• Guest, The rules for the P & N subforum have been updated to prohibit "ad hominem" or personal attacks against other posters. See the full details in the post "Politics and News Rules & Guidelines."

Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 19 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

Rifter

Lifer
Oct 9, 1999
11,518
747
126
There is no easy yes/no answer , patches are still being worked on , but the overall indication so far , gaming performance will not take a hit that is noticeable to the user.
gaming appears to be only a few percent slower.

What worries me is some of the stuff that has been posted about the nvme ssd performance tanking around 8%, this would, in theory, have an impact on any program accessing the SSD to a 8% effect on performance would it not? This sounds like something that would indeed effect all users no matter how intel is trying to spin it.

Hopefully in a few weeks this is worked out and someone does a very thorough and comprehensive testing on it.
 

Phynaz

Lifer
Mar 13, 2006
10,140
817
126
I think most people get what you mean, it's just that the larger context here is that the fix fixes something specific (the exploit) that isn't a problem on AMD's recent CPUs. So it's not that the same or similar "hole" in the design couldn't be exploited in a different way in the future, it's that if that happens the current fix might not prevent that and if that's the case AMD CPUs have been punished simply because Intel CPUs had to be addressed.

I think that's the context.
The larger context isn't that this attack or that attack can affect a particular CPU. That's missing the forest for the trees. The larger context that all the fanboys (on both sides) are missing is that this opens a new attack vector that fundamentally affects how every CPU and GPU is designed. In order to mitigate these issues is going to require processor core and OS redesigns across the board.

This isn't an Intel vs. AMD thing as some are trying to make it out to be. This affects the fundamental aspects of speculative execution.
 
May 11, 2008
18,309
829
126
gaming appears to be only a few percent slower.

What worries me is some of the stuff that has been posted about the nvme ssd performance tanking around 8%, this would, in theory, have an impact on any program accessing the SSD to a 8% effect on performance would it not? This sounds like something that would indeed effect all users no matter how intel is trying to spin it.

Hopefully in a few weeks this is worked out and someone does a very thorough and comprehensive testing on it.
I wonder how it would affect the strong point of xpoint drives, namely the IOPS.
This would also affect the strong point of 3d xpoint ssd that is promoted in commercials.
I hope for Intel that their next generation of cpu's does not have this flaw and the patch is not needed for these next generation of cpu's.
 
  • Like
Reactions: lightmanek

crazylocha

Member
Jun 21, 2010
45
0
66
Rifter,
Agree from preliminary results that heavy SSD/nvme/m.2 access seems to be taking a hit.

Makes me wonder if the majority of YouTube tech reviewers that opted for the 7980X are going to put their two cents in, as most of that particular choice was made for their content creation machines. Adobe Premiere being the main program used for editing videos etc, if hit hard enough, how many will rethink the choice of 7980 vs threadripper and publish videos accordingly.

With the internet media that is primary source for reviews for the younger generations, how much is that going to sway purchasing in the next 10ish years for them the same way Intel branding is now for us in the over 30 crowd.

The bars around CES ought to be really interesting this year
 

StinkyPinky

Diamond Member
Jul 6, 2002
6,559
482
126
From what I have seen so far, it seems 4K read times are impacted quite a lot (~10%) just with the latest windows patch. That's not even to say any bios/firmware updates may be needed.

On the flip side, many other aspects of IO performance seems to have no impact.
 

Malogeek

Golden Member
Mar 5, 2017
1,390
778
106
yaktribe.org
Redhat has stated the measured performance impact of the Linux patches varies from less than 2% up to 10% based upon workload.
I'm sure large datacenter clients won't really be happy about their bills being 10% higher lol. For big companies that can mean 6 figure increases monthly.
 

Rifter

Lifer
Oct 9, 1999
11,518
747
126
I'm sure large datacenter clients won't really be happy about their bills being 10% higher lol. For big companies that can mean 6 figure increases monthly.
Not to mention the hardware upgrade costs, these datacenters spent millions to upgrade their CPU's just to have this patch likely nerf their performance down below the levels of the systems they upgraded from, depending on workloads.

