Personal computing discussed

Moderators: renee, Flying Fox, morphine

  • 1
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
 
SuperSpy
Minister of Gerbil Affairs
Posts: 2403
Joined: Thu Sep 12, 2002 9:34 pm
Location: TR Forums

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 2:27 pm

I'm guessing that bug has something to so with AV makers injecting their DLLs into every process. But I don't see what they could be doing that would break when kernel memory is unmapped.
Desktop: i7-4790K @4.8 GHz | 32 GB | EVGA Gefore 1060 | Windows 10 x64
Laptop: MacBook Pro 2017 2.9GHz | 16 GB | Radeon Pro 560
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 2:33 pm

We're having a meeting here at work in 30 minutes to discuss potential impacts of Meltdown/Spectre and their mitigations on the security and performance of our product. This is gonna be fun.
Nostalgia isn't what it used to be.
 
captaintrav
Gerbil First Class
Posts: 178
Joined: Thu Dec 12, 2013 12:51 pm
Location: Saskatchewan, Canada

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 2:49 pm

Glorious wrote:
captaintrav wrote:
If I'm understanding things properly, the mitigation for Meltdown is going to have more of a performance impact if your processor doesn't support process context identifiers, which means Haswell and newer, but Wikipedia says it was introduced with Westmere. Maybe just for certain SKUs before Haswell. Maybe time to finally ditch Sandy Bridge?


Haswell introduced INVPCID (http://www.felixcloutier.com/x86/INVPCID.html), which helps significantly: If you can't directly select which PCID to flush everything is much more awkward, complicated, and onerous for performance.

Without it, the current patchset might not actually even be trying to use PCIDs on Ivy-Bridge and older: this was all thrown together very rapidly and all this confusion, rhetoric and hyperbole means I'd have to go and look myself basically. :(


Thank you for clarifying. I'd hope the Linux patchset, at some point can use PCIDs on Sandy/Ivy bridge, etc, even if it helps performance a little compared to Haswell and newer.
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 3:22 pm

SuperSpy wrote:
I'm guessing that bug has something to so with AV makers injecting their DLLs into every process. But I don't see what they could be doing that would break when kernel memory is unmapped.


Never underestimate how bad AV software is.

Peter Bright @ Arstechnica wrote:
There are a couple of wrinkles. During testing, Microsoft found that some anti-virus software tries to do undocumented, unsupported things with kernel memory, and these things break when dual page tables are used. Accordingly, dual page tables won't be used when third-party anti-virus is installed, until and unless that anti-virus software sets a specific registry key to indicate that it supports dual page tables.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
Glorious
Gerbilus Supremus
Posts: 12343
Joined: Tue Aug 27, 2002 6:35 pm

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 3:24 pm

Ryu Connor wrote:
Never underestimate how bad AV software is.


...And I, for one, cannot overstate how true that is.
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 4:34 pm

I had a chance to play with the patch today.

I can confirm that on Windows Server the Administrator must choose to enable the protections.

On Windows Client the protection are automatically enabled and you must choose to disable the protections.

Switching between enabled and disabled is as easy as two different batch files and a reboot.

I tested on a Core 2 Duo client box, my oldest machine, and it is hopelessly screwed. The Spectre fix included in the Windows patch doesn't work because the Core 2 Duo T7500 lacks the microcode fix from Intel. I do not expect that Core 2 line to see that fix.

The Meltdown fix does activate, but the CPU lacks PCID and INVPCID instructions. Given that this poor T7500 can't even handle YouTube 1080p decoding, I'm not sure the performance hit the Meltdown patch gives is worth the bit of defense in depth provided. On a machine this old, what useful objective benchmarks could I run to quantify the performance hit?
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
chuckula
Minister of Gerbil Affairs
Posts: 2109
Joined: Wed Jan 23, 2008 9:18 pm
Location: Probably where I don't belong.

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 4:39 pm

Ryu Connor wrote:
The Meltdown fix does activate, but the CPU lacks PCID and INVPCID instructions. Given that this poor T7500 can't even handle YouTube 1080p decoding, I'm not sure the performance hit the Meltdown patch gives is worth the bit of defense in depth provided. On a machine this old, what useful objective benchmarks could I run to quantify the performance hit?


