Info Meltdown and Spectre Vulnerabilities Information

Page 10 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Status
Not open for further replies.


Because they use the same techniques. As far as design philosophy, there isn't a ton of difference in overall CPU design as far as the nuts and bolts go; everyones optimized them pretty much the same exact way. Sure, higher level details and implementations may differ, but the nuts and bolts? Not as much.
 

imrazor

Distinguished
Here are Microsoft's initial findings on the performance impact of the OS patches and microcode updates:

https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/

Naturally, if you're running Windows 7 or 8 you're going to feel the largest impact. M$ really wants you to upgrade to Windows 10 so you're protected (i.e., so they can steal your data instead of hackers.)
 

randomizer

Champion
Moderator


I don't think MS has convinced me to install that abomination yet. My system is so old I don't think it's fast enough to be impacted. :lol:
 

goldstone77

Distinguished
Aug 22, 2012
2,245
14
19,965
I've heard complaints of people running windows 7 saying its slowed it down a lot, and there is some kind of banner showing up while browsing or something telling them their system isn't safe?! MS is probably using this as an excuse to get people to upgrade.
 
Undoubtedly. Well, not really. I mean, Microshaft has NEVER been known to take advantage of opportunities to inject marketing where they thought it might further their own nefarious objectives, have they? #snark.
 

goldstone77

Distinguished
Aug 22, 2012
2,245
14
19,965
Intel’s Meltdown fix freaked out some Broadwells, Haswells
Customers say PCs and servers reboot a lot after fixes. Meanwhile, AMD admits to Spectre problems
By Simon Sharwood, APAC Editor 12 Jan 2018 at 03:27

https://www.theregister.co.uk/2018/01/12/intel_warns_meltdown_spectre_fixes_make_broadwells_haswells_unstable/
Intel has warned that the fix for its Meltdown and Spectre woes might have made PCs and servers less stable.

Chipzilla has slipped out a statement to the effect that “We have received reports from a few customers of higher system reboots after applying firmware updates.” The problems have hit “Broadwell and Haswell CPUs for both client and data center.”


Intel has said that if it needs to create a new fix, it will.

If new code is needed, Intel will need to get it right: the company already faces numerous class action lawsuits. Data centre operators already scrambling to conduct unplanned maintenance will not be happy about the fix reducing stability.

Intel can take some small measure of comfort from the fact it is not alone with having ongoing Meltdown/Spectre worries to handle, as AMD on Thursday confirmed that its kit is vulnerable to Spectre.

The x86 challenger is, happily, immune to meltdown. The company has said that operating system patches alone will address the Spectre bounds check bypass bug. Fixing Spectre’s branch target injection flaw will require firmware fixes that AMD has said will start to arrive for Ryzen and EPYC CPUs this week.

The Register has also asked other server vendors how they’re addressing the bugs. Oracle has patched its Linux, but has told us it has “No comment/statement on this as of now” in response to our query about its x86 systems, x86 cloud, Linux and Solaris on x86. The no comment regarding Linux is odd as fixes for Oracle Linux landed here on January 9th.

SPARC-using Fujitsu, meanwhile, has published advice (PDF) revealing how it will address the twin bugs in its servers and PCs, and also saying its SPARC systems are “under investigation”.

We’ve asked Oracle and Fujitsu for more information and will update this story if they send more information. ®
 

goldstone77

Distinguished
Aug 22, 2012
2,245
14
19,965
Ina Fried 15 hours ago
SAVE
Intel, Microsoft offer differing views on impact of chip flaw

As much of the tech industry tries to assess how a massive chip vulnerability will affect them, Microsoft and Intel differ significantly on how the fixes for the issue impacts performance, especially on older PCs.

Why it matters: There are two big issues here. One is the fact that the flaw affects nearly all chips made in the last decade-plus, meaning there are a lot of machines that need updates. The other is how much the needed software changes will reduce performance.

Intel said on Thursday that the impact is only "slightly higher" on its 6th generation chips compared to more recent processors, and cited one benchmark that shows an 8 percent reduction in performance, even on older processors.

Microsoft said earlier this week that expected a "noticeable" decrease in performance for Windows 7 and Windows 8 PCs using chips made in 2015 or before.

The differing information only adds to a high level of confusion over the recently disclosed vulnerabilities, with differing viewpoints throughout the industry on many issues including over:

the degree to which the vulnerabilities can be fixed on existing products
how hard or easy it will be for the flaws to be exploited
the performance impact of various software fixes on both servers and PCs
 

Isaiah4110

Distinguished
Jan 12, 2012
603
0
19,010


Thanks. I'm monitoring for BIOS updates to an X99 Extreme4 and a Z87 Extreme4. Given that there haven't been any patches released for INTEL-SA-00086 for either of these yet, my hopes aren't very high. Major vendors (Dell, HP, etc.) are releasing updates for systems using CPUs dating back to third gen Intel Core processors (3770 for example), but most MB manufacturers for enthusiast motherboards haven't done so yet.

