Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

[piesquared]

Intel is posting record profits and revenue and has done so, to my knowledge, every quarter for years. The thing you guys are forgetting is that Blackberry and the other companies mentioned had several competitors with better products. Intel does not face that competition, even with Ryzen. Let's assume that Coffee Lake takes a 10% performance hit with the patches and Ryzen doesn't - CFL will still be ahead in performance in all likelihood due to greater IPC and far superior OC headroom. Even with a 10% boost in clock, I am not sure the next version of Ryzen will be able to overcome this advantage. At best, I see it drawing even but this will have little affect on corporate purchases IMO.

What intel has posted every quarter for several years is irrelevant in this context. You can't deny that their 10nm problems has affected their roadmap, and therefore their competitive position. And by next year when 7nm rolls out any technology lead they've had will be wiped out. So it makes no difference today what has happened in the past as far as the products themselves go. You also can't deny that Ryzen, EPYC and Ryzen mobile give intel competition they haven't had in a decade so again, the last several years means nothing as far as competition goes today. There are many factors that make it a big mistake to use the past several years as any kind of guide as to what will happen in the future.
Blackberry ruled the roost, and consumer mindshare, until one product hit the market: the iphone. That is when Apple skyrocketed and Blackberry plummeted. intel's situation doesn't have to mirror these other companies' trajectory. A decline will always start somewhere, and this Meltdown affliction could be intel's 'iphone' where mindshare and confidence begins it's shift to the negative. Which as we've heard over and over pertaining to AMD, is what really matters.

 

[Markfw]

It could be, but as someone who has worked in Fortune 500 IT (including Fortune 20) and other companies for over two decades, I can tell you that I wouldn't count on it yet. Large IT departments (and infrastructure providers) are notoriously conservative and Intel fans. I can tell you that we have one of the largest infrastructure providers in the world and the patches are going on the servers without any hesitation.

I started with a company that measure its computer server floor space in square miles, (not sure if it was fortune 500, but 64.6 billion a year income ?) on 2002, when the Opteron was mopping the floor in power usage, cost and performance (P4 based Xeons I think). When I mentioned to our IT server management that we would like Opterons for our new project, he said something like "no, we only use real server CPUs, Intel is the only way to go", so I know what you mean. Upper management has the brain of a pea, hence why I retired early from that same company.

BUT, I venture to guess that in todays world they may have a better chance than in 2002.

 

[IndyColtsFan]

What intel has posted every quarter for several years is irrelevant in this context. You can't deny that their 10nm problems has affected their roadmap, and therefore their competitive position. And by next year when 7nm rolls out any technology lead they've had will be wiped out. So it makes no difference today what has happened in the past as far as the products themselves go. You also can't deny that Ryzen, EPYC and Ryzen mobile give intel competition they haven't had in a decade so again, the last several years means nothing as far as competition goes today. There are many factors that make it a big mistake to use the past several years as any kind of guide as to what will happen in the future.
Blackberry ruled the roost, and consumer mindshare, until one product hit the market: the iphone. That is when Apple skyrocketed and Blackberry plummeted. intel's situation doesn't have to mirror these other companies' trajectory. A decline will always start somewhere, and this Meltdown affliction could be intel's 'iphone' where mindshare and confidence begins it's shift to the negative. Which as we've heard over and over pertaining to AMD, is what really matters.

Their 10 nm issues have affected their roadmaps but not their bottom line. 10 nm CPUs are what, at least 1 year (if not 2) late? The average consumer or business doesn’t care about 10 nm. They care about new products and improvements and Intel has delivered both (albeit small increases) on schedule and have racked up sales. They’ll continue doing the same - didn’t I hear the other day that a new successor to Coffee Lake was put on the roadmap and we won’t see Ice Lake until 2019?

10 nm only becomes an issue if competitors not only deliver it, but deliver increased performance (or performance per watt) with it and overtake Intel.

You really don’t need to sell me on Ryzen - I own 2 and am thinking about a Threadripper build too.

 

[Topweasel]

Their 10 nm issues have affected their roadmaps but not their bottom line. 10 nm CPUs are what, at least 1 year (if not 2) late? The average consumer or business doesn’t care about 10 non. They care about new products and improvements and Intel has delivered both (albeit small increases) on schedule and have racked up sales. They’ll continue doing the same - didn’t I hear the other day that a new successor to Coffee Lake was put on the roadmap and we won’t see Ice Lake until 2019?