I would put it this way: What tasks was the machine performing prior to Meltdown and can it perform them post Meltdown?
4770K @ 4.7 GHz; 32GB DDR3-2133; Officially RX-560... that's right AMD you shills!; 512GB 840 Pro (2x); Fractal Define XL-R2; NZXT Kraken-X60
--Many thanks to the TR Forum for advice in getting it built.
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 4:49 pm

chuckula wrote:
I would put it this way: What tasks was the machine performing prior to Meltdown and can it perform them post Meltdown?


To be fair, I'm mostly asking "for Science!" This machine represents the worst possible case.

For me this box is a guinea pig and it will continue to perform that unpleasant task.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
chuckula
Minister of Gerbil Affairs
Posts: 2109
Joined: Wed Jan 23, 2008 9:18 pm
Location: Probably where I don't belong.

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 4:56 pm

Ryu Connor wrote:
chuckula wrote:
I would put it this way: What tasks was the machine performing prior to Meltdown and can it perform them post Meltdown?


To be fair, I'm mostly asking "for Science!" This machine represents the worst possible case.

For me this box is a guinea pig and it will continue to perform that unpleasant task.


I'm updating a Core2 machine that's actually used for real stuff (not high-performance work but real work) once the updated 4.9 LTS kernel finishes testing in my distro. I'm sure I could show an issue with a synthetic benchmark but I'll see how the box performs for its day job after the update.
4770K @ 4.7 GHz; 32GB DDR3-2133; Officially RX-560... that's right AMD you shills!; 512GB 840 Pro (2x); Fractal Define XL-R2; NZXT Kraken-X60
--Many thanks to the TR Forum for advice in getting it built.
 
thecoldanddarkone
Minister of Gerbil Affairs
Posts: 2449
Joined: Wed Mar 26, 2003 4:35 pm

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 5:06 pm

Ryu Connor wrote:
https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?sle=true#gid=0

A managed list of AV vendors who have or haven't set the correct registry key in Windows to receive the KPTI patch.


Thank you,

This was extremely useful. I can't browse our AV vendors site because even general updates are behind logins, which I don't have one... This gave me enough information to poke someone.
I7 4930k, 32 GB Ballistix DDRL3@2133 , 1.2 TB Intel 750 AIC, 500 GB mx200, Sapphire R9 Fury, asus x79 ws, HP ZR24w, edifier s730
HP Pro x2 612- i5-4302Y, 8 gigs of memory, 256 ssd
 
Mr Bill
Gerbil Jedi
Posts: 1819
Joined: Mon Jan 21, 2002 7:00 pm
Location: Colorado Western Slope
Contact:

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 5:32 pm

just brew it! wrote:
We're having a meeting here at work in 30 minutes to discuss potential impacts of Meltdown/Spectre and their mitigations on the security and performance of our product. This is gonna be fun.

Is it possible that AMD is claiming immunity from meltdown (but not spectre) because their CPU's check all the bounds "before" doing speculative execution?
X6 1100T BE | Gigabyte GA-990FXA-UD3 AM3+ | XFX HD 7870 | 16 GB DDR3 | Samsung 830/850 Pro SSD's | Logitech cherry MX-brown G710+ | Logitech G303 Daedalus Apex mouse | SeaSonic SS-660XP 80+ Pt | BenQ 24' 1900x1200 IPS | APC Back-UPS NS-1350 | Win7 Pro
 
jackbomb
Gerbil XP
Posts: 363
Joined: Tue Aug 12, 2008 10:25 pm

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 5:45 pm

Ryu Connor wrote:
The Meltdown fix does activate, but the CPU lacks PCID and INVPCID instructions. Given that this poor T7500 can't even handle YouTube 1080p decoding, I'm not sure the performance hit the Meltdown patch gives is worth the bit of defense in depth provided. On a machine this old, what useful objective benchmarks could I run to quantify the performance hit?