Doing a quick skim of the links for major manufacturers in the OP, it looks like MSI and ASUS are planning on going all the way back to X99, but not farther. No indications from GIGABYTE that they are going back that far though. Hopefully the major manufacturers end up going back farther than that. If they don't then there will still be a lot of vulnerable systems out there.
 
D

Deleted member 217926

Guest
@juanrga answer other threads in those other threads please.
 

goldstone77

Distinguished
Aug 22, 2012
2,245
14
19,965
Meltdown & Specter: Benchmarks with AMD and Intel on Windows 7 and 10
12.1.2018 16:36 clock Jan-Frederik Timm et al.

https://www.computerbase.de/2018-01/meltdown-spectre-amd-intel-benchmarks/
tl; dr: Since the beginning of 2018, the CPU vulnerabilities Meltdown and Specter are on everyone's lips. And almost as hotly discussed are the expected performance losses through the use of the required patches. ComputerBase can confirm in the test that old Intel CPUs are more affected.
4lMX6Rs.png

Conclusion
Even the Windows update against Meltdown costs on Intel CPUs performance. While Windows 10 has little impact on the tested applications or on the average FPS of the games - neither on a Kaby Lake nor on a Sandy Bridge CPU. But considering the fram times of the games (-4%) and the SSD performance with random accesses with small files (-6%) on Kaby Lake, things look quite different. And Sandy Bridge strikes it even harder: five percent loses the system in games in Windows 10, eleven in Windows 7.

The previously available only on the system with Core i7-7700K microcode update doubled there the performance losses again. This corresponds in the end approximately in a downgrade to the previous CPU generation. The Specter countermeasures Kaby Lake also severely hit the SSD throughput: The performance of random access drops by up to 40 percent. This is the current major concerns of database providers and users justified.

The extent to which Sandy Bridge will be affected by Specter countermeasures in applications and games is currently speculation - it may seem questionable whether there will be any updates. At any rate, the Core i5-2500K already loses more power than the Core i7-7700K with the combination of Windows Update and microcode update.

Only a matter of time is the availability of microcode updates for AMD Ryzen, because those days were made available to the motherboard manufacturers. Currently, it can be stated: Without meltdown vulnerability, power losses from the inactive meltdown patch are also eliminated. However, the editors will keep an eye on what Specter protection will look like.

This also applies to many other aspects: Three CPU architectures with a graphics card in seven benchmarks on two operating systems are far from covering the whole field of the potential impact of serious security vulnerabilities and their correction. Covering everything is impossible. Hints and suggestions are still welcome in the comments.

I show the worst gaming performance impact on windows 7. They only had a windows update patch to compare on Ryzen, and there were no changes in performance. What we need to look for is the microcode bios updates from manufacturers for AMD processors to get a fuller picture of the impact.
 
D

Deleted member 217926

Guest
Still waiting for Gigabyte. My Z170X UD5 hasn't had any updates. My Dell laptop ( i5 5200U ) isn't on the Dell list either. Which is mildly worrying. My 3rd system is an old Lenovo T400 with a Core2 P8400 and a first gen Samsung SSD. I doubt it will get patched and if it does I'll probably retire it. It can't take much of a performance hit and still be usable.
 

goldstone77

Distinguished
Aug 22, 2012
2,245
14
19,965


Computerbase.de also made a comment about Sandybridge being unstable, but the translation to english was a little strange so I didn't included it. I've seen reports of haswell/broadwell and older as well. I think this looks like Microsoft taking advantage of this situation to get people to upgrade.
 
D

Deleted member 217926

Guest


These are firmware related issues I believe.
 

goldstone77

Distinguished
Aug 22, 2012
2,245
14
19,965


Sandy Bridge doesn't have a microcode update available. The tests are just with windows update.
 
D

Deleted member 217926

Guest
The link I posted is firmware. Not sure about Sandy.

We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center.

https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/
 

goldstone77

Distinguished
Aug 22, 2012
2,245
14
19,965
Isn't this interesting the the reports of instability are reported with microcode updates for haswell/broadwell, and older systems with just windows update are experiencing system instability as well.
Sandy Bridge with patch unstable
The patched system with Core i5-2500K not only proved to be slower in the test, it also crashed as the only one repeatedly: The computer was tested twice with Patch in Windows 7, once in Windows 10. The benchmarks without Patch could however, be carried out without dropouts.
https://www.computerbase.de/2018-01/meltdown-spectre-amd-intel-benchmarks/#diagramm-star-wars-battlefront-2-1920-1080-intel-core-i7-7700k
“We are working quickly with these customers to understand, diagnose and address this reboot issue,” Shenoy said in the statement. “If this requires a revised firmware update from Intel, we will distribute that update through the normal channels.”
https://www.reuters.com/article/us-cyber-security-intel/intel-says-patches-can-cause-reboot-problems-in-old-chips-idUSKBN1F101X
 

imrazor

Distinguished
Here's a supposedly complete list of affected CPUs

https://www.techarp.com/guides/complete-meltdown-spectre-cpu-list/

If it's accurate, one of my mothballed PCs may be completely immune. Can anyone verify that an Athlon II X3 435 is not affected by Spectre/Meltdown? I also think it's not one of the AMD CPUs adversely affected by the recent MS patches.
 

juanrga

Distinguished
BANNED
Mar 19, 2013
5,278
0
17,790


That agrees with what Microsoft said. Bigger impact on older hardware on W7.


