Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

[LTC8K6]

depends on the game and resolution you play on. Yeah if you play at 4k single-player only, it won't impact you as you are 100% GPU limited. Multiplayer say BF1 64-player needs a very beefy CPU. At 4k you mostly will still be GPU limited but there will be some dips due to CPU in crowded areas. Now go down to 1080p and 144 hz and a 10% penalty in CPU is huge.

Has anyone demonstrated this huge penalty on a fully patched computer using real world software?

If a 10% penalty to your CPU has a "huge" effect on gaming, than your CPU was not enough in the first place, imo.

What you are saying is that if my 4790K ran 10% slower, 3.96 instead of 4.40, that I would really notice it during gaming or normal computer use. I find that very difficult to believe.
I think I would never notice it unless I ran some synthetic benchmarks.

 

[DrMrLordX]

Has anyone demonstrated this huge penalty on a fully patched computer using real world software?

If by "real world" you mean "stuff people run in a datacenter" then yes. The bugfixes are scary as hell for some of Intel's biggest customers.

For end users with desktops, it isn't shaping up that badly.

 

[LTC8K6]

If by "real world" you mean "stuff people run in a datacenter" then yes. The bugfixes are scary as hell for some of Intel's biggest customers.

For end users with desktops, it isn't shaping up that badly.

Yes, I mean all these home users who are weeping and gnashing their teeth over Meltdown and Spectre.

This is where the reliance on benchmarks comes back to bite you in the ass, on a few levels.

I don't know anything about data center ops.

Has any company reported bad slowdowns on a fully patched data center, or whatever the term would be?

 

[IEC]

Yes, virtualized servers (such as through MS Azure or AWS) have been most impacted.

After the patch our backend server has experienced 4-5 times bigger load than it did before. This has caused the unexpected issues that you are currently experiencing in Nex Machina. You can see the impact of the patch in the picture below.

http://steamcommunity.com/games/NexMachina/announcements/detail/1583444307645115385

Grab's Engineering article on the hit from the Meltdown patch:
http://engineering.grab.com/dealing-with-the-meltdown-patch-at-grab

On January 3rd, our automatic alerting triggered at around noon for high CPU utilization on one of our critical redis nodes. The CPU utilisation had jumped from around 36% to 76%.

January 3rd patches also broke Pulse Secure VPN:
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43600/?l=en_US&fs=Search&pn=1&atype

 

[TempAcc99]

Has anyone demonstrated this huge penalty on a fully patched computer using real world software?

No because making reliable multiplayer benchmarks is hard and it's hardly done. But that is exactly where bottlenecks happen. 1080p high fps gaming means you are very often CPU limited. Fair enough to say 10% maybe isn't user noticeable but still with current progress in CPUs (or lack thereof) 10% basically means stepping back 2 years.

 

[zinfamous]

Well, Intel's press work is very effective. Microsoft issues a patch for meltdown that is completely unnecessary for AMD systems, bricking some ancient AMD systems, apparently it's AMD's fault, and the stock of course responds extremely negatively. lol.

It will be back up again tomorrow, then down again.

 

[dark zero]

Well, Intel's press work is very effective. Microsoft issues a patch for meltdown that is completely unnecessary for AMD systems, bricking some ancient AMD systems, apparently it's AMD's fault, and the stock of course responds extremely negatively. lol.

It will be back up again tomorrow, then down again.

I don't be surprised if they at the end screws up the few Qualcomm laptops out there and the VIA chips... And then affects the Atom chips...

Intel massively screwing up since immemorial times...

 

[Kenmitch]

Well, Intel's press work is very effective. Microsoft issues a patch for meltdown that is completely unnecessary for AMD systems, bricking some ancient AMD systems, apparently it's AMD's fault, and the stock of course responds extremely negatively. lol.

It will be back up again tomorrow, then down again.

Go figure....Silly world we live in.

Don't really understand the cult like following that a select few companies in this industry have.

This industry really sucks and is driven by profits at the expense of the end users. The security holes should have been announced at the time of the findings. I can understand the need to get some protection/fix/band aids, etc in the works before revealing the details of the exploits, but a little heads up would have been best for the consumer. Guess the issue was the " best for the consumer " and would have effected the bottom line of those whom in the end only want our money.

 

[PingSpike]

So, anyone know if you have a hypervisor that is patched against meltdown...do you also need to patch the guest OSes or will those be prevented from breaking out of the VM? I'm thinking they wouldn't be able to break out of the VM but obviously could still peak all over memory for the VM itself but otherwise hosting providers would be pretty defenseless.

 

[jpiniero]

I can understand the need to get some protection/fix/band aids, etc in the works before revealing the details of the exploits, but a little heads up would have been best for the consumer. Guess the issue was the " best for the consumer " and would have effected the bottom line of those whom in the end only want our money.

Well, it took them 5-6 months to complete the fixes.

 

[dark zero]

I guess that the real impact will be shown up in 1 month...

 

[Markfw]

Well, Intel's press work is very effective. Microsoft issues a patch for meltdown that is completely unnecessary for AMD systems, bricking some ancient AMD systems, apparently it's AMD's fault, and the stock of course responds extremely negatively. lol.