Your post reminded me of my ancient 1.66GHz Core 2 Duo laptop that I almost never use anymore. I charged it up and did some very informal "everyday use" performance testing.

Before the patch, it could (just) handle 720p VP9 YouTube streaming (90-98% CPU usage during playback while pre-caching; 55-65% CPU usage after pre-caching is complete). CPU usage and playback performance did not change at all after the patch was applied.

Also unchanged were program launch times, web browsing performance (Chrome), and general Windows performance. Even memory usage, both at idle and with several different types of programs running, remained the same.
Like a good neighbor jackbomb is there.
 
yogibbear
Gerbil Elite
Posts: 920
Joined: Fri Feb 08, 2008 11:30 am

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 6:18 pm

Well Epic's cloud services servers that host Fortnite seem to be struggling today and they've now come out and stated:

All of our cloud services are affected by updates required to mitigate the Meltdown vulnerability.


https://www.reddit.com/r/FORTnITE/comme ... h=324bfd27

inb4 the rest of online gaming has a fun week....
Core i7 4770K | eVGA GTX1080 FTW ACX 3.0 | 16GB DDR3 2133mhz | Asus Z87-PLUS | Corsair HX650 | Fractal Define R4 | Samsung 840 Pro 256GB | Windows 10 x64
 
fhohj
Gerbil Team Leader
Posts: 232
Joined: Tue Dec 10, 2013 4:10 pm

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 7:05 pm

just brew it! wrote:
Why would we not want people to link to other sites?


Other sites, probably no reason. Other tech sites, not so sure, which is why I held back.

So an update on the benchmarks, seems like they're all a waste. Things have been happening really fast and the benchers didn't know it was all opt-in. Is that until the stuff from Intel gets pushed out from the motherboard makers?? (I'm still not sure) So if anybody knows of a benchmark with the most recent AC on a system with this stuff up and running, be swell of you to link it (I'll look myself and I find it, I'll throw it here)
 
strangerguy
Gerbil Team Leader
Posts: 262
Joined: Fri May 06, 2011 8:46 am

Re: Intel Processor bug incoming?

Fri Jan 05, 2018 11:05 pm

chuckula wrote:
SuperSpy wrote:
Brief write-up of the major players responses by Ars' Peter Bright: https://arstechnica.com/gadgets/2018/01 ... -about-it/


The ARS article is pretty comprehensive and not particularly mouth-breathing crazy, which is somewhat refreshing since too many sites have decided that clickbaitiness is more important than a rational discussion (incidentally, TR has also been very fact-based and level headed in its reporting).


I for one find the endless amount of clickbait about this and the Apple battery "fiasco" a lot more offensive than the actual issues at hand.
8700K 4.3GHz @ 1.05V | Cryorig H7 | MSI Z370M AC | 32GB Corsair LPX DDR4-3200 | GTX 1070 @ 0.8V | 500GB Evo 850 | 1TB M550 | 3TB Toshiba | Seasonic G650 | Acer XB271HU
 
Igor_Kavinski
Minister of Gerbil Affairs
Posts: 2077
Joined: Fri Dec 22, 2006 2:34 am

Re: Intel Processor bug incoming?

Sat Jan 06, 2018 1:43 am

I have no idea about the intricacies of CPU design but I can't help wondering why no one thought to keep kernel and user instructions and data isolated from each other at the hardware level. Sure, TLB is limited in the number of its entries but if the kernel is so important, shouldn't there be a dedicated TLB for the kernel? Most likely, this design decision was taken decades ago and then no one bothered to give any more thought to it, even as transistors mushroomed into the billions and silicon real estate on the CPU became plentiful. Really worries me what other stone age ****-ups are lying dormant in modern CPU's...
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Intel Processor bug incoming?

Sat Jan 06, 2018 2:50 am

The user and system data are kept isolated; this is "side channel" information leakage, which exploits side effects of multiple features found in most modern CPUs in combination. It's a very clever/subtle attack that involves manipulation of the CPU cache contents, and the measuring of the minute differences in instruction execution times (on the order of tens of nanoseconds) which result.

