• Guest, The rules for the P & N subforum have been updated to prohibit "ad hominem" or personal attacks against other posters. See the full details in the post "Politics and News Rules & Guidelines."

Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 24 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

goldstone77

Senior member
Dec 12, 2017
217
93
61
Only in Crystaldiskmark alone.Not in ATTO. I have near zero influence on my rig (Win10pro, 8700k, 960Pro 1TB).
The last storage focused test I ran was ATTO Disk Benchmark and here we find something interesting. These are all sequential tests so the 4K results here won’t necessarily reflect what we saw previously and they clearly don’t. However as the file size grows to 16 kilobytes we start to see a noticeable drop in performance with the update. The drop off isn’t as significant as the 4K read results seen previously but we are seeing up to a 9% reduction in throughput.
https://www.techspot.com/article/1554-meltdown-flaw-cpu-performance-windows/
Here is the link to the article.
 

CatMerc

Golden Member
Jul 16, 2016
1,114
1,148
136
ok, i did NOT have that information.

Was it Google that knew, or Intel? If Google's research team knows but they had not disclosed it yet, Intel might still be able to save themselves.
Google knew and informed the entire industry to mitigate this.
 

noneis

Junior Member
Mar 4, 2017
21
29
61
Spectre #2
- Intel pre-Skylake needs retpoline mitignation (very low performance hit)
- For Intel Skylake an newer retpoline is not enough -> perfromance hit incoming (according to Intel IBRS is "horribly slow")
- AMD doesn't need retpoline, lfence is enough.

source: https://twitter.com/never_released
 
  • Like
Reactions: DarthKyrie

LTC8K6

Lifer
Mar 10, 2004
28,520
1,573
126
Waiting out this gen of chips has proved to be the right course of action.

Those who waited can wait some more, and then be able to build their new system without any of these vulnerabilities.

Hopefully. :)

If your system is a few years old and you have been waiting, then wait a little longer for the next gen of chips before spending
your hard earned money.
 
  • Like
Reactions: lightmanek

zinfamous

No Lifer
Jul 12, 2006
106,149
21,139
136
i'm gonna side with cpu manufacturers saying "it works as intended".

in other news, Lamborghini willingly released their latest car knowing full well at launch that the tires it comes equipped with are subject to a defect where if an attacker lays spikes in front of the oncoming vehicle, the tires can be punctured.
Also locks that can be opened, the chassis is susceptible to fires when covered in gasoline, and the windshield will shatter if simply struck with an 8-pound hammer.

a vulnerability is not a defect. the FDIV floating point bug was a defect. in common market products, you might have a slim chance if it was proven that a manufacturing company skipped common tests for common vulnerability, such as a company that produces roof tiles and does not test them for rain.

when it comes down to research-based technology, you just don't have a chance. unless you prove that they *knew* the vulnerability existed and went into production anyway ...
It depends on where this vulnerability came from and why it is there. I'm the cynical type, so when I see the claim "It works as intended," it absolutely means:

1. We knew this was a real exploit and security concern
2. We did it anyway because we needed to cram in some hidden performance to overtake our competitors
3. We really, really, really hoped you wouldn't notice
4. Oh, those guys over there? Their hardware also has vulnerabilities that may or may not be kinda as bad as ours, you know?
 

zinfamous

No Lifer
Jul 12, 2006
106,149
21,139
136
Waiting out this gen of chips has proved to be the right course of action.

Those who waited can wait some more, and then be able to build their new system without any of these vulnerabilities.

Hopefully. :)

If your system is a few years old and you have been waiting, then wait a little longer for the next gen of chips before spending
your hard earned money.
Yeah, unintended for me, lol. I was more or less waiting for a decent Vega 56 release, priced well, and available....so I continue to wait. Still haven't bought my Ryzen (Was also waiting for good mATX boards, as well). Now it's no big thing to wait for Zen+ in a couple of months. By then, I expect the issues that actually effect AMD will be ironed out and part of an initial update.

Can these be done through BIOS? I've only read that they were software/OS fixes.

...but also smaller and better PSUs are finally starting to show up, so all of these delays are helpful.
 

LTC8K6

Lifer
Mar 10, 2004
28,520
1,573
126
Yeah, unintended for me, lol. I was more or less waiting for a decent Vega 56 release, priced well, and available....so I continue to wait. Still haven't bought my Ryzen (Was also waiting for good mATX boards, as well). Now it's no big thing to wait for Zen+ in a couple of months. By then, I expect the issues that actually effect AMD will be ironed out and part of an initial update.

Can these be done through BIOS? I've only read that they were software/OS fixes.

