Intel CPU Flaw

Sesshoumaru

Not sure if this is the right place for this, but worth a read if you're in the market for a new CPU:

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

I've read a few sites now and it's not clear what the gaming / performance impact will be. But most sites seem to agree there will be a performance impact. Just not sure how much of an impact until Microsoft release security workarounds for this Intel CPU flaw.

Cuddlesworth

Sesshoumaru wrote: »

Not sure if this is the right place for this, but worth a read if you're in the market for a new CPU:

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

I've read a few sites now and it's not clear what the gaming / performance impact will be. But most sites seem to agree there will be a performance impact. Just not sure how much of an impact until Microsoft release security workarounds for this Intel CPU flaw.

So far it looks like,

Could be a large performance hit to games. Not clear yet on how reliant games are on syscalls.

Performance hit scales down over generations, EG Haswell and onwards are hit less, expected single digits.

Amd are not effected.

It can't be fixed, only worked around. Which means any performance hit is here to stay.

Xenoronin

From a gaming point of view, looks like the patch will have negligible impact. Only Linux results out so far, but that's a pretty decent indicator. Day to day you probably won't see much difference. The main impact will be in the server space. Since this doesn't affect AMD, this might even tip some scales in their direction.

Sesshoumaru

Xenoronin wrote: »

From a gaming point of view, looks like the patch will have negligible impact. Only Linux results out so far, but that's a pretty decent indicator. Day to day you probably won't see much difference. The main impact will be in the server space. Since this doesn't affect AMD, this might even tip some scales in their direction.

Once Windows is patched I'm thinking there will be a lot of bench marking going on. But it's hard to say yet. I think it would depend on whether the game or application in question is more CPU dependent or GPU dependent. If you're playing a game now and the CPU is near maximum, it's possible your frame rates will drop. But who knows?

I work in IT and have been contacting hypervisor and server vendors we use. They've replied to say they are under embargo, so nothing to say yet on performance. Next few days will be enlightening.

-l-Z3k3-l-

Unfortunately everyone is under the Embargo, but from all the sources I've been checking, your typical home user will see negligible impact including gamers (still wouldn't you be pretty annoyed if you shelled out for a nice new 8700K system to find out you'll get a performance penalty)
However this will have a huge impact on Cloud providers and datacenters

There are a few benchmarks out there so far showing % hits on diff CPUs (8700K v 6800K etc)

Thing is, most of it is speculation at the moment, so until the embargo is lifted we won't truly know how much of a colossal **** up this is by Intel

Maybe AMD could capitalize on this

L

What's interesting is Intel's CEO recently sold all the stock he held bar his minimum required under their corporate bylaws.

Not a great vote of confidence that they're going to remain in a strong place anyhow - and then a month later this flaw becomes public knowledge.

deceit

Would be completely illegal if the ceo knew about this before sold the stock

wotzgoingon

I read on twitter that they are deliberately hampering AMD CPU's also even though they do not have a flaw. How true that is I don't know but I would not put it past Intel to pay off the likes of MS to do that.

ED E

If AMD have the balls...

Metric Tensor

Must do a benchmark in the next day or two!

Can anyone in the know give an idea of what type of programs would make most use of this sort of switching to the kernel syscall type activity?

.G.

Intel says its not just their stuff affected

Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

iLikeWaffles

Wonder how much less bitcoin mining can't be done with that "Vulnerability"

Canis Lupus

iLikeWaffles wrote: »

Wonder how much less bitcoin mining can't be done with that "Vulnerability"

I thought mining was mainly done on GPUs?

ED E

It is.

yoshiktk

So NSA will have to use another backdoor?

Cuddlesworth

superg wrote: »

Intel says its not just their stuff affected



https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

AMD's response.

To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time.

Linus has accepted AMD's code merge for the new kernels too. In which anything that isn't a Intel CPU is allowed to continue as normal.

There is also something not being said right now, which is that this flaw is pretty much guaranteed to be in Intels upcoming generation of chips and its way to late to change them. Its been there since the Pentium days.

Cuddlesworth

Email from Linus on Intels response, based on them just claiming all CPU's have this issue without any proof. This is hilarious. Would love to see the emails floating around Microsofts cloud division.

Why is this all done without any configuration options?