10 nm only becomes an issue if competitors not only deliver it, but deliver increased performance (or performance per watt) with it and overtake Intel.

You really don’t need to sell me on Ryzen - I own 2 and am thinking about a Threadripper build too.

10nm means nothing to customers outside whatever benefit those CPU's may have over the current ones being available till much later than projected. But what it is a huge misstep from Intel costing them a technology lead that they have used in the past to maintain a production and performance lead. This can have a much longer term affect on their offerings and how they compare to the competition. Which can have a long term effect on their sales.

 

[piesquared]

Their 10 nm issues have affected their roadmaps but not their bottom line. 10 nm CPUs are what, at least 1 year (if not 2) late? The average consumer or business doesn’t care about 10 nm. They care about new products and improvements and Intel has delivered both (albeit small increases) on schedule and have racked up sales. They’ll continue doing the same - didn’t I hear the other day that a new successor to Coffee Lake was put on the roadmap and we won’t see Ice Lake until 2019?

10 nm only becomes an issue if competitors not only deliver it, but deliver increased performance (or performance per watt) with it and overtake Intel.

You really don’t need to sell me on Ryzen - I own 2 and am thinking about a Threadripper build too.

What makes you think i'm trying to sell you on Ryzen? I couldn't care less if you own one or not.
Well I guess if you are going to keep referencing intel's past financials as an indicator of how their future looks then you've pretty much sandboxed the debate. However, you are missing a vital piece of criteria in you equation: Ryzen APUs is what was always going to be the highest volume parts. Both Ryzen desktop APUs and Ryzen mobile APUs, and where Zen on GloFo's 14nm is by far the strongest, and they are barely on the market yet. You are referencing a half dozen, basically DIY enthusiast parts, and suggesting that they had no material affect on intel's balance sheet and that is somehow proof that they will continue to post record profits? AMD's EPYC line up is also just ramping from which intel faces pretty serious competition, and even more so with their Meldown affliction.
Of course the average consumer doesn't care about 10nm, nobody said otherwise. The reference to their 10nm problems was in the context of how their situation has changed from the past to the future in combination with Meltdown. The failure to execute on 10nm has become an issue because AMD now has the premier mobile processors with the 2700U and 2500U, as well as very competitive desktop APUs with the best graphics performance available.

 

[DrMrLordX]

remember that AMD managed to sell those 3-core monstrosities .. somehow ..

There was nothing monstrous about X3s. Those chips were cool, and frequently unlockable. I think most folks miss having chips like that on the market.

BUT, I venture to guess that in todays world they may have a better chance than in 2002.

Dunno, I think people who have been exposed to the IT market for any extended period of time have an ingrained viewpoint of what AMD is as a company, and it's gonna take more than Meltdown to change that perception. If anyone is getting a chance from Meltdown/Spectre, it's probably companies like Qualcomm and Cavium. They're new(er) to the server market. Their rep has yet to be established (granted their hardware platforms require entirely new software).

Too bad Qualcomm just lost 1/3rd of their employee base thanks to the Broadcom buyout. What a stupid time to trim the employee base.

10nm means nothing to customers outside whatever benefit those CPU's may have over the current ones being available till much later than projected. But what it is a huge misstep from Intel costing them a technology lead that they have used in the past to maintain a production and performance lead. This can have a much longer term affect on their offerings and how they compare to the competition. Which can have a long term effect on their sales.

They are running huge and embarrassing delays already. Meltdown is exacerbating the effect. What does Intel have that can replace the faulty CPUs? In the short term, nothing! How long will it take them to replace the faulty CPUs? Realistically, too long! The whole thing is getting ridiculous. Intel is begging to be kicked out of the server room.

Had Meltdown reared its ugly head back in the Nehalem or Sandy days, at least Intel would have been able to grow out of the problem. Ivy or Haswell could have come along at a normal pace, and they could have fixed the problem in hardware back then. But now? Kabylake and Coffeelake were filler products, Cannonlake is mia, and Icelake is too far into the development pipeline.

 

[realibrad]

There was nothing monstrous about X3s. Those chips were cool, and frequently unlockable. I think most folks miss having chips like that on the market.



