There isn't going to be a microcode patch for any CPUs except maybe Skylake-X, Kaby Lake and Coffee Lake. This bug apparently affects CPUs back to Westmere, maybe even further, so the OS patches will have to remain in place.
-
Competitor rules
Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.
If a load instruction executed in user mode attempts to access an address that might be in kernel memory space, an exception will be generated (a protection fault). However, a side effect is that the L1 cache is updated if the address is valid and not updated if the address is not valid. Because modern processors are superscalar (execute more than 1 instruction at once), there is a very small timing window where it appears possible to observe a performance difference in L1 cache behaviour that can leak information on whether the address is valid or not, even when both valid and invalid addresses both yield an exception. With some effort, this theoretically permits determining where kernel memory is mapped. This removes the benefits of randomising kernel memory space layout, which is generally reckoned to be a big safety gain over a predictable layout of kernel memory space. The reason for the variation in quoted performance impacts is because the patch involves additional work being performed each time a system call, interrupt or exception is handled - and the rate at which these are handled varies tremendously with the particular workload.
Windows, Linux and macOs all need changes to prevent this information being leaked. The impact of the leak is most severe with VMs as this is a context where security is most relevant.
This https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/ article provides the clues I am using.
Last edited:
Associate
For the average user this is not a problem if it was it would have been fixed many years back but it just shows how intel have been taking shortcuts to keep performance up.
Well my new system is a Skylake-X system. So time will tell if they can fix the issue with microcode but the article said that it probably won't be able to be fixed with microcode even on the latest CPUs. But as I said gaming and video rendering don't seem to be affected so that is something I guess.
It may not be a security problem, but it will be a performance problem when the OS kernel updates roll out.
The articles so far have been pretty sensationalist with very little in the way of information to back any of those claims. We don't know how performance will be with further optimizations, only the initial patch based on the phoronix benches, which seem to show it probably won't affect 99% of what regular users do.
We'll find out more tomorrow when the embargo is up.
We'll find out more tomorrow when the embargo is up.
I do agree with you that caution should be used. However this is a big deal. Having spoken to some unix devs at work. This will not be a fire and forget patch, there will be a number of patches released from unix and windows land untill they get it right. I suspect we will not know the full extent of the problem for a few months.
The games Phoronix tested are light on the CPU and will be GPU limited. Testing BF1 in a 64 man server might show a different story, although since I'm not an expert I don't know.
Also, the register article mentions that newer architectures have hardware features that mitigate this problem to some extent such as PCID (I can't find info on which chips support this so I don't know how new). Given I have Haswell-E I'm slightly concerned, we'll have to wait and see what the impact will be.
Soldato
I hope Intel don't end up making money from this from server farms having to buy more cpus...
Not saying that it's not a big deal, it's a pretty major security flaw, but people were predicting apocalypse coming performance wise, which based on the initial patch probably won't come. Remains to be seen how further patches/microcode updates will impact performance.
Either way, we'll get more concrete info tomorrow.
@ltron Westmere and up.
Associate
I think it's more the fact that there could be any performance loss is what people are getting worked up about. By all means you do not have to apply the patch that fixes the problem but you are taking the risk of keeping that flaw in your system. It will be a choice of security vs performance and i'll take security any-day. I am actually hoping AMD's PR machine takes advantage of this once the embargo is lifted
Yes the patch messed with everyone but AMD users are told to disable it.
Associate
AMD CPU's are not affected by the flaw but were initially forced in the linux patch to have the fix enabled which resulted in lower performance.
Yes but the performance regression will be reversed for AMD CPUs very shortly. I think the patch is already committed.
Basically for gaming I think this will have little to no effect, whereas for data centres and VM farms it will have a large effect.
I'll keep an eye on this thread and other threads and see what people are saying.
Both important in servers...
If final solution can't lower performance penalty to lot lower level this is going to make Intel lot less attractive for servers.
And quite big moneys move in there.
So this might give major chance for AMD to get to position where they can keep competitive by having more money to put into R&D.
I imagine big companies who have invested a lot of money into Intel will take them to court. I can see Intel being forced to offer partial refunds or replacements if the performance numbers are true.
This is going to be a huge win for AMD.
I dunno about SQL but File IO is often an area that Intel has dominated especially in the kind of methods common in high end usage - even with these performance decreases it probably isn't enough to give AMD an edge in the cases where IO matters and Intel have the lead.
Soldato
This is good news for AMD at least. Will make them look better in light of security and if they have also gained a few % performance increase then it's win win over Intel in the data centre.