This is certainly alot worse than intel is letting on, at least for datacenters.
 
May 11, 2008
18,309
829
126
Well, thanks to elixer who had a nice post:
https://forums.anandtech.com/threads/kernel-memory-leaking-intel-processor-design-flaw.2532621/#post-39244658

https://support.microsoft.com/en-gb/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
https://support.microsoft.com/en-gb/help/4073119/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe

It seems the lates windows 10 update (KB4056892) does not enable support when the processor is not vulnerable to it( That is, if i interpret it correctly):

https://googleprojectzero.blogspot.nl/2018/01/reading-privileged-memory-with-side.html
  • Variant 1: bounds check bypass (CVE-2017-5753)
  • Variant 2: branch target injection (CVE-2017-5715)
  • Variant 3: rogue data cache load (CVE-2017-5754)
https://www.amd.com/en/corporate/speculative-execution

Variant One : Bounds Check Bypass : Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.
Variant Two : Branch Target Injection : Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.
Variant Three : Rogue Data Cache Load : Zero AMD vulnerability due to AMD architecture differences.
This is the output from powershell when testing :
Since i have an AMD cpu, the security fix seems to not be enabled since it is unnecessary.

Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: False
.


edit:
Forgot to note that when you do the powershell thing, do not forget to do a
Set-executionpolicy Restricted afterwards.
Or Set-executionpolicy default will do.
I think that is better for safety.
Check with Get-executionpolicy that it is set to restriced which is default.

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-5.1
 
Last edited:

SPBHM

Diamond Member
Sep 12, 2012
4,998
355
126
C2D on 32bit win10
Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: False
Windows OS support for kernel VA shadow is enabled: False
 
Last edited:

Markfw

CPU Moderator, VC&G Moderator, Elite Member
Super Moderator
May 16, 2002
21,407
9,468
136
I haven't read Intel's statements, as I never believe any company's PR. I read the researchers papers that state AMD processors speculatively execute instructions after an exception just like Intel's. As do ARM's processors and IBM's. As the authors said, just because they didn't exploit this on an AMD CPU doesn't mean it's not exploitable. The researchers also said they couldn't get their code to cause the condition on ARM, but ARM has stated that some of their architectures are vulnerable.



I might believe AMD if they disclose what the "near zero" statement means. I'm speculating it has something to do with their earlier statements about page faults. They claim this doesn't occur in AMD CPUs when a page fault occurs. What about if a page fault doesn't occur?
I believe everybody here who says AMD is safe, are talking about the meltdown variant, the bad one that everyone is most worried about, and the one that has a fix with a big performance penalty. Please specify which variant you are commenting about, otherwise it could be construed as trolling.
 

sze5003

Lifer
Aug 18, 2012
13,453
335
126
Hmm I wonder what third party apps I'll have issues with now after the update. Waiting until work is done so I can reboot. One guy had to uninstall some Asus suite tools which I would probably not have on there anyway.
 

Malogeek

Golden Member
Mar 5, 2017
1,390
778
106
yaktribe.org
This is the output from powershell when testing :
Since i have an AMD cpu, the security fix seems to not be enabled since it is unnecessary.
I've confirmed this on my systems as well for Meltdown.

Ryzen 1700:
Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: False

Both Intel's installed:
Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID optimization is enabled: False
 

Phynaz

Lifer
Mar 13, 2006
10,140
817
126
It seems the lates windows 10 update (KB4056892) does not enable support when the processor is not vulnerable to it( That is, if i interpret it correctly):
I didn't get that from the linked KB article. The article was specifically about manually enabling the mitigation on Windows Server 2016.

Edit: Malogeek beat me, looks like it.
 
May 11, 2008
18,309
829
126
I didn't get that from the linked KB article. The article was specifically about manually enabling the mitigation on Windows Server 2016.

Edit: Malogeek beat me, looks like it.
I added the extra link for the windows 10 client below the server text.
 

ASK THE COMMUNITY