Dunno, I think people who have been exposed to the IT market for any extended period of time have an ingrained viewpoint of what AMD is as a company, and it's gonna take more than Meltdown to change that perception. If anyone is getting a chance from Meltdown/Spectre, it's probably companies like Qualcomm and Cavium. They're new(er) to the server market. Their rep has yet to be established (granted their hardware platforms require entirely new software).

Too bad Qualcomm just lost 1/3rd of their employee base thanks to the Broadcom buyout. What a stupid time to trim the employee base.



They are running huge and embarrassing delays already. Meltdown is exacerbating the effect. What does Intel have that can replace the faulty CPUs? In the short term, nothing! How long will it take them to replace the faulty CPUs? Realistically, too long! The whole thing is getting ridiculous. Intel is begging to be kicked out of the server room.

Had Meltdown reared its ugly head back in the Nehalem or Sandy days, at least Intel would have been able to grow out of the problem. Ivy or Haswell could have come along at a normal pace, and they could have fixed the problem in hardware back then. But now? Kabylake and Coffeelake were filler products, Cannonlake is mia, and Icelake is too far into the development pipeline.

I loved my X3. Went from an AMD 6000 to that thing and OCed the hell out of it for $125.

 

[Topweasel]

They are running huge and embarrassing delays already. Meltdown is exacerbating the effect. What does Intel have that can replace the faulty CPUs? In the short term, nothing! How long will it take them to replace the faulty CPUs? Realistically, too long! The whole thing is getting ridiculous. Intel is begging to be kicked out of the server room.

Had Meltdown reared its ugly head back in the Nehalem or Sandy days, at least Intel would have been able to grow out of the problem. Ivy or Haswell could have come along at a normal pace, and they could have fixed the problem in hardware back then. But now? Kabylake and Coffeelake were filler products, Cannonlake is mia, and Icelake is too far into the development pipeline.

Which is an example of how things can snowball. A Big issue when you have lost most of your lead in product superiority. Products lines taking longer to come out allowing competitors catch up.

This isn't a worse case scenario for something like Meltdown. If lets imagine Ryzen 2k or 3k were faster and the market was already swaying towards AMD, this could have lead to a very large defection. But it really is a pretty bad time for Intel to run into something like this. But it's also just a snowball starting to collect and not an avalanche. Intel can stop it before it becomes one.

 

[sirmo]

Security issues will happen, it's always going to be a cat & mouse game, I don't blame Intel for having a security issue (unless they knew about it and were complicit, but I give them a benefit of the doubt). But there is no doubt they were caught sleeping. Years of tiny improvements and uninspired laptop dual cores and desktop quad cores.. they were sleeping on their laurels.. greedy to expand into other markets. While AMD has been plotting a comeback.This is some of the most interesting times in this industry I've witnessed since the 90s. And I am sure glad AMD survived to fight another day.

 

[IndyColtsFan]

What makes you think i'm trying to sell you on Ryzen? I couldn't care less if you own one or not.
Well I guess if you are going to keep referencing intel's past financials as an indicator of how their future looks then you've pretty much sandboxed the debate. However, you are missing a vital piece of criteria in you equation: Ryzen APUs is what was always going to be the highest volume parts. Both Ryzen desktop APUs and Ryzen mobile APUs, and where Zen on GloFo's 14nm is by far the strongest, and they are barely on the market yet. You are referencing a half dozen, basically DIY enthusiast parts, and suggesting that they had no material affect on intel's balance sheet and that is somehow proof that they will continue to post record profits? AMD's EPYC line up is also just ramping from which intel faces pretty serious competition, and even more so with their Meldown affliction.
Of course the average consumer doesn't care about 10nm, nobody said otherwise. The reference to their 10nm problems was in the context of how their situation has changed from the past to the future in combination with Meltdown. The failure to execute on 10nm has become an issue because AMD now has the premier mobile processors with the 2700U and 2500U, as well as very competitive desktop APUs with the best graphics performance available.

You’re missing the biggest point of all and one MarkFW and I discussed earlier. Corporate IT is largely an Intel shop. I don’t expect that to change either, and without that uptake, AMD will still be relegated to second place. Even when AMD was the undisputed performance champion, they were largely ignored in corporate IT departments. In my own experience with AMD at the time of their lead, Opterons were always in dev and test environments while Intel was in the prod environments.

The PC market is largely dying and AMD’s APUs, while great, probably won’t have large market penetration unless corporations decide the value proposition overrides their Intel preference, which is unlikely in my opinion. The same goes for AMD mobile IMO.