A *competent* CPU engineer would fix this by making sure speculation
doesn't happen across protection domains. Maybe even a L1 I$ that is
keyed by CPL.

I think somebody inside of Intel needs to really take a long hard look
at their CPU's, and actually admit that they have issues instead of
writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be
written with "not all CPU's are crap" in mind.

Or is Intel basically saying "we are committed to selling you ****
forever and ever, and never fixing anything"?

Because if that's the case, maybe we should start looking towards the
ARM64 people more.

Please talk to management. Because I really see exactly two possibibilities:

- Intel never intends to fix anything

OR

- these workarounds should have a way to disable them.

Which of the two is it?

Linus

L

Well, this just keeps getting more interesting. Intel knew about this back in June - their CEO decided to sell up in October.

Well hello Ryzen so

ED E

Its probably bad that when I read Linus I think Sebastian before Torvalds....

SickBoy

ED E wrote: »

Its probably bad that when I read Linus I think Sebastian before Torvalds....

smacl

Metric Tensor wrote: »

Must do a benchmark in the next day or two!

Can anyone in the know give an idea of what type of programs would make most use of this sort of switching to the kernel syscall type activity?

At a guess virtualization / running VMs would suffer badly, similarly running a large number of processes accessing shared resources using kernel level syncs such as mutexes. I doubt mining would be affected as that is more likely to be GPU based rather than CPU. Services and device drivers are also more likely to hit the kernel than applications.

smacl

ED E wrote: »

Its probably bad that when I read Linus I think Sebastian before Torvalds....

Hey, at least its not Van Pelt :pac:

Sesshoumaru

A good video from Sophos

https://nakedsecurity.sophos.com/2018/01/04/fckwit-the-video/

iLikeWaffles

https://www.youtube.com/watch?v=d7ILCoU9d4k

ED E

2008/W7/W8.1/2016 boxes are yet to update but the W10 unit is seeing pretty much on par perf in CB R15 (217 -> 216).

Metric Tensor

Is it out already? Didn't get a chance to run a before benchmark and it may be automatically on my W10 skylake by now.

.G.

windows 10 update was released two days ago but I haven't got it yet. Apparently there's some issue with the fix not being compatible with some AV programs.

Edit:- actually it was just done a while ago, wasn't when I checked last.

iLikeWaffles

Unless people know how to take advantage of this vulnerability there is not really a whole lot to worry about for the average user. The way I see it is depending on your caution with downloading stuff at the minute on an Intel chip there is more chance of winning the lotto 10 times consecutively than having your personnel data fall into the hands of someone who can use it against you.

All the big servers will get the patch anyway because of the volume of traffic of the servers so server side your personal data is secure otherwise they'd already be hacked if it was a well known flaw that more than one somebody could take advantage of.

The video I posted there is interesting because it explains it in an easy to understand way. When I first heard about this bug I was suspicious that it was just some PR thing for AMD. That question is still there, Fact is that AMD are not susceptible, Okay how so? For average users, most would be on windows or mac, how many would be on Linux where the AMD bug only occurs on some version that has been configured to allow the bug, So AMD are only vulnerable on a specially configured version of Linux that allows the bug... :rolleyes:

If that means its Intels way of showing that AMD is susceptible its just shady. Kind of like letting your dolly fall out of the pram seeing that your mates dolly hasn't fallen and grabbing it and throwing it on the ground while no one is watching and then saying look his dolly fell out too.

ED E

Interestingly MS pushed a reboot for that update without approval for Server 2016. That's pretty unheard of.

BloodBath

Intel knew about it when they designed the backdoor back in the pentium days. He only sold because he knew the story was about to break mainstream news.

It's been no secret for a long time that these things had back doors designed into them. If you google you will find articles about this exploit from years ago. Yet all intel chips made since then still have the vulnerability. Why is that?

The leaked NSA hacking tools that made use of this exploit were also known about for over 2 years as well. These tools have been available online to anybody yet nobody was warned about the security issues. Why is that?

There should be a criminal case brought against Intel and the NSA.

ED E

I think you're conflating the IME issues with the current ones Blood.

BloodBath

Maybe. I haven't really been following it.

