• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Intel bug incoming? Meltdown and Spectre exploits

After applying the patch i did a few passes just to make sure what I was seeing wasn't skewed by something in the background.

Before
Code: 
* MB/s = 1,000,000 bytes/s [SATA/600 = 600,000,000 bytes/s]
* KB = 1000 bytes, KiB = 1024 bytes

   Sequential Read (Q= 32,T= 1) :  1685.553 MB/s
  Sequential Write (Q= 32,T= 1) :   594.327 MB/s
  Random Read 4KiB (Q=  8,T= 8) :   659.853 MB/s [ 161096.9 IOPS]
 Random Write 4KiB (Q=  8,T= 8) :   587.724 MB/s [ 143487.3 IOPS]
  Random Read 4KiB (Q= 32,T= 1) :   251.397 MB/s [  61376.2 IOPS]
 Random Write 4KiB (Q= 32,T= 1) :   199.730 MB/s [  48762.2 IOPS]
  Random Read 4KiB (Q=  1,T= 1) :    36.348 MB/s [   8874.0 IOPS]
 Random Write 4KiB (Q=  1,T= 1) :    88.460 MB/s [  21596.7 IOPS]

  Test : 1024 MiB [C: 19.0% (88.2/464.1 GiB)] (x5)  [Interval=5 sec]
  Date : 2018/05/16 11:06:05
    OS : Windows 10  [10.0 Build 17134] (x64)

After
Code: 
* MB/s = 1,000,000 bytes/s [SATA/600 = 600,000,000 bytes/s]
* KB = 1000 bytes, KiB = 1024 bytes

   Sequential Read (Q= 32,T= 1) :  1707.491 MB/s
  Sequential Write (Q= 32,T= 1) :   192.551 MB/s
  Random Read 4KiB (Q=  8,T= 8) :   648.985 MB/s [ 158443.6 IOPS]
 Random Write 4KiB (Q=  8,T= 8) :    46.129 MB/s [  11262.0 IOPS]
  Random Read 4KiB (Q= 32,T= 1) :   261.102 MB/s [  63745.6 IOPS]
 Random Write 4KiB (Q= 32,T= 1) :    26.257 MB/s [   6410.4 IOPS]
  Random Read 4KiB (Q=  1,T= 1) :    34.924 MB/s [   8526.4 IOPS]
 Random Write 4KiB (Q=  1,T= 1) :     0.974 MB/s [    237.8 IOPS]

  Test : 1024 MiB [C: 19.0% (88.2/464.1 GiB)] (x5)  [Interval=5 sec]
  Date : 2018/05/16 21:16:31
    OS : Windows 10  [10.0 Build 17134] (x64)
 
ltron said:
They haven't even bothered to release a patch with the Spectre microcode for 1803 yet even though this is available for earlier versions and would be trivial to do. They really like taking their sweet time.
Click to expand...

MS probably don't want to get blamed for any performance drop in 1803 that is actually caused by the Spectre/Meltdown mitigation.
 
bios.jpg
 
An update: https://m.heise.de/security/meldung/CPU-Sicherheitsluecken-Spectre-NG-Updates-rollen-an-4051900.html?wt_ref=https://www.google.co.uk/&wt_t=1526941561430

Apparently, Spectre V4 also affects at least some models of AMD, ARM and IBM chips, but it is unclear to what extent. There is very little info on Spectre v3 yet, but it seems to primarily affect ARM although Intel is somewhat affected too. The microcode updates for Spectre v4 will result in another 2-8% performance hit in certain tasks according to Intel! That's a whole generation of performance improvements for Intel processors.
 