 

[EXCellR8]

Patches on Windows 7 are straight garbage from what I'm hearing now, which I somewhat forecast to all of my own clients early enough. From what I read AMD Athlon processors (remember those?) are getting hit the worst with the updates and, ironically, those processors aren't even affected by these exploits. I'm just gonna sit back, make some more pop corn, and watch everything unfold from the safety of a Ryzen.

 

[sirmo]

Patches on Windows 7 are straight garbage from what I'm hearing now, which I somewhat forecast to all of my own clients early enough. From what I read AMD Athlon processors (remember those?) are getting hit the worst with the updates and, ironically, those processors aren't even affected by these exploits. I'm just gonna sit back, make some more pop corn, and watch everything unfold from the safety of a Ryzen.

Old Athlon x2s were being bricked, but Microsoft stopped pushing that patch.. they will fix it I am sure.. it is a mess though you're right.

 

[dark zero]

Ok guys... I am being realistic, Intel won't fall down, but... With this big problem along the optimization that will come, Intel is again on the Pentium 4 scenario... But this time they are not only figthing AMD, but also Qualcomm and posibly Apple.

And this time it will be hard to come out without problems.

 

[JoeRambo]

What do you think happens when AMD manages to come to the same level of market presence as Intel ?

Some people here were actually buying both x2 Athlons and Opterons for years, so we know real well what happens. All companies are there to make money, no doubt about it.

 

[Carfax83]

I've only been casually following this ordeal, so can someone tell me how Broadwell class CPUs are affected by this? Intel and Microsoft stated that Haswell and earlier generations would be affected by the performance hit the most, whereas Skylake and above would be least affected. However, they conveniently left out any mention of Broadwell. I think Broadwell has more in common with Skylake than it does with Haswell, so I'm thinking that it wouldn't be that affected. I certainly haven't really noticed any real performance hit on my machine so far.

 

[Markfw]

I've only been casually following this ordeal, so can someone tell me how Broadwell class CPUs are affected by this? Intel and Microsoft stated that Haswell and earlier generations would be affected by the performance hit the most, whereas Skylake and above would be least affected. However, they conveniently left out any mention of Broadwell. I think Broadwell has more in common with Skylake than it does with Haswell, so I'm thinking that it wouldn't be that affected. I certainly haven't really noticed any real performance hit on my machine so far.

You would not notice anything until you updated your bios with a bios update specifically for this issue, AND have then downloaded and installed the Windows patch for it.

Yes, broadwell is affected as much as all the rest.

 

[goldstone77]

Benchmarking Linux With The Retpoline Patches For Spectre
Written by Michael Larabel in Software on 8 January 2018.

For our initial benchmarks of the yet-to-be-merged Retpoline patches, I tested the v5 patch-set on several systems this week in the below configurations:
noretpoline - The Linux 4.14-based with Retpoline patches maintained by David Woodhouse as of their v5 state as of Saturday morning, but booting the system with "noretpoline". These results basically show the performance without Retpoline.
Retpoline - The Linux 4.14-based Retpoline-patched kernel booted with Retpoline present. This kernel though was built with Ubuntu 17.10's stock GCC 7.2 compiler, which doesn't contain the Spectre patches / "mindirect-branch" support. So this build is only of limited effectiveness but is what users will find without an upgraded compiler with the yet-to-land Spectre code changes.
Retpoline + GCC - The same Linux 4.14 kernel branch with Retpoline patches but when built using David Woodhouse's GCC 7.2 branch that does contain the patches as of this weekend. This run shows the impact with full protection for Spectre / speculative execution.
I tested these three kernel configurations on a range of AMD and Intel systems with distinctly different hardware from low-end to ultra high-end including:
- Intel Core i3 7100
- Intel Core i7 8700K
- Intel Core i7 7980XE
- 2 x Intel Xeon Gold 6138
- AMD Ryzen 7 1800X
- AMD EPYC 7601

Here are 2 benchmarks that show the biggest changes in performance between Intel vs. AMD. The benchmarks are too numerous to show in all of them, but you can browse through them on the website. They are constantly optimising the linux kernel, and have 4.15 coming next week, and 4.16 not long after that. This is 4.14.

