• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Intel bug incoming? Meltdown and Spectre exploits

pete910

pete910

pete910

Soldato
Joined
3 Oct 2013
Posts
3,622
Serious problem or hot air?

https://www.reddit.com/r/sysadmin/comments/7nl8r0/intel_bug_incoming/
More complicated hardware gets the more likely this will happen I suppose, irrelevant of size of company.

Edit: Info

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
Some initial benchmarks

https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2

Intel patch problems

https://techcrunch.com/2018/01/22/linus-torvalds-declares-intel-fix-for-meltdown-spectre-complete-and-utter-garbage/
 
Last edited:

SiDeards73

SiDeards73

SiDeards73

Soldato
Joined
19 Feb 2011
Posts
5,849
Had a read of that earlier on the AMD Reddit, one of the users there posted this which kinda makes sense

"AMD was really hyping up security on EPYC during their presentation to the big server guys, they really focused specifically about cloud and VM security, isolated and encrypted traffic to all memory, even so far as to store data encrypted in resident memory preventing any other VM user to interact with each other."

https://www.reddit.com/r/Amd/comments/7nm0ac/potential_intel_hardware_bug_could_result_in_3035/

Seems that it only affects Intel CPU's and its going to affect people running VM's, which means pretty much all the cloud providers and many business systems, also lots of HEDT people run VM's on the i9 stuff, will be interesting to see if and how much of a penalty the Intel CPU's have, im fairly certain once the patch lands to fix the bug, it will be benched around the world to see the implications on performance.

Given Intel's new stance on focusing on Cloud etc over consumer Desktop, its not the start to 2018 they'd want i guess, especially with AMD breathing down their neck, Intel could lose some of their lead in performance vs the AMD chips, while still being much more expensive etc.

Definitely interesting times ahead in the CPU space across all platforms.
 

SiDeards73

SiDeards73

SiDeards73

Soldato
Joined
19 Feb 2011
Posts
5,849
Silent_Scone said:
Not likely to have any implications to 90% of people posting here, really.
Click to expand...

While i somewhat agree with you, as most people here come here in regards to their own PC's, there are many of us who manage systems where this is applicable, for instance i manage 2 server farms with my colleagues and we have approx 100+ VM's, this type of stuff is important to know as it will directly affect us if it does have a performance hit, as we will have to address the security flaw by applying the patch.
 

David Bisset

David Bisset

David Bisset

Associate
Joined
31 Oct 2012
Posts
2,240
Location
Edinburgh
previously been some VM isolation bugs found around memory deduplication coupled with rowhammer attacks that were pretty cool (tho easily mitigated by not turning on dedupe) but no idea what this one is, be interesting to find out.
 

gavinh87

gavinh87

gavinh87

Soldato
Joined
29 Jan 2015
Posts
4,904
Location
West Midlands
SiDeards73 said:
While i somewhat agree with you, as most people here come here in regards to their own PC's, there are many of us who manage systems where this is applicable, for instance i manage 2 server farms with my colleagues and we have approx 100+ VM's, this type of stuff is important to know as it will directly affect us if it does have a performance hit, as we will have to address the security flaw by applying the patch.
Click to expand...

No offense but isn't that part of your job?
 

SiDeards73

SiDeards73

SiDeards73

Soldato
Joined
19 Feb 2011
Posts
5,849
gavinh87 said:
No offense but isn't that part of your job?
Click to expand...

Well obviously but if you looked past your nose you would realise its not the patch implementation thats the issue, its the gimping of the VM's that will ensue from it... thats a lot of work to address... that then begs the question are we better switching to a cheaper AMD server build, we will get roughly the same performance it seems, at a cheaper price point and probably more cores so infact we would gain, especially if AMD cpu are unaffected by the issue... Every penny counts when we have to put in Capex to replace Server infrastructure and ours is due soon.

Patching for us is done on a monthly basis as we run 24/7, the manufacturing facility i work at has a shut day monthly for maintenance, other than that you have to use opportunistic moments to patch stuff.

