Massive security hole in Xeons incoming?Official Meltdown/Spectre Discussion Thread

Page 68 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

tamz_msc

Platinum Member
Jan 5, 2017
2,291
296
106
The Performance Impact Of MDS / Zombieload Plus The Overall Cost Now Of Spectre/Meltdown/L1TF/MDS

If looking at the geometric mean for the tests run today, the Intel systems all saw about 16% lower performance out-of-the-box now with these default mitigations and obviously even lower if disabling Hyper Threading for maximum security. The two AMD systems tested saw a 3% performance hit with the default mitigations. While there are minor differences between the systems to consider, the mitigation impact is enough to draw the Core i7 8700K much closer to the Ryzen 7 2700X and the Core i9 7980XE to the Threadripper 2990WX.
 

IEC

Super Moderator
Super Moderator
Jun 10, 2004
13,736
867
136
I can't imagine how bad the impact will be in terms of CPU util and response time for certain applications on XenApp and Horizon after these additional hits to context switching performance.

From the Phoronix article:
Context switching used to be faster on Intel CPUs over the AMD Zen CPUs, but that is certainly no longer the case. With these default mitigations, context switching is taking about five to six times longer than in the unmitigated configuration.
Oof.
 

dualsmp

Golden Member
Aug 16, 2003
1,616
0
91
Context switching used to be faster on Intel CPUs over the AMD Zen CPUs, but that is certainly no longer the case. With these default mitigations, context switching is taking about five to six times longer than in the unmitigated configuration.

How are cloud providers and data centers going to cope with five to six times loss of performance? :screamcat:
 

Markfw

CPU Moderator, VC&G Moderator, Elite Member
Super Moderator
May 16, 2002
18,174
2,129
136
By buying new hardware, of course.
If I was an IT manager with half a brain, I have 2 options:
1) If my system carries financial information or very sensitive information, I am forced to put the patches in and add new hardware to compensate.
2) If if not, I don't do the patches right now, order the hardware, and take a risk.

Neither are good options, but Intel buried themselves.
 

Accord99

Platinum Member
Jul 2, 2001
2,167
11
91
Context switching used to be faster on Intel CPUs over the AMD Zen CPUs, but that is certainly no longer the case. With these default mitigations, context switching is taking about five to six times longer than in the unmitigated configuration.

How are cloud providers and data centers going to cope with five to six times loss of performance? :screamcat:
Why are data centers running applications that do nothing but context switch?
 

EXCellR8

Diamond Member
Sep 1, 2010
3,191
134
126
Yikes I would not be happy about ~25% performance loss affecting hundreds of thousands of dollars of equipment in a cloud/DC environment... it's not like the systems are using less power after all.
 

jpiniero

Diamond Member
Oct 1, 2010
6,570
315
126
More Linux benchmarks....

https://www.phoronix.com/scan.php?page=article&item=intel-mds-xeon&num=8

If looking at the geometric mean of all the benchmarks carried out, the EPYC 7601 averages out to about a 1% hit with its Spectre mitigations. The dual Xeon Platinum 8280 Cascadelake setup with its mostly hardware-based mitigations was slower by 4% with the relevant mitigations enabled. Meanwhile the dual Xeon Gold 6138 server that unfortunately doesn't have the hardware mitigations saw a 11% hit from the benchmarks run with these Spectre/Meltdown/L1TF/MDS mitigations or 15% if disabling Hyper Threading as an additional measure based on the benchmarks carried out today.
 
Apr 27, 2000
12,729
1,546
126
@jpiniero

I imagine a thousand server room administrators thinking, "Hmm, time to ditch Skylake-SP for Cascade Lake-SP, stat!". Intel must be loving it.
 

JustMe21

Senior member
Sep 8, 2011
256
5
81
@jpiniero

I imagine a thousand server room administrators thinking, "Hmm, time to ditch Skylake-SP for Cascade Lake-SP, stat!". Intel must be loving it.
Actually, no, since the hardware "fixes" make the 9th gen Intel processors more susceptible to Fallout. More like time to consider Epyc. Move all Internet exposed VMs to patched and Intel hyper threading disabled hosts and patched hosts for internal only that still need performance, until you can buy some Epyc based servers.
 