Last edited:
ltron said:
An update: https://m.heise.de/security/meldung/CPU-Sicherheitsluecken-Spectre-NG-Updates-rollen-an-4051900.html?wt_ref=https://www.google.co.uk/&wt_t=1526941561430

Apparently, Spectre V4 also affects at least some models of AMD, ARM and IBM chips, but it is unclear to what extent. There is very little info on Spectre v3 yet, but it seems to primarily affect ARM although Intel is somewhat affected too. The microcode updates for Spectre v4 will result in another 2-8% performance hit in certain tasks according to Intel! That's a whole generation of performance improvements for Intel processors.
Click to expand...

pete910 said:
translated link :rolleyes:

https://translate.google.co.uk/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https://m.heise.de/security/meldung/CPU-Sicherheitsluecken-Spectre-NG-Updates-rollen-an-4051900.html?wt_ref=https%3A%2F%2Fwww.google.co.uk%2F&wt_t=1526941561430&edit-text=&act=url
Click to expand...


https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/

What the author of the article actually said, or at least a translation of it.

[Updates:] In a blog post, Intel provides more speculative store bypass (Specter V4) details, as does Red Hat . According to Red Hat, Intel processors include AMD and ARM, as well as IBM processors Power8, Power9 and System Z. According to Intel, the shutdown of memory disambiguation reduces system performance by 2 to 8 percent in benchmarks such as BAPCo SYSmark 2014 SE and SPECint_rate_base_2006.
Click to expand...

The translation turned that into gobbledygook, who knows what he is actually saying.
I'm guessing, Itron that you got that because the word AMD in mentioned in the same sentence?

So i actually read the article they cite as source, its written by Intel and doesn't say anything at all about AMD, in fact the word AMD or Advanced Micro Devices isn't even the article at all.

So no :)

This is what Intel actually say about it.

Like the other GPZ variants, Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. In this case, the researchers demonstrated Variant 4 in a language-based runtime environment. While we are not aware of a successful browser exploit, the most common use of runtimes, like JavaScript, is in web browsers.

Starting in January, most leading browser providers deployed mitigations for Variant 1 in their managed runtimes – mitigations that substantially increase the difficulty of exploiting side channels in a web browser. These mitigations are also applicable to Variant 4 and available for consumers to use today. However, to ensure we offer the option for full mitigation and to prevent this method from being used in other ways, we and our industry partners are offering an additional mitigation for Variant 4, which is a combination of microcode and software updates.

We’ve already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors, and we expect it will be released into production BIOS and software updates over the coming weeks. This mitigation will be set to off-by-default, providing customers the choice of whether to enable it. We expect most industry software partners will likewise use the default-off option. In this configuration, we have observed no performance impact. If enabled, we’ve observed a performance impact of approximately 2 to 8 percent based on overall scores for benchmarks like SYSmark® 2014 SE and SPEC integer rate on client1 and server2 test systems.
Click to expand...
 
humbug said:
https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/

What the author of the article actually said, or at least a translation of it.



The translation turned that into gobbledygook, who knows what he is actually saying.
I'm guessing, Itron that you got that because the word AMD in mentioned in the same sentence?

So i actually read the article they cite as source, its written by Intel and doesn't say anything at all about AMD, in fact the word AMD or Advanced Micro Devices isn't even the article
Click to expand...

Hi, I got this info from: https://access.redhat.com/security/vulnerabilities/ssbd
and https://www.amd.com/en/corporate/security-updates

AMD are affected, but it sounds like they are barely affected at all and they make no mention of microcode updates whereas Intel do. I have always been of the opinion, from everything we've seen so far, that if AMD are affected at all by any of these vulnerabilities then they are affected to a much lesser degree than Intel which is why I used the word "Apparently" as we didn't have much info. It's also good that the mitigation doesn't have to be enabled for everything all the time so we won't see any performance impact where it's not enabled which is in most things.

I personally would be hesitant if I were looking to buy an Intel CPU today as there are at least six more vulnerabilities to come and I've definitely noticed the hit from Spectre V2 on my I7 5820K with an average performance hit of 3% though very rarely some scenes have up to a 30% hit. Also, game load times are up by at least 5 seconds in many cases.
 