Even if you could somehow use completely separate TLBs/caches for user and system data to mitigate Meltdown, that would not help with Spectre, since it is a purely user-space attack (the most troubling example being malicious JavaScript reaching outside its sandbox to read internal web browser state).
Nostalgia isn't what it used to be.
 
cegras
Gerbil First Class
Posts: 193
Joined: Mon Nov 05, 2007 3:12 pm

Re: Intel Processor bug incoming?

Sat Jan 06, 2018 10:14 am

Some aren't seeing 'negligable' impact:

https://www.epicgames.com/fortnite/foru ... ity-update
 
Captain Ned
Global Moderator
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Intel Processor bug incoming?

Sat Jan 06, 2018 10:30 am

If the scary impact numbers discussed for virtualization workloads are only 50% correct, Meltdown mitigation is still going to have a MAJOR impact on the financial services industry. Since financial services HATE to spend money on anything that doesn't directly generate income (a/k/a IT, where no one ever got/gets fired for buying Intel), physical boxen are running well past 75% CPU load to maximize virtual server capacity, generally without spare physical box capacity that can be rapidly spun up.

So, my Day Job response won't be the textbook "patch NOW!!!!!!". We've lived with this vulnerability for almost 25 years; waiting a week or two for Meltdown patch stability and resource minimization won't be the end of the world.

On another note something this insidious and technically "sweet" has all of my TLA-senses tingling, as in potential TLA input into early 1990s design decisions.
What we have today is way too much pluribus and not enough unum.
 
Redocbew
Minister of Gerbil Affairs
Posts: 2495
Joined: Sat Mar 15, 2014 11:44 am

Re: Intel Processor bug incoming?

Sat Jan 06, 2018 2:48 pm

It does have that feeling to it, sort of like the substitution tables in DES which just popped up out of nowhere and couldn't be derived mathematically. I usually hate to get all spooky about things like this, but it does make you wonder.
Do not meddle in the affairs of archers, for they are subtle and you won't hear them coming.
 
the
Gerbil Elite
Posts: 941
Joined: Tue Jun 29, 2010 2:26 am

Re: Intel Processor bug incoming?

Sat Jan 06, 2018 3:48 pm

Captain Ned wrote:
If the scary impact numbers discussed for virtualization workloads are only 50% correct, Meltdown mitigation is still going to have a MAJOR impact on the financial services industry. Since financial services HATE to spend money on anything that doesn't directly generate income (a/k/a IT, where no one ever got/gets fired for buying Intel), physical boxen are running well past 75% CPU load to maximize virtual server capacity, generally without spare physical box capacity that can be rapidly spun up.


Best practice is always to have enough spare CPU in a VM cluster so that all the guests on a particular host have a place available to migrate to. These patches shouldn't impact in terms of memory availability but migration would have to deal with CPU overcommit if a failure were to occur. Things would work but painfully slowly. The upside is that if a company followed best practice, there should be enough free overhead on each node to incur most of the performance loss (i.e. the host gives up some of the CPU reserve to the guest VM to maintain consistent performance pre-patch). Bring in another host or two and things will balance out. The problem is this requires the cooperation of the bean counters and OEMs to be able to supply systems quickly.

Captain Ned wrote:
So, my Day Job response won't be the textbook "patch NOW!!!!!!". We've lived with this vulnerability for almost 25 years; waiting a week or two for Meltdown patch stability and resource minimization won't be the end of the world.


When I did remote hosting, security patches (unless absolutely critical with exploits in the wild) never got patched immediately. Test/dev would get it immediately, followed by staging a week later and then production a week late/next maintenance window as appropriate. Currently I have only heard of proof-of-concept attacks for Meltdown so they'd be following normal procedure and likely stopping at staging systems due to bugs.

The fixes themselves were being tested internally and pushed to release a week or two early themselves as the new leaked prior to their disclosure schedule.

Captain Ned wrote:
On another note something this insidious and technically "sweet" has all of my TLA-senses tingling, as in potential TLA input into early 1990s design decisions.


