, 2013 12:51 pm
Location: Saskatchewan, Canada

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 11:15 am

Man, this is going to be some kind of nightmare. I work with about 1400 managed desktops and laptops. We're already fighting with getting everyone up to speed with updates for the Intel Management Engine firmware, and patching TPM firmware because of Infineon's tpm vulnerability which is a real PITA. Now we have to patch McAfee to make sure we can install the Meltdown patch successfully, and hopefully neither the McAfee patch or the Microsoft one impacts us much. Then, waiting on things to see what combinations of things we're going to have to do to mitigate Spectre, whatever that may be, possibly at least another round of Bios updates. The state of Information Security is a real mess lately, and my headache is limited to the desktop side, I can only imagine the sleep server guys are losing.
 
captaintrav
Gerbil First Class
Posts: 178
Joined: Thu Dec 12, 2013 12:51 pm
Location: Saskatchewan, Canada

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 11:19 am

If I'm understanding things properly, the mitigation for Meltdown is going to have more of a performance impact if your processor doesn't support process context identifiers, which means Haswell and newer, but Wikipedia says it was introduced with Westmere. Maybe just for certain SKUs before Haswell. Maybe time to finally ditch Sandy Bridge?
 
chuckula
Minister of Gerbil Affairs
Posts: 2109
Joined: Wed Jan 23, 2008 9:18 pm
Location: Probably where I don't belong.

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 11:49 am

captaintrav wrote:
If I'm understanding things properly, the mitigation for Meltdown is going to have more of a performance impact if your processor doesn't support process context identifiers, which means Haswell and newer, but Wikipedia says it was introduced with Westmere. Maybe just for certain SKUs before Haswell. Maybe time to finally ditch Sandy Bridge?


PCID is implemented in westmere and newer chips, including the original Sandy Bridge. It is not present on Core 2 chips, however.
4770K @ 4.7 GHz; 32GB DDR3-2133; Officially RX-560... that's right AMD you shills!; 512GB 840 Pro (2x); Fractal Define XL-R2; NZXT Kraken-X60
--Many thanks to the TR Forum for advice in getting it built.
 
Glorious
Gerbilus Supremus
Posts: 12343
Joined: Tue Aug 27, 2002 6:35 pm

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 11:53 am

captaintrav wrote:
If I'm understanding things properly, the mitigation for Meltdown is going to have more of a performance impact if your processor doesn't support process context identifiers, which means Haswell and newer, but Wikipedia says it was introduced with Westmere. Maybe just for certain SKUs before Haswell. Maybe time to finally ditch Sandy Bridge?


Haswell introduced INVPCID (http://www.felixcloutier.com/x86/INVPCID.html), which helps significantly: If you can't directly select which PCID to flush everything is much more awkward, complicated, and onerous for performance.

Without it, the current patchset might not actually even be trying to use PCIDs on Ivy-Bridge and older: this was all thrown together very rapidly and all this confusion, rhetoric and hyperbole means I'd have to go and look myself basically. :(
 
jackbomb
Gerbil XP
Posts: 363
Joined: Tue Aug 12, 2008 10:25 pm

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 12:57 pm

I just installed the Win7 patch on my work-provided laptop (Haswell-U). If it takes any sort of a performance hit, then I'm not patching my two home computers. They aren't mission-critical and certainly don't store any sensitive data; all of that boring stuff gets done on the work laptop.
Like a good neighbor jackbomb is there.
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 2:08 pm

https://docs.google.com/spreadsheets/d/ ... true#gid=0

A managed list of AV vendors who have or haven't set the correct registry key in Windows to receive the KPTI patch.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 8

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On