Are they not the same?

scamalert

i dont get it is this a security issue which been along for generations or is it flaw in cpu that might reduce its performance.

frome one point if its flaw in security then who cares really, more attention might drive some prices down so would be good for the market,as intel cpu's are quite expensive, so naturally should drive price down.

wotzgoingon

scamalert wrote: »

i dont get it is this a security issue which been along for generations or is it flaw in cpu that might reduce its performance.

frome one point if its flaw in security then who cares really, more attention might drive some prices down so would be good for the market,as intel cpu's are quite expensive, so naturally should drive price down.

The exploit that effects all CPU's is just a work in progress nobody has found a exploit but they are saying it can be done eventually once someone figures it out. Where as the Intel bug only Intel CPU's a vulnerable and yes the exploit was found as in it can be done by hackers.

Spear

For those with ASUS motherboards:

https://www.asus.com/News/V5urzYAT6myCC1o2

Note that while the list the BIOS version with the fix, that version may not be released yet.

Cuddlesworth

Spear wrote: »

For those with ASUS motherboards:

https://www.asus.com/News/V5urzYAT6myCC1o2

Note that while the list the BIOS version with the fix, that version may not be released yet.

Its reckoned that the bios updates will cause far more performance loss for home PC's then the OS level update for Meltdown.

But Meltdown has had a huge effect on the server market, some services/applications have seen well beyond a 30% uplift in CPU usage.

BloodBath

wotzgoingon wrote: »

The exploit that effects all CPU's is just a work in progress nobody has found a exploit but they are saying it can be done eventually once someone figures it out. Where as the Intel bug only Intel CPU's a vulnerable and yes the exploit was found as in it can be done by hackers.

Of course they can. The NSA hacking tools are on the net already for anyone. The actual tools used by the NSA were stolen. The spectre one is hardware level and can't be fixed either so don't bother with the other update.

The reality is any PC using an intel chip (and others) is vulnerable though a hardware level backdoor by design.

ED E

BloodBath wrote: »

Of course they can. The NSA hacking tools are on the net already for anyone. The actual tools used by the NSA were stolen. The spectre one is hardware level and can't be fixed either so don't bother with the other update.

The reality is any PC using an intel chip (and others) is vulnerable though a hardware level backdoor by design.

What you're missing is the IME bug can be fixed with a BIOS update (Thats the NSA deal).

The Spectre/Meltdown issues require a performance hit in software to workaround and cannot be properly fixed fixed.

BloodBath

The IME bug can't be fixed. There is hardware level IME in the processor that can't be fixed. That is the spectre one is it not.

Inviere

So now there are BIOS updates as well as an OS patch?

SickBoy

Inviere wrote: »

So now there are BIOS updates as well as an OS patch?

The bios update will do something to the CPU microcode I think.
This will be the crippler update, not the OS patchas.

ED E

Inviere wrote: »

So now there are BIOS updates as well as an OS patch?

There is, for some. My Workstation board isnt even on Asus' list yet.

wotzgoingon

ED E wrote: »

There is, for some. My Workstation board isnt even on Asus' list yet.

How old is it? I haven'y looked up any list or if that link above was updated since then but when I looked at the list it was only the very newest boards on there.

ED E

Haswell, C610 is X99 equivalent. But yeah, it might be lower on their priorities.

.G.

My board is on their list but there's no bios update for it. There is a software Intel management engine update.

ED E

That list indicates which version will have it, many are yet to be pushed out.

Cuddlesworth

Might not be effecting games much but to say my system was choppy today with 4 VM's running would be a understatement. Which was never the case before. IO has taken a hefty hit and that threadripper upgrade looks all the more tempting now.

Nate--IRL--

Yes it appears I/O has taken a big hit.

https://www.youtube.com/watch?v=JbhKUjPRk5Q

Nate

Inviere

Nate--IRL-- wrote: »

Yes it appears I/O has taken a big hit.

NVME's in particular, ouch..those figures! It would seem going Ryzen for the foreseeable future is a no brainer?

scamalert

well issue existed for decades but my question is if say exploit is developed would someone still have to get it installed delivered to the system by some loophole, making it an issue as any other virus,worm that attackers use daily to gain access to anything they can everyday as been happening for years ? Since most have firewalls antivirus soft nowadays and it seems keeps most of bad stuff out,unless one goes wondering into dodgy places.