It will be back up again tomorrow, then down again.

This really pisses me off. MS creates a patch that should EXCLUDE any AMD processors for the Meltdown fix. If they have one for the Specture one that applies to AMD fine, but should only have been that.

 

[DrMrLordX]

Has any company reported bad slowdowns on a fully patched data center, or whatever the term would be?

Epic posted publicly about how their patched games servers for Fortnite have been suffering high CPU utilization, and blamed it for poor server performance/connectivity issues.

 

[LTC8K6]

Epic posted publicly about how their patched games servers for Fortnite have been suffering high CPU utilization, and blamed it for poor server performance/connectivity issues.

A lot of people said the slowdowns were present since October and Epic was just blaming the patches for problems that already existed.

 

[dark zero]

A lot of people said the slowdowns were present since October and Epic was just blaming the patches for problems that already existed.

It just went worse by current days....

 

[LTC8K6]

It just went worse by current days....

Looking over that Epic forum, some of those folks are sure suffering some bad withdrawal symptoms...

 

[DrMrLordX]

A lot of people said the slowdowns were present since October and Epic was just blaming the patches for problems that already existed.

They had a CPU utilization chart though, showing one of their post-patch servers vs pre-patch servers. The utilization skyrocketed for that one server after applying the patch.

 

[Malogeek]

This really pisses me off. MS creates a patch that should EXCLUDE any AMD processors for the Meltdown fix. If they have one for the Specture one that applies to AMD fine, but should only have been that.

The patch is applied to the OS but the kernel VA shadowing is not enabled, at least for modern AMD CPUs. Perhaps something in the patch is causing the problem on ancient chipsets? We don't really know.

 

[plopke]

@Markfw
What @Malogeek is saying ,if your run the power shell script from Microsoft it will say it is installed but not enabled because you use hardware were it is not needed on , at least for my ryzen. But since we are talking about 10-15 years of CPU designs , there must be like a cut off point or false positives. Also they still would have new kernel code running for the spectre one which also still needs new firmware.

 

[Markfw]

@Markfw
What @Malogeek is saying ,if your run the power shell script from Microsoft it will say it is installed but not enabled because you use hardware were it is not needed on , at least for my ryzen. But since we are talking about 10-15 years of CPU designs , there must be like a cut off point or false positives. Also they still would have new kernel code running for the spectre one which also still needs new firmware.

Well, only one of the two Spectre ones affect AMD, but specifically, AMD should give MS a CPU list (easily detected), and say "for this CPU, apply one this patch, or these two, " etc. Its only during installation (or should be) so no bloatware, except a bigger installer. But I doubt if MS is that smart......

 

[goldstone77]

This really pisses me off. MS creates a patch that should EXCLUDE any AMD processors for the Meltdown fix. If they have one for the Specture one that applies to AMD fine, but should only have been that.

They should have done some limited testing before just sending out a patch like that. It's irresponsible!

 

[goldstone77]

@Markfw
What @Malogeek is saying ,if your run the power shell script from Microsoft it will say it is installed but not enabled because you use hardware were it is not needed on , at least for my ryzen. But since we are talking about 10-15 years of CPU designs , there must be like a cut off point or false positives. Also they still would have new kernel code running for the spectre one which also still needs new firmware.

It's the auto update windows is releasing bricking older AMD machines.

Well, only one of the two Spectre ones affect AMD, but specifically, AMD should give MS a CPU list (easily detected), and say "for this CPU, apply one this patch, or these two, " etc. Its only during installation (or should be) so no bloatware, except a bigger installer. But I doubt if MS is that smart......

This would have been a good feature to implement.

 

[IEC]

So, anyone know if you have a hypervisor that is patched against meltdown...do you also need to patch the guest OSes or will those be prevented from breaking out of the VM? I'm thinking they wouldn't be able to break out of the VM but obviously could still peak all over memory for the VM itself but otherwise hosting providers would be pretty defenseless.

You need to patch the guest OSes still. Though it is as you say, they won't be able to cross VMs.

From Ric Harvey:
https://twitter.com/ric__harvey/status/948939636331761664

Edit: Not all of the OS images on cloud providers have been updated yet, but at least for Google Compute Engine instances I'm seeing most of the Linux builds are 1/4/2018 or newer.

 

[IEC]

They had a CPU utilization chart though, showing one of their post-patch servers vs pre-patch servers. The utilization skyrocketed for that one server after applying the patch.

See my post above. It's not just Epic seeing those CPU utilization spikes versus "baseline" load.

 

[Dayman1225]

Gregory Bryant, manager of Intel's Client Computing Group confirmed that they will be intercepting future products and future designs to implement silicon/hardware level fixes, such products will be seen in 2018. He also said that fixing the issues was the first priority and reiterated the 90% 5 yr claim by end of week then all by end of month, however he also said that they will be working with OEMs to go even further back in time to push out patches. Fixing the bugs was the first priority and when that is sorted they will be focusing on performance mitigation to lower overhead and improve performance as much as possible. This was all from a JPMorgan Analyst call, recording is not up just yet, will link when it is.