Not sure that this would be them in the 1990's (I could totally seem then suggesting this today though). Side channel attacks really weren't explored until the mid 90s after the first generation of chips affected by this were already released. Certainly the TLA have been a head of the curve in certain research but considering devices like this didn't exist in the 1980's there was simply no curve to get ahead of.

The more interesting question is if the TLA knew about this before Google's Project Zero came across it and when.
Dual Opteron 6376, 96 GB DDR3, Asus KGPE-D16, GTX 970
Mac Pro Dual Xeon E5645, 48 GB DDR3, GTX 770
Core i7 [email protected] Ghz, 32 GB DDR3, GA-X79-UP5-Wifi
Core i7 [email protected] Ghz, 16 GB DDR3, GTX 970, GA-X68XP-UD4
 
Captain Ned
Global Moderator
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Intel Processor bug incoming?

Sat Jan 06, 2018 4:30 pm

the wrote:
Captain Ned wrote:
So, my Day Job response won't be the textbook "patch NOW!!!!!!". We've lived with this vulnerability for almost 25 years; waiting a week or two for Meltdown patch stability and resource minimization won't be the end of the world.
When I did remote hosting, security patches (unless absolutely critical with exploits in the wild) never got patched immediately. Test/dev would get it immediately, followed by staging a week later and then production a week late/next maintenance window as appropriate. Currently I have only heard of proof-of-concept attacks for Meltdown so they'd be following normal procedure and likely stopping at staging systems due to bugs

In a perfect world I agree with you. That said, in the population I deal with in the Day Job, proper test environments simply don't exist internally and they all wait for vendor OK. That said, given the way Meltdown has been panic-sold, I can easily see an institution simply slamming in the patches and watching their virtual servers come to a crawl if they even load.

One must remember that, after the Equifax breach, financial institutions with Information Security obligations under GLBA will knee-jerk a response simply to avoid GLBA complications.
What we have today is way too much pluribus and not enough unum.
 
Kougar
Minister of Gerbil Affairs
Posts: 2306
Joined: Tue Dec 02, 2008 2:12 am
Location: Texas

Re: Intel Processor bug incoming?

Sat Jan 06, 2018 10:21 pm

Already three class action lawsuits have been filed against Intel. How is that even supposed to work? There isn't enough money on the planet to reimburse everyone $10 per single CPU sold since the Pentium Pro era. Are they just hoping for $20 coupons to be used against a future Intel CPU? From the lawsuit standpoint the best case they could hope for was to see Intel get held liable for Coffee Lake and Skylake X sales which were launched after Intel already knew about the Meltdown+Sepctre issues.

It does raise an interesting point, what's the earliest generation Intel can make the hardware changes in? Cascade Lake this year? Intel elected to not make the changes in Coffee Lake nor Sky-X so it must not be a quick fix.
 
DancinJack
Maximum Gerbil
Posts: 4494
Joined: Sat Nov 25, 2006 3:21 pm
Location: Kansas

Re: Intel Processor bug incoming?

Sat Jan 06, 2018 11:01 pm

Kougar wrote:
It does raise an interesting point, what's the earliest generation Intel can make the hardware changes in? Cascade Lake this year? Intel elected to not make the changes in Coffee Lake nor Sky-X so it must not be a quick fix.


No way. We're looking at likely a multi-year hardware solution. Intel said Cascade Lake was Q4'18. I think we're too far along already for them to make hardware changes unless they really want to deal with a delay. They MIGHT be able to get something into Ice Lake, though Intel said it had already taped-in middle of 2017.

Then again, my above assumptions have no idea when Intel really found out about this. Maybe they've known for a good six months or a year internally. I'm still putting my money on Ice Lake being the first, unless Intel thinks it's worth the money to do it for Cascade Lake, and the accompanying Xeons.
i7 6700K - Z170 - 16GiB DDR4 - GTX 1080 - 512GB SSD - 256GB SSD - 500GB SSD - 3TB HDD- 27" IPS G-sync - Win10 Pro x64 - Ubuntu/Mint x64 :: 2015 13" rMBP Sierra :: Canon EOS 80D/Sony RX100
 
cegras
Gerbil First Class
Posts: 193
Joined: Mon Nov 05, 2007 3:12 pm

Re: Intel Processor bug incoming?