My point was, the patch is mandatory for us, we will apply it regardless of the performance hit, however as we will take the hit, we may well review the hardware, especially if we are due to replace it soon... im a sure we are not the only company that works like this... Intel could potentially lose a lot of custom over this.
 

gavinh87

gavinh87

gavinh87

Soldato
Joined
29 Jan 2015
Posts
4,904
Location
West Midlands
SiDeards73 said:
Well obviously but if you looked past your nose you would realise its not the patch implementation thats the issue, its the gimping of the VM's that will ensue from it... thats a lot of work to address... that then begs the question are we better switching to a cheaper AMD server build, we will get roughly the same performance it seems, at a cheaper price point and probably more cores so infact we would gain, especially if AMD cpu are unaffected by the issue... Every penny counts when we have to put in Capex to replace Server infrastructure and ours is due soon.

Patching for us is done on a monthly basis as we run 24/7, the manufacturing facility i work at has a shut day monthly for maintenance, other than that you have to use opportunistic moments to patch stuff.

My point was, the patch is mandatory for us, we will apply it regardless of the performance hit, however as we will take the hit, we may well review the hardware, especially if we are due to replace it soon... im a sure we are not the only company that works like this... Intel could potentially lose a lot of custom over this.
Click to expand...

Nobody even knows what it is at this moment yet alone replacing hardware because of it.
As for looking past my nose, I couldn't give a rats arse about VM's or cloud servers tbh. I was commenting on your (seemingly) annoyance of applying a patch.
 

SiDeards73

SiDeards73

SiDeards73

Soldato
Joined
19 Feb 2011
Posts
5,849
gavinh87 said:
Nobody even knows what it is at this moment yet alone replacing hardware because of it.
As for looking past my nose, I couldn't give a rats arse about VM's or cloud servers tbh. I was commenting on your (seemingly) annoyance of applying a patch.
Click to expand...

Im not annoyed we have to patch stuff.. its part of our job, on our maintenance shut days we spend the entire day patching servers, adding another patch is a non issue...

And yes, if the patch does directly affect performance by 30% or so, we will have to seriously look at the balancing of VM's on hosts etc, as the users will complain if anything runs even a tad slower than they are used to lol.. At that point my boss says "when are the servers due to be replaced?" followed by "Ok how much capex do i need to request" obviously at this point being as cost effective to performance as possible means you get your capex approved.

Which will make people consider AMD seriously...
 

pete910

pete910

pete910

Soldato
OP
Joined
3 Oct 2013
Posts
3,622
I know there was a patch for the linux kernel on boxing day as to make sure PTI is disabled on AMD cpus. So I guess there is something afoot regards the security.
 

DarkHorizon472

DarkHorizon472

DarkHorizon472

Soldato
Joined
16 May 2007
Posts
3,220
SiDeards73 said:
Im not annoyed we have to patch stuff.. its part of our job, on our maintenance shut days we spend the entire day patching servers, adding another patch is a non issue...

And yes, if the patch does directly affect performance by 30% or so, we will have to seriously look at the balancing of VM's on hosts etc, as the users will complain if anything runs even a tad slower than they are used to lol.. At that point my boss says "when are the servers due to be replaced?" followed by "Ok how much capex do i need to request" obviously at this point being as cost effective to performance as possible means you get your capex approved.

Which will make people consider AMD seriously...
Click to expand...

That's a very big job if you need to rebalance VM's in an enterprise environment , its almost like an infrastructure redesign on the fly but attempting to have no impact to users.
 

gavinh87

gavinh87

gavinh87

Soldato
Joined
29 Jan 2015
Posts
4,904
Location
West Midlands
kitfit1 said:
It's not more like 5%, the posts on the linked thread suggest a minimum of 5% up to about 30%.
Click to expand...

Code: 
KAISER will affect performance for anything that does system calls or
interrupts: everything.  Just the new instructions (CR3 manipulation)
add a few hundred cycles to a syscall or interrupt.  Most workloads
that we have run show single-digit regressions.  5% is a good round
number for what is typical.  The worst we have seen is a roughly 30%
regression on a loopback networking test that did a ton of syscalls
and context switches.  More details about possible performance
impacts are in the new Documentation/ file.
 

sideways14a

sideways14a

sideways14a

Associate
Joined
31 Aug 2017
Posts
2,209
This could be quite the stinker for Intel coming out now when AMD cpus are gaining a lot of traction.
5% loss might not seem much (maybe best case) but 5% when your battling an opponent who can deploy just as good silicon as you is going to hurt, and if its a bigger hit... ouch.
 
You must log in or register to reply here.
Back
Top Bottom