Last edited:
“Speculative Store Bypass” Vulnerability Mitigations for AMD Platforms
5/21/18

Today, Microsoft and Google Project Zero researchers have identified a new category of speculative execution side channel vulnerability (Speculative Store Bypass or SSB) that is closely related to the previously disclosed GPZ/Spectre variant 1 vulnerabilities. Microsoft has released an advisory on the vulnerability and mitigation plans.

AMD recommended mitigations for SSB are being provided by operating system updates back to the Family 15 processors (“Bulldozer” products). For technical details, please see the AMD whitepaper. Microsoft is completing final testing and validation of AMD-specific updates for Windows client and server operating systems, which are expected to be released through their standard update process. Similarly, Linux distributors are developing operating system updates for SSB. AMD recommends checking with your OS provider for specific guidance on schedules.

Based on the difficulty to exploit the vulnerability, AMD and our ecosystem partners currently recommend using the default setting that maintains support for memory disambiguation.

We have not identified any AMD x86 products susceptible to the Variant 3a vulnerability in our analysis to-date.

As a reminder, security best practices of keeping your operating system and BIOS up-to-date, utilizing safe computer practices and running antivirus software are always the first line of defense in maintaining device security.
Click to expand...

Source https://www.amd.com/en/corporate/security-updates

Is bulldozer the Phenom chips or the later fx8xxx series ?
 
ltron said:
Hi, I got this info from: https://access.redhat.com/security/vulnerabilities/ssbd
and https://www.amd.com/en/corporate/security-updates

AMD are affected, but it sounds like they are barely affected at all and they make no mention of microcode updates whereas Intel do. I have always been of the opinion, from everything we've seen so far, that if AMD are affected at all by any of these vulnerabilities then they are affected to a much lesser degree than Intel which is why I used the word "Apparently" as we didn't have much info. It's also good that the mitigation doesn't have to be enabled for everything all the time so we won't see any performance impact where it's not enabled which is in most things.

I personally would be hesitant if I were looking to buy an Intel CPU today as there are at least six more vulnerabilities to come and I've definitely noticed the hit from Spectre V2 on my I7 5820K with an average performance hit of 3% though very rarely some scenes have up to a 30% hit. Also, game load times are up by at least 5 seconds in many cases.
Click to expand...

Ouch, ok thanks :)
 
Ad_Augendae said:
After applying the patch i did a few passes just to make sure what I was seeing wasn't skewed by something in the background.

Before
Code: 
* MB/s = 1,000,000 bytes/s [SATA/600 = 600,000,000 bytes/s]
* KB = 1000 bytes, KiB = 1024 bytes

   Sequential Read (Q= 32,T= 1) :  1685.553 MB/s
  Sequential Write (Q= 32,T= 1) :   594.327 MB/s
  Random Read 4KiB (Q=  8,T= 8) :   659.853 MB/s [ 161096.9 IOPS]
 Random Write 4KiB (Q=  8,T= 8) :   587.724 MB/s [ 143487.3 IOPS]
  Random Read 4KiB (Q= 32,T= 1) :   251.397 MB/s [  61376.2 IOPS]
 Random Write 4KiB (Q= 32,T= 1) :   199.730 MB/s [  48762.2 IOPS]
  Random Read 4KiB (Q=  1,T= 1) :    36.348 MB/s [   8874.0 IOPS]
 Random Write 4KiB (Q=  1,T= 1) :    88.460 MB/s [  21596.7 IOPS]

  Test : 1024 MiB [C: 19.0% (88.2/464.1 GiB)] (x5)  [Interval=5 sec]
  Date : 2018/05/16 11:06:05
    OS : Windows 10  [10.0 Build 17134] (x64)

After
Code: 
* MB/s = 1,000,000 bytes/s [SATA/600 = 600,000,000 bytes/s]
* KB = 1000 bytes, KiB = 1024 bytes