...but also smaller and better PSUs are finally starting to show up, so all of these delays are helpful.
I don't know, I'm still confused as to whether this is even a problem for a home user and if it is even a problem in the absence of a malware infection?
Also, I am thinking that patches and updates will gradually decrease the performance hit for those situations where that occurs.
 

coercitiv

Diamond Member
Jan 24, 2014
4,520
6,151
136
I don't know, I'm still confused as to whether this is even a problem for a home user and if it is even a problem in the absence of a malware infection
Mozilla had to make changes to Firefox in order to limit exploit potential via JS. Based on this I reckon a browser based attack was a possibility, hence home users could become targets.
 
  • Like
Reactions: lightmanek

zinfamous

No Lifer
Jul 12, 2006
106,149
21,139
136
I don't know, I'm still confused as to whether this is even a problem for a home user and if it is even a problem in the absence of a malware infection?
Also, I am thinking that patches and updates will gradually decrease the performance hit for those situations where that occurs.
patching meltdown looks to be a real performance hit for people using NvMe SSDs. Some of those benchmarks were reporting 20-25%? Rather defeats the purpose of going that route, then.
 

CatMerc

Golden Member
Jul 16, 2016
1,114
1,148
136
What could Intel have done in June to mitigate this?
Well, bring their own engineers on board to research and fully understand the issue, start discussing and writing patches for their own systems and OS's, stuff like that.

This can't be done overnight.
 

sze5003

Lifer
Aug 18, 2012
13,503
355
126
Yep chrome had some patches too. If there is a way to access your memory it's a potential threat to get someone's data. Most of the impacts of the patch would effect servers and such. Some stuff at work uses AWS so I wonder how our webservices that run on that will behave. Yesterday was looking at some logs and I could already see some performance issues. But I'm pretty sure my company didn't take the update yet, they move slowly.
 

LTC8K6

Lifer
Mar 10, 2004
28,520
1,573
126
patching meltdown looks to be a real performance hit for people using NvMe SSDs. Some of those benchmarks were reporting 20-25%? Rather defeats the purpose of going that route, then.
IIRC, that was only in a benchmark, not in actual use?
 

LTC8K6

Lifer
Mar 10, 2004
28,520
1,573
126
As the industry understands these exploits better, the patches will probably get more efficient.
 
  • Like
Reactions: pcp7

Zstream

Diamond Member
Oct 24, 2005
3,396
277
136
Part of me wishes Google never attempted performing this exploit. Fixes of some kind have to be performed once any exploit is disclosed. This kind of fix I could have done without.
It’s not that Google found the exploit. It’s that deep state hackers have been using it for some time.
 
  • Like
Reactions: french toast
Feb 4, 2009
31,157
11,592
136
So any conclusive impact on older machines like my core 2 quad?
I'd hate that to be slowed down and be forced to buy a new machine that gets slowed down
 

coercitiv

Diamond Member
Jan 24, 2014
4,520
6,151
136
So any conclusive impact on older machines like my core 2 quad?
I'd hate that to be slowed down and be forced to buy a new machine that gets slowed down
Home users will not be significantly impacted in terms of performance (meaning zero or near zero performance impact). Update your browser, update your OS, go on with your life as usual.
 

LTC8K6

Lifer
Mar 10, 2004
28,520
1,573
126
So any conclusive impact on older machines like my core 2 quad?
I'd hate that to be slowed down and be forced to buy a new machine that gets slowed down
Probably not going to notice in regular home use.
But when you do buy a new system in a year, the newer chips should not have these flaws.

They will probably have their own flaws, though.
 
  • Like
Reactions: urvile

coercitiv

Diamond Member
Jan 24, 2014
4,520
6,151
136
But when you do buy a new system in a year, the newer chips should not have these flaws.
This is what I'm most curious about: what CPUs will Intel be selling in 2019 that have been purposely built to avoid this vulnerability? Why would Intel's next gen arch be designed to be immune to this exploit path considering Intel has just become aware of it? :)
 
  • Like
Reactions: maddie and IEC

XMan

Lifer
Oct 9, 1999
12,508
46
91
Hmm. i7-4790K, Intel's tool says my system is not vulnerable? That chip certainly falls in the described range.
 

witeken

Diamond Member
Dec 25, 2013
3,876
154
106
This is what I'm most curious about: what CPUs will Intel be selling in 2019 that have been purposely built to avoid this vulnerability? Why would Intel's next gen arch be designed to be immune to this exploit path considering Intel has just become aware of it? :)
Intel said the first chips with hardware mitigation will be released in 2018. They already know about it for 7 months so definitely possible.
 

ASK THE COMMUNITY