Last edited:

Dayman1225

Senior member
Aug 14, 2017
917
98
106
Actually no, since the hardware "fixes" make the Intel processors more susceptible to Fallout. More like time to consider Epyc. Move all web exposed VMs to patched and Intel hyper threading disabled hosts and patched hosts for internal only that still need performance, until you can buy some Epyc based servers to replace any generation of Intel processors, since even 9th gen has flaws.
That's why Cascade has additional hardware mitigations.
 

JustMe21

Senior member
Sep 8, 2011
256
5
81
That's why Cascade has additional hardware mitigations.
It does appear that Intel states their 8th and 9th gen processors have Hardware fixes or via Microcode update and software patch.

https://www.intel.com/content/www/u...ngineering-new-protections-into-hardware.html

It's interesting they indicate they have a hardware fix, but the Fallout paper indicates the Coffee Lake Refresh with it's hardware fix made it more susceptible.

From a company standpoint, where you have to budget and plan for the next few years, it looks risky to go with Intel at this time. "Fool me once, shame on you; Fool me twice, shame on me"

Of course, on the AMD side, they don't have longevity on their new architecture yet, so that makes them risky as well.
 

Dayman1225

Senior member
Aug 14, 2017
917
98
106
It's interesting they indicate they have a hardware fix, but the Fallout paper indicates the Coffee Lake Refresh with it's hardware fix made it more susceptible.
That would be because there is a stepping for CFL-R that introduces more hardware mitigation’s AFAIK. Stepping R0
 
Apr 27, 2000
12,729
1,546
126
Actually, no, since the hardware "fixes" make the 9th gen Intel processors more susceptible to Fallout.
The problem is validation. If you're rolling out new hardware from a new vendor, it takes time and money to get it ready for deployment on an organizational scale. It's easier to replace your current hardware from the same vendor, especially when switching from Skylake-SP to Cascade Lake-SP amounts to installing what is almost exactly the same uarch.
 

GreenReaper

Junior Member
Aug 15, 2018
2
0
11
The SSD one doesn't seem to be a big deal, but the first one . . .
. . . is about their CPU testing tool. It's bad, but it's not the CPUs themselves, just if you have the tool installed - presumably because it enables admin access to anyone.

Just upgrade to the latest version - or better yet, uninstall it if you don't need it anymore.
 
Apr 27, 2000
12,729
1,546
126
. . . is about their CPU testing tool. It's bad, but it's not the CPUs themselves, just if you have the tool installed - presumably because it enables admin access to anyone.

Just upgrade to the latest version - or better yet, uninstall it if you don't need it anymore.
Updating software on an org level is a PITA though. And Intel isn't MS, they don't necessarily have autoupdates or anything of the sort.
 

IEC

Super Moderator
Super Moderator
Jun 10, 2004
13,736
867
136
New Phoronix review of Meltdown/Spectre/Zombieload performance impacts:
https://www.phoronix.com/scan.php?page=article&item=amd-zen2-spectre&num=1

If looking at the geometric mean for these various mitigation-sensitive benchmarks, the default mitigations on the Core i9 9900K amounted to a 28% hit while the Ryzen 7 2700X saw a 5% hit with its default Spectre mitigations and the new Ryzen 7 3700X came in at 6% and the Ryzen 9 3900X at just over 5%. Keep in mind these benchmarks ran for this article were a good portion of synthetic tests and focused on workloads affected by Spectre/Meltdown/L1TF/Zombieload. Many of these particular tests aren't multi-threaded and that's why you don't see as much of a difference between these HEDT and desktop CPUs as in our more normal benchmarks.

We'll update if hearing back from AMD on whether any software mitigation changes are expected for AMD Zen 2 processors given their hardware mitigations or if they still recommend these same conservative defaults as it currently stands in the Linux 5.2 kernel.
 

Similar threads



ASK THE COMMUNITY

TRENDING THREADS