Sun Jan 07, 2018 4:58 pm

 
the
Gerbil Elite
Posts: 941
Joined: Tue Jun 29, 2010 2:26 am

Re: Intel Processor bug incoming?

Sun Jan 07, 2018 6:11 pm

DancinJack wrote:
Kougar wrote:
It does raise an interesting point, what's the earliest generation Intel can make the hardware changes in? Cascade Lake this year? Intel elected to not make the changes in Coffee Lake nor Sky-X so it must not be a quick fix.


No way. We're looking at likely a multi-year hardware solution. Intel said Cascade Lake was Q4'18. I think we're too far along already for them to make hardware changes unless they really want to deal with a delay. They MIGHT be able to get something into Ice Lake, though Intel said it had already taped-in middle of 2017.


Prior to tape out, validation is being performed in simulators. These simulators continue to run validation analysis even after tape out and prototype silicon is at hand. After tape-out comes about a year of testing and validation on real hardware. Any major bugs caught in silicon at this stage hopefully only need minor fixes or could be patched with a microcode update. If deadlines can't be pushed back, the last moment to make major hardware design changes is roughly 18 months before product release. With that in mind, every x86 chip Intel is currently* scheduled to release this year is likely suspect able to both Meltdown and Spectre.

DancinJack wrote:
Then again, my above assumptions have no idea when Intel really found out about this. Maybe they've known for a good six months or a year internally. I'm still putting my money on Ice Lake being the first, unless Intel thinks it's worth the money to do it for Cascade Lake, and the accompanying Xeons.


Intel was told about this in June 2017 from Google's Project Zero team when they discovered it. The bugs first discovery being six months old is one of the reasons why patches were already well into development and awaiting release on January 9th. The reason everything happened last week is that people were looking into the Linux patches and noticing a few oddities (release notes under NDA etc.) but being moved into mainstream release. Linux development is incredibly open with NDAs generally being a taboo. The exception to that taboo are security fixes to prevent malware developers from exploiting a flaw prior to the fix being released.

Intel will likely push Cascade Lake into 2019 due to this bug or simply cancel it in favor Cannon Lake-SP in 2019 which is still on the roadmap last I heard. The rumors are pointing toward Cascade Lake as being a Sky Lake-SP update still on 14 nm due to delays in 10 nm production. One big new feature in Cascade Lake was to fix to support Optane DIMMS, a feature Intel removed at the last minute for Sky Lake-SP due to a bug found in validation. I see it as incredibly unwise to release Cascade Lake and Optane DIMMs if it is still susceptible to Meltdown or Spectre.

*I think it would be fair to argue that Intel has no firm road map right now considering the numerous delays some chips have had (Cannon Lake for consumers was to launch in late 2016!), outright cancellations (Knight's Hill, desktop Cannon Lake) and new 14 nm parts being introduced (Knights Mill, Kaby Lake, Coffee Lake, Whisky Lake, Cascade Lake). Things should iron out with Ice Lake but that looks to be a 2019 part. It'll be interesting what the Intel CEO says tomorrow at 6:30 PM PST at CES as this will most certainly be a topic.

(And a bit of tin foil battery, Intel's keynote is on January 8th were as the NDAs for Meltdown and Spectre were originally scheduled for release on January 9th. It is easy to speculate that that was negotiated by Intel but the 9th date was likely asked for by Microsoft to coincide with their traditional patch Tuesday release schedule.)
Dual Opteron 6376, 96 GB DDR3, Asus KGPE-D16, GTX 970
Mac Pro Dual Xeon E5645, 48 GB DDR3, GTX 770
Core i7 [email protected] Ghz, 32 GB DDR3, GA-X79-UP5-Wifi
Core i7 [email protected] Ghz, 16 GB DDR3, GTX 970, GA-X68XP-UD4
 
ludi
Lord High Gerbil
Posts: 8646
Joined: Fri Jun 21, 2002 10:47 pm
Location: Sunny Colorado front range

Re: Intel Processor bug incoming?