  • ■ With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.
    ■ With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
    ■ With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
 

I don't believe the problem, at this point, is slowdowns anymore; I'm pretty sure no one doubted MS when they said that. It seems the patches (windows) are making older systems unstable. That is unacceptable. Firmware updates as well, and those tend to be way more delicate.
 

goldstone77

Distinguished
Aug 22, 2012
2,245
14
19,965
Linux 4.15-rc8 Bringing BPF Security Improvements For Fending Speculative Attacks
Written by Michael Larabel in Linux Kernel on 14 January 2018 at 07:56 AM EST.

https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.15-rc8-BPF-Security
With the Linux 4.15-rc8 kernel that is expected for release today as the final step before Linux 4.15, it's still seeing continued security improvements in the wake of the Spectre CPU vulnerabilities.

Landing in the mainline Git tree at this stage of the Linux 4.15 kernel cycle were some security features around BPF, the Berkeley Packet Filter and the related and popular Extended BPF (eBPF) virtual machine for the Linux kernel.

Landing this week was preventing out-of-bounds speculation with the BPF code. This is the BPF-side fix for dealing with the "Variant One" vulnerability for all architectures.

The other addition is adding BPF_JIT_ALWAYS_ON for preventing BPF from being used in a Variant Two style attack. The BPF_JIT_ALWAYS_ON enables the BPF Just-In-Time (JIT) code and removes the BPF interpreter that could be used for launching a Spectre 2 attack.
The BPF JIT is supported on x86/x86_64, ARM/ARM64, SPARC64, and other architectures. BPF starts JIT'ed programs at a randomized location and the code page is marked read-only. There is also other hardening techniques for the BPF JIT to make it better than its interpreter. More details on that with the aforelinked Git commit message.
Linux 4.15 and ahead with Linux 4.16 is quite a busy kernel season. Linus Torvalds should be releasing the final Linux 4.15 release candidate later today.
index : kernel/git/torvalds/linux.git
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=290af86629b25ffd1ed6232c4e9107da031705cb
bpf: introduce BPF_JIT_ALWAYS_ON config
The BPF interpreter has been used as part of the spectre 2 attack CVE-2017-5715.

A quote from goolge project zero blog:
"At this point, it would normally be necessary to locate gadgets in
the host kernel code that can be used to actually leak data by reading
from an attacker-controlled location, shifting and masking the result
appropriately and then using the result of that as offset to an
attacker-controlled address for a load. But piecing gadgets together
and figuring out which ones work in a speculation context seems annoying.
So instead, we decided to use the eBPF interpreter, which is built into
the host kernel - while there is no legitimate way to invoke it from inside
a VM, the presence of the code in the host kernel's text section is sufficient
to make it usable for the attack, just like with ordinary ROP gadgets."

To make attacker job harder introduce BPF_JIT_ALWAYS_ON config
option that removes interpreter from the kernel in favor of JIT-only mode.
So far eBPF JIT is supported by:
x64, arm64, arm32, sparc64, s390, powerpc64, mips64

The start of JITed program is randomized and code page is marked as read-only.
In addition "constant blinding" can be turned on with net.core.bpf_jit_harden
These security updates will be a continuous update process by the looks of it, since they do not fix the problem, but attempt to make it more difficult to exploit.
 

aldaia

Distinguished
Oct 22, 2010
533
18
18,995
Plenty of sites are evaluating the performance impact of the patches and we all have seen Intel AMD and microsoft estimates that tend to minimize the impact. However that does not reflect the real world. The average Joe is seing a very different picture. Here is an example:
Hi guys

My CPU: Intel Corei7 4790K Without Overclock. Mobo: ASUS Z97-K.

After Installing Patch Security (Microsoft Security Update ) For Spectre And Meltdown.

My CPU does not have the previous functionality And ASUS Ai Suite III is Deactivate. It even runs the web browser with a delay
.
How can I clear this security patch?

Thank You For Helping Me.
Help Me Please Guys.

After clearing the security patch ,The system (PC) speed is too low Even software like IDM style was delayed again.
 
All the more reason why I will NOT be installing any further firmware updates for my system. Since it's necessary for malware to be present on the system, and not just malware but SPECIFIC malware that can initiate a side channel attack, and I don't plan to allow that to happen anyhow much less have anything on my system that anybody REALLY wants at in the first place, I see no point in installing any newer BIOS updates and crippling my hardware unnecessarily.

I guess I can't do much about the Windows patches if I want other updates, but I can control the firmware, so, not happening. I'll take my chances.
 
Status
Not open for further replies.