Spoiler: 2 most significant change benchmarks

Edit: https://www.phoronix.com/scan.php?page=article&item=linux-retpoline-benchmarks&num=1

 

[goldstone77]

https://www.amd.com/en/corporate/speculative-execution

An Update on AMD Processor Security 1/11/2018
The public disclosure on January 3rd that multiple research teams had discovered security issues related to how modern microprocessors handle speculative execution has brought to the forefront the constant vigilance needed to protect and secure data. These threats seek to circumvent the microprocessor architecture controls that preserve secure data.
At AMD, security is our top priority and we are continually working to ensure the safety of our users as new risks arise. As a part of that vigilance, I wanted to update the community on our actions to address the situation.
Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.
We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.
Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week. For the latest details, please see Microsoft’s website.
Linux vendors are also rolling out patches across AMD products now.
GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.
While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat. We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.
AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.
Linux vendors have begun to roll out OS patches for AMD systems, and we are working closely with Microsoft on the timing for distributing their patches. We are also engaging closely with the Linux community on development of “return trampoline” (Retpoline) software mitigations.
GPZ Variant 3 (Rogue Data Cache Load or Meltdown) is not applicable to AMD processors.
We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required.
There have also been questions about GPU architectures. AMD Radeon GPU architectures do not use speculative execution and thus are not susceptible to these threats.
We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop mitigation solutions to protect users from these latest security threats.
Mark Papermaster,
Senior Vice President and Chief Technology Officer

AMD is releasing mitigation against Spectre variant 2.
Microsoft will start rolling out updates for windows 10 for older AMD systems starting next week.

 

[goldstone77]

My guess is that the sudden influx of enterprise customers wanted reassurances that the "near-zero" was zero hence the added server microcode/OS updates for variant 2!

 

[Shamrock]

Patches on Windows 7 are straight garbage from what I'm hearing now, which I somewhat forecast to all of my own clients early enough. From what I read AMD Athlon processors (remember those?) are getting hit the worst with the updates and, ironically, those processors aren't even affected by these exploits. I'm just gonna sit back, make some more pop corn, and watch everything unfold from the safety of a Ryzen.

You are correct. I am on a 4790K w/MSI Z97 Gaming 5 mobo w/ Windows 7, and it's ridiculous. I am getting all sorts of "this link isn't secure" in browser, sometimes taking 15-20 seconds to connect to simple links like amazon or facebook. Gaming gets random slow downs (like a crawl) for like 1-2 seconds, then returns to normal. Using KB4056897. Happy to report no BSOD, though.

I don't think I'll be getting the mobo BIOS, as this mobo is a 2014 model.

 

[coercitiv]

You are correct. I am on a 4790K w/MSI Z97 Gaming 5 mobo w/ Windows 7, and it's ridiculous. I am getting all sorts of "this link isn't secure" in browser, sometimes taking 15-20 seconds to connect to simple links like amazon or facebook. Gaming gets random slow downs (like a crawl) for like 1-2 seconds, then returns to normal. Using KB4056897. Happy to report no BSOD, though.

I don't think I'll be getting the mobo BIOS, as this mobo is a 2014 model.

Well, hold on to your panties, the fun has just begun!

Intel says patches can cause reboot problems in old chips

Intel Corp on Thursday said that recently issued patches for flaws in its chips could cause computers using its older Broadwell and Haswell processors to reboot more often than normal and that Intel may need to issue updates to fix the buggy patches.

“We are working quickly with these customers to understand, diagnose and address this reboot issue,” Shenoy said in the statement. “If this requires a revised firmware update from Intel, we will distribute that update through the normal channels.”

 

[OrangeKhrush]

Microsoft sir's please can I have some BSOD patches please.

 

[PingSpike]

Intel Corp on Thursday said that recently issued patches for flaws in its chips could cause computers using its older Broadwell and Haswell processors to reboot more often than normal and that Intel may need to issue updates to fix the buggy patches.

That's the most hilarious way to describe BSOD I've heard yet.

This whole thing is a real mess.

 

[EXCellR8]

I warned everyone at the office, especially those with Intel-based laptops, that a windows 7 update is likely to cause them some headaches. What is this new development with AMD, though? Now I gotta worry about the not-so-secure Ryzen processors too or is that some fodder generated by Internet "analysts?"

 

[jpiniero]

That's the most hilarious way to describe BSOD I've heard yet.

This whole thing is a real mess.

Well, Windows 10 will reboot on it's own... so I'm assuming people who use it are used to having their computer reboot randomly.