Sun Jan 07, 2018 7:37 pm

A human-interest piece on the various researchers that found these flaws, from Wired:

https://www.wired.com/story/meltdown-sp ... -discovery
Abacus Model 2.5 | Quad-Row FX with 256 Cherry Red Slider Beads | Applewood Frame | Water Cooling by Brita Filtration
 
boing
Gerbil XP
Posts: 355
Joined: Wed Jun 11, 2003 2:21 am
Location: Sweden, Europe

Re: Intel Processor bug incoming?

Mon Jan 08, 2018 1:24 am

chuckula wrote:
I'm updating a Core2 machine that's actually used for real stuff (not high-performance work but real work) once the updated 4.9 LTS kernel finishes testing in my distro. I'm sure I could show an issue with a synthetic benchmark but I'll see how the box performs for its day job after the update.
As I keep postponing a long overdue upgrade, I still use a Core2 as my main desktop computer. I mostly use it for everyday tasks (web, email, office), some image editing and game and also run a Plex server in the background.

If I hadn't been previously aware of the Meltdown fix in the kernel, I wouldn't even know that the latest kernel upgrade makes it 5-30% slower in theory. Granted, I've not ran any benchmarks. Although subjectively, I can't tell any difference at all in performance between the 4.14.10 kernel and 4.4.12 kernel.
 
SuperSpy
Minister of Gerbil Affairs
Posts: 2403
Joined: Thu Sep 12, 2002 9:34 pm
Location: TR Forums

Re: Intel Processor bug incoming?

Mon Jan 08, 2018 9:01 am

Real-world impact from the Eve-online developers on one of their secondary support clusters (not the real game server, this cluster handles their out-of-game API)

https://twitter.com/CCP_SnowedIn/status ... 1577875456

I'd imagine this cluster spends a ton of time doing database calls and network requests, as it's basically a middle-man between the game DB and 3rd party sites, but I'd bet it's a fairly common workload these days.
Desktop: i7-4790K @4.8 GHz | 32 GB | EVGA Gefore 1060 | Windows 10 x64
Laptop: MacBook Pro 2017 2.9GHz | 16 GB | Radeon Pro 560
 
Glorious
Gerbilus Supremus
Posts: 12343
Joined: Tue Aug 27, 2002 6:35 pm

Re: Intel Processor bug incoming?

Mon Jan 08, 2018 10:23 am

Captain Ned wrote:
On another note something this insidious and technically "sweet" has all of my TLA-senses tingling, as in potential TLA input into early 1990s design decisions.


I sincerely doubt it. This is just one of those really-obvious-in-hindsight situations.

Redocbew wrote:
It does have that feeling to it, sort of like the substitution tables in DES which just popped up out of nowhere and couldn't be derived mathematically.


That's the exact opposite though: the "something up my sleeve" numbers in that case were about fixing a technique that wasn't publicly known(differential analysis).

The analogue in this case (for meltdown) would be that Intel's processors suddenly had this massive micro-architectural change in some footnote that very few people read. For Spectre, it would be that everyone in the world was suddenly doing something vastly different in regards to speculation and caches (which are only the most straightforward way to leak information, not exclusive).

Kougar wrote:
Are they just hoping for $20 coupons to be used against a future Intel CPU?


Yes, if even that much.

Explaining it any further ventures into R &P, but suffice it to say that *neither* party is actually seeking to have a court of law establish that side-effect information disclosure is something for which the law demands a remedy.

Can't say anymore than that...

Kougar wrote:
It does raise an interesting point, what's the earliest generation Intel can make the hardware changes in? Cascade Lake this year? Intel elected to not make the changes in Coffee Lake nor Sky-X so it must not be a quick fix.


