Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 26 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
LTC8K6

LTC8K6

Lifer
Mar 10, 2004
28,520
1,575
126
William Gaatjes said:
Strange. Now that i remember, with me it would not install at first as well, i had to install something else as well before i could do
Install-Module SpeculationControl
I got this message at first :

I installed NuGet. (https://www.nuget.org/)
Then did
the security policy to bypass.
and then :
Install-Module SpeculationControl

Maybe you can try this ?
https://www.ghacks.net/2018/01/05/f...affected-by-meltdown-spectre-vulnerabilities/




edit:
I see you already found the solution. :)
Click to expand...

Yes, it automatically asked me if I wanted to install NuGet and that fixed it.
 
William Gaatjes

William Gaatjes

Lifer
May 11, 2008
19,471
1,160
126
LTC8K6 said:
That was the problem. My Get function was old, I guess?
Results:

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID optimization is enabled: False

Suggested actions

* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
* Follow the guidance for enabling Windows support for speculation control mitigations are described in https://support.microsoft.com/help/4072698


BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : False
Click to expand...

That looks very much like my AMD richland apu A10-6700. 4c/4t.
What kind of cpu do you have ?
I assume an Intel because of the meltdown .option CVE-2017-5754 [rogue data cache load].

These are my results :
Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: False

Suggested actions

* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
* Follow the guidance for enabling Windows support for speculation control mitigations are described in https://support.microsoft.com/help/4072698


BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired : False
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : False
KVAShadowPcidEnabled : False
Click to expand...
 
William Gaatjes

William Gaatjes

Lifer
May 11, 2008
19,471
1,160
126
Malogeek said:
In what way does it look like it? One requires kernel VA shadowing and one doesn't, which means his is likely an Intel.
Click to expand...

One line lower :)
That looks very much like my AMD richland apu A10-6700. 4c/4t.
What kind of cpu do you have ?
I assume an Intel because of the meltdown .option CVE-2017-5754 [rogue data cache load].
Click to expand...
 
P

plopke

Senior member
Jan 26, 2010
238
74
101
So ran this on my Ryzen 1700
Code: 
PS C:\WINDOWS\system32> Get-SpeculationControlSettings
Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: False

Suggested actions

 * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
 * Follow the guidance for enabling Windows support for speculation control mitigations are described in https://support.microsoft.com/help
/4072698


BTIHardwarePresent             : False
BTIWindowsSupportPresent       : True
BTIWindowsSupportEnabled       : False
BTIDisabledBySystemPolicy      : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired              : False
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : False
KVAShadowPcidEnabled           : False


So if I understand it correctly anything so far atm for KVAShadow I can ignore since atm that is a specfic vendor. And for BTIHardware , i need to wait on bios update?
 
PhonakV30

PhonakV30

Senior member
Oct 26, 2009
987
378
136
When I type Install-Module SpeculationControl , Powershell opens page with "How do you want o open this file?" i chose notepad and it's empty.
 
R

Rifter

Lifer
Oct 9, 1999
11,522
751
126
Anyone have any real world NVME tests for programs home users would use? the synthetics show hits in the 20-30% range but ive yet to see real world testing benches.

I talked to a system admin buddy of mine this morning to get a idea of this hit even if its commercial use, He told me for his companies use case(small company, 2 servers both dual socket configs, mostly SQL database usage) its enough of a hit that hes specing out epyc servers and faster intel boxes right now as he replied to my email. He though he left himself a great leeway in performance with his servers seeing max 80% usage during peak hours 50-60% off peak hours but reports that with the patch applied they are hitting 100% during peak hours and causing slowdowns and his boss is getting pissed. He says as far as he can tell the more iops you have the worse you get hit with this issue and since his use case is high iops he figures hes getting hit harder than most. He plans to have new hardware in place by mid/late next week hes not waiting to see if they release a better patch with less perf hit, his exact words were "i get paid to fix hardware performance problems not wait for others to do it for me", lol.

I just want to know if his commercial use experience is in any way translated into home work usage in regards to NVME performance. As the way im seeing it only the NVME performance will really effect home users, game performance seems to only be 0-5% degraded, and web and other apps seem to have zero to very small degradation in perf. The only thing that worries me is NVME because a 20-30% degradation makes them pointless may as well just save the cash and go SATA SSD at that point.
 
aigomorla

aigomorla

CPU, Cases&Cooling Mod PC Gaming Mod Elite Member
Super Moderator
Sep 28, 2005
20,841
3,189
126
hnizdo said:
make a picture for yourself.
https://forums.anandtech.com/thread...-xeons-incoming.2532563/page-23#post-39245997
Click to expand...

so if im looking at those crystalmakrs correctly, you bearly took any noticable hit on I/O bandwith and infact even got some areas like 4k increased and this is on your 8700K which the meltdown/spectrum patch was suposidely speculated to wreck your I/O.

I am curious to see more before and after benchmarks... unfortunately i think my system is already patched so i can not test it on my x299.

Here is mine tho after patch..
Intel i9-7920X + Gigabyte x299 Aourus Gaming 9 + 64gb 3000mhz DDR4 c15's
Samsung 960 Pro 1TB on a PCI-E Adapter tho:
crystalmark.jpg
 
Last edited:
H

Hitman928

Diamond Member
Apr 15, 2012
5,243
7,792
136
Last edited:
  • Like
Reactions: lightmanek, DarthKyrie, french toast and 3 others
R

Rifter

Lifer
Oct 9, 1999
11,522
751
126
Hitman928 said:
User on reddit was able to install microcode patch through bios update as well as Windows patch and test before and after. Microcode patch appears to cause additional performance penalty according to his tests.

3riSIPNFYSzAPkd8pZrrFLPkTNn1IODJEhs5OGLwpgo.png


https://np.reddit.com/r/pcmasterrace/comments/7obokl/performance_impact_of_windows_patch_and_bios/

This was on an i7-8700. Benchmark is realbench.
Click to expand...

Thats bad, the only thing my girlfriend does on her PC is game and image editing, and image editing takes the biggest hit. And shes got a ivy bridge i5.

I do alot of image editing to but thank got i went ryzen over intel or id be building a new pc again.

Hopefully some adobe benches come out soon i really want some PS and lightroom benches.
 
Glo.

Glo.

Diamond Member
Apr 25, 2015
5,705
4,549
136
So basically right now the performance of Skylake and Kaby Lake CPUs with this patch, and microcode update is on par with... Ryzen.

Hmmmm...
 
  • Like
Reactions: Ken g6
StinkyPinky

StinkyPinky

Diamond Member
Jul 6, 2002
6,763
783
126
Hitman928 said:
User on reddit was able to install microcode patch through bios update as well as Windows patch and test before and after. Microcode patch appears to cause additional performance penalty according to his tests.

3riSIPNFYSzAPkd8pZrrFLPkTNn1IODJEhs5OGLwpgo.png


https://np.reddit.com/r/pcmasterrace/comments/7obokl/performance_impact_of_windows_patch_and_bios/

This was on an i7-8700. Benchmark is realbench.
Click to expand...

That's....hugely concerning. And that's with coffee lake which was supposed to be the least impacted. No mention of gaming benchmarks?

Still, best to wait until the "respected" websites and youtubers do their benchmarks.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom