Meltdown and Spectre Vulnerabilities Information

Page 16 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.

Yuka

Splendid


Then put the original thread name in it, please. I don't think this will be just passing news and I don't see this as useless discussion.

The original thread name was "cpu security vulnerabilities information". You can crosscheck with the URL if you like.

Cheers!
 

8350rocks

Distinguished


What *is* genuine about this is the following:

■ If you feed your BIOS a malicious update, or your CPU a malicious microcode update it can be compromised.

■ If you have physical access to a machine and administrative privileges the machine will be compromised.

Also, I love that they specifically state that the bad BIOS and/or microcode update would require administrative physical access to the BIOS, and would require to be implemented upon each reboot.

From a professional standpoint: The 2 above points are true of any processor, from any architecture, anywhere on the planet. The fact that they single out AMD for this is absurd.

The rest of the "security whitepaper" reads like a filthy PR blurb.

 

Yuka

Splendid


Could be simple optics. They're the "first line of defense" (if you like), so they need to be proactive about a big visibility issue like this.

The other option, Intel and AMD are willing to support MS with some funding for this Bounty Program.

Cheers!
 


Because it's their customers that get hit as a part of the flaws. Plus it costs them a lot of time and effort to patch the OS with temporary workarounds for HW problems, so it's cheaper for them in the long run to pay people to find the HW problems ahead of time so they actually get fixed.
 

jaymc

Distinguished
Dec 7, 2007
561
0
18,980
0
How Spectre And Meltdown Mitigation Hits Xeon Performance:
https://www.nextplatform.com/2018/03/16/how-spectre-and-meltdown-mitigation-hits-xeon-performance/

1
WordPress test using HHVM had about a 10 percent performance impact across the Xeon systems tested (Skylake did 91 percent, Broadwell and Haswell did 90 percent), and this PHP application has more user-kernel transitions, driven by the I/O requests coming into the servers, so the impact is greater.

2
On the one set of FIO tests, Intel used 64 KB block sizes, with one core is pegged with two NVM-Express flash drives, and the idea was to just hammer that core as much as possible. Thanks to the Skylake architecture change, there was no performance impact. On the Broadwell machines, there was a 30 percent hit and on Haswell there was a 27 percent hit. Shifting to a smaller 4 KB block size with the same two NVM-Express drives hitting a single core, the Skylake machine Took a 32 percent performance hit running the FIO test, and the Broadwell machine saw its performance drop by 59 percent and the Haswell by 60 percent. All that boundary crossing really hurts performance.

3
Now, with 4 KB block sizes, it is still a big deal, but the performance impact was a lot lower once the Retpoline approaches were used. The Skylake machine only lost 18 percent of its performance after applying the Spectre and Meltdown patches, the Broadwell machine only lost 22 percent, and the Haswell machine only lost 20 percent.

4
Rest of the test had 1-2% decrease in performance
 

Yuka

Splendid
Well, the impact we saw in our own Ivy-E era machines is ~30%. Usage went from 20%-25% to 50%-55%. The infrastructure got their lifespan reduced by some years and projects have been put into re-sizing mode over traffic.

We all saw that coming in all honesty, so it's been dealt with. It's so sad, really.

Cheers!
 
https://arstechnica.com/gadgets/2018/03/its-not-just-spectre-researchers-reveal-more-branch-prediction-attacks/

New attack vectors found against branch predictors.

As I noted a few weeks back: This is going to progressively get worse and worse as the onion gets peeled back.
 

Turb0Yoda

Dignified
Herald



Looks like I'm a few days late on this one :/
 

goldstone77

Honorable
Aug 22, 2012
2,219
2
11,960
85
Intel has slowly been deploying mitigations for Spectre/Meltdown for recent platforms. In the most recent microcode revision guidance, Intel has indicated it will not deploy any microcode mitigations for the recently disclosed flaws for older processor platforms. Intel cited the following reasons:

“After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons including, but not limited to the following:

Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)
Limited Commercially Available System Software support
Based on customer inputs, most of these products are implemented as ‘closed systems’ and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.
The following CPU families now list a “stopped” status regarding microcode updates:

Bloomfield
Clarksfield
Gulftown
Harpertown
Jasper Forest
Penryn
SoFIA
Wolfdale
Yorkfield


At this point, it’s no secret that mitigating Spectre/Meltdown has been a trying affair, with both Microsoft and Intel struggling to stabilize previous patches that triggered reboots, crashes, and various performance effects. Being that most of the aforementioned chip families are a decade old, Intel may very will not deem the update worth the effort. Additionally, the microcode updates can only be delivered via BIOS (motherboard OEMs) or OS patch (Microsoft, etc.), and these vendors may or may not be willing to support hardware this old.

- Eric Hamilton
https://www.gamersnexus.net/industry/3280-intel-limits-meltdown-spectre-updates-older-cpus

Mostly what we already expected... Older systems with older CPUs will not receive protection from vulnerabilities via microcode.
 

Yuka

Splendid


Probably because of this: "The update exposes control over the Indirect Branch Prediction Barrier, or IBPB, within AMD CPUs that support the feature".

It is implied in that sentence that not all AMD CPUs support IBPB, so older models might not need patching.

Cheers!
 

juanrga

Distinguished
BANNED
Mar 19, 2013
5,278
0
17,790
1


All models need patching.
 

juanrga

Distinguished
BANNED
Mar 19, 2013
5,278
0
17,790
1


AMD released microcode only up to Bulldozer

In addition, microcode updates with our recommended mitigations addressing Variant 2 (Spectre) have been released to our customers and ecosystem partners for AMD processors dating back to the first “Bulldozer” core products introduced in 2011.
 

Similar threads


ASK THE COMMUNITY