They *might* able to do something about meltdown in two years, but that's pretty wildly optimistic because that's a serious re-working of their micro-architecture. That sort of change simply doesn't happen overnight: Coffee-lake is directly descended from Sandy Bridge, which is 6-7 years old. AMD took 4-5 years to design Zen. It won't necessarily take quite that long because, however integral, you're just focusing on one specific sort of thing, but those examples are suggestive of the kind of design effort we are talking about. It just isn't on the order of the kind of Year-over-Year tweak we're used to seeing.

The full-spectrum implications of spectre, however, remain something that CPU designers are going to have to consider from this point forward. It's not a question about "fixing the defect" because it isn't a specific defect: it's the fact that the cat is out of the bag about a technique: side-channel information about memory contents using the user-detectable timing of micro-architectural execution isn't a one and done deal. We're talking about an entirely new field of analysis. We can start plugging up obvious holes, but this entire idea was non-obvious itself just 1-2 years ago to evidently everyone.

Why? Because this technique EXPLODED overnight! Once the key idea got out there, oh my lord, we had two of the most serious CPU "bugs" that we have ever seen in much less than a year. Thus this is something else entirely. To be clear, I quoted "bug" because this isn't a deviation from specified behavior, which is an important distinction in communicating that this isn't so easy to "fix": FDIV, for instance, was Intel using the wrong tables. Oops, but the problem was that it gave a wrong answer, so the solution is to give the right one. FOOF? A bizarrely invalid combination of instructions bypassed explicit guarantees about behavior and would lock the processor. The solution, today, would be a relatively simple microcode patch.

Those are clear bugs: the processor gave the wrong answer or produced the wrong behavior according to how the ISA was explicitly documented to work. The solution is straight-forward: use the right tables next time, or invalidate the instruction encodings of cmpxchg8b which have a register operand.

But, in this new sort of case, Meltdown/Spectre aren't about the CPU giving an incorrect answer or behaving contrary to guarantees, they are about timing it so you can reliably deduce what it is doing behind the scenes, which was explicitly *NOT* guaranteed in either the relevant timings or its internal operations.

the wrote:
The bugs first discovery being six months old is one of the reasons why patches were already well into development and awaiting release on January 9th. The reason everything happened last week is that people were looking into the Linux patches and noticing a few oddities (release notes under NDA etc.) but being moved into mainstream release.


I don't think that's actually the case.

Intel was pretty clearly told well before Linux was. I wouldn't be remotely surprised if Linux only had 30-60 day notice, and from all indications 60 days is less likely side of the spectrum. Intel knew by at least June 2017.

Greg KH is publicly saying this indirectly, whereas Theo de Raadt is characteristically saying it very directly.

the wrote:
Intel will likely push Cascade Lake into 2019 due to this bug or simply cancel it in favor Cannon Lake-SP in 2019 which is still on the roadmap last I heard. The rumors are pointing toward Cascade Lake as being a Sky Lake-SP update still on 14 nm due to delays in 10 nm production. One big new feature in Cascade Lake was to fix to support Optane DIMMS, a feature Intel removed at the last minute for Sky Lake-SP due to a bug found in validation. I see it as incredibly unwise to release Cascade Lake and Optane DIMMs if it is still susceptible to Meltdown or Spectre.


Why would Intel cancel anything? They're going to be shipping "flawed" silicon in the interim anyway.

the wrote:
(And a bit of tin foil battery, Intel's keynote is on January 8th were as the NDAs for Meltdown and Spectre were originally scheduled for release on January 9th. It is easy to speculate that that was negotiated by Intel but the 9th date was likely asked for by Microsoft to coincide with their traditional patch Tuesday release schedule.)


Uh, not really?

It's vastly easier to speculate that it was done exclusively for the software vendors entirely. I mean, the only reason Intel would have to care at all would be to avoid disclosure before the holiday season. Who cares about their keynote? Intel can still say whatever it wants, it's not like they take questions. Since the legal ramifications of saying anything about it at all up there are immense, I'm sure they'll rely on their already published PR pieces about it because those have already been vetted by legal.

EDIT: Fixed egregiously wrong quote attribution.
Last edited by Glorious on Mon Jan 08, 2018 12:50 pm, edited 1 time in total.
  • 1
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On