   Sequential Read (Q= 32,T= 1) :  1707.491 MB/s
  Sequential Write (Q= 32,T= 1) :   192.551 MB/s
  Random Read 4KiB (Q=  8,T= 8) :   648.985 MB/s [ 158443.6 IOPS]
 Random Write 4KiB (Q=  8,T= 8) :    46.129 MB/s [  11262.0 IOPS]
  Random Read 4KiB (Q= 32,T= 1) :   261.102 MB/s [  63745.6 IOPS]
 Random Write 4KiB (Q= 32,T= 1) :    26.257 MB/s [   6410.4 IOPS]
  Random Read 4KiB (Q=  1,T= 1) :    34.924 MB/s [   8526.4 IOPS]
 Random Write 4KiB (Q=  1,T= 1) :     0.974 MB/s [    237.8 IOPS]

  Test : 1024 MiB [C: 19.0% (88.2/464.1 GiB)] (x5)  [Interval=5 sec]
  Date : 2018/05/16 21:16:31
    OS : Windows 10  [10.0 Build 17134] (x64)
Click to expand...

That's quite a hit.
 
ltron said:
Hi, I got this info from: https://access.redhat.com/security/vulnerabilities/ssbd
and https://www.amd.com/en/corporate/security-updates

AMD are affected, but it sounds like they are barely affected at all and they make no mention of microcode updates whereas Intel do. I have always been of the opinion, from everything we've seen so far, that if AMD are affected at all by any of these vulnerabilities then they are affected to a much lesser degree than Intel which is why I used the word "Apparently" as we didn't have much info. It's also good that the mitigation doesn't have to be enabled for everything all the time so we won't see any performance impact where it's not enabled which is in most things.

I personally would be hesitant if I were looking to buy an Intel CPU today as there are at least six more vulnerabilities to come and I've definitely noticed the hit from Spectre V2 on my I7 5820K with an average performance hit of 3% though very rarely some scenes have up to a 30% hit. Also, game load times are up by at least 5 seconds in many cases.
Click to expand...

There are a few posters here who will deny, deny, deny, deflect, personal attack if you even hint there might be a problem AMD wise - even if AMD themselves put in black and white on their web-site :s

On the Intel side unfortunately if you are doing stuff like VMs, etc. where security is a concern then the OS patches and microcode updates just aren't optional but for a gaming PC assuming it is just normal gaming and a bit of casual browsing, etc. aside from needing browser mitigations there is limited exposure to remote intrusion via these exploits.
 
Rroff said:
There are a few posters here who will deny, deny, deny, deflect, personal attack if you even hint there might be a problem AMD wise - even if AMD themselves put in black and white on their web-site :s

On the Intel side unfortunately if you are doing stuff like VMs, etc. where security is a concern then the OS patches and microcode updates just aren't optional but for a gaming PC assuming it is just normal gaming and a bit of casual browsing, etc. aside from needing browser mitigations there is limited exposure to remote intrusion via these exploits.
Click to expand...

Who might that be? when using abroad brush you tar everyone Roff.
 
Rroff said:
There are a few posters here who will deny, deny, deny, deflect, personal attack if you even hint there might be a problem AMD wise - even if AMD themselves put in black and white on their web-site :s

On the Intel side unfortunately if you are doing stuff like VMs, etc. where security is a concern then the OS patches and microcode updates just aren't optional but for a gaming PC assuming it is just normal gaming and a bit of casual browsing, etc. aside from needing browser mitigations there is limited exposure to remote intrusion via these exploits.
Click to expand...
Yes, I'll see how things go re the performance hit. In most cases it's not noticeable other than having to wait a bit longer for your game to load which is annoying considering I spent money on an SM961 NVME drive.

However, I read an article that suggested that the currently optional microcode updates will eventually be made mandatory and automatically distributed through Windows Update. So I'll wait and see what happens.

I do think Microsoft should be clearer on the threat to normal users and why they've made the microcode updates optional and whether they intend to change this. I mean Intel say everyone should update so I assume they believe consumers should do so.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom