CPU Vulnerabilities, Meltdown and Spectre, Kernel Page Table Isolation Patches, and more

Discussion in 'Hardware Components and Aftermarket Upgrades' started by hmscott, Jan 2, 2018.

  1. ajc9988

    ajc9988 Death by a thousand paper cuts

    Reputations:
    1,174
    Messages:
    4,821
    Likes Received:
    6,748
    Trophy Points:
    581
    If you read around, PCID and other features supposedly help. BUT, Skylake was shown to have a 17-23% hit in performance. Kaby has the exact same sets of features. As does Skylake-X. You would have to, then, do something to help Ice Lake, which may already have issues with staying competitive with Zen 2 7nm. So, we shall see!
     
    Papusan and Vasudev like this.
  2. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,800
    Messages:
    16,658
    Likes Received:
    20,510
    Trophy Points:
    931
    Initial Benchmarks Of The Performance Impact Resulting From Linux's x86 Security Changes
    Written by Michael Larabel in Software on 2 January 2018
    https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=1

    "Over the past day you've likely heard lots of hysteria about a yet-to-be-fully-disclosed vulnerability that appears to affect at least several generations of Intel CPUs and affects not only Linux but also Windows and macOS. The Intel CPU issue comes down to leaking information about the kernel memory to user-space, but the full scope isn't public yet until the bug's embargo, but it's expected to be a doozy in the data center / cloud deployments. Due to the amount of interest in this issue, here are benchmarks of a patched kernel showing the performance impact of the page table isolation patches."

    Results of performance tests from above article are on the 2nd page:
    https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2

    Linux Gaming Performance Doesn't Appear Affected By The x86 PTI Work

    Written by Michael Larabel in Linux Kernel on 2 January 2018 at 09:06 PM EST
    https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-Initial-Gaming-Tests

    "With the recently published Initial Benchmarks Of The Performance Impact Resulting From Linux's x86 Security Changes, one of the common questions that came up is whether gaming performance is adversely affected by the x86 Page Table Isolation changes recently merged to the Linux kernel.

    Linux gaming performance in initial testing doesn't appear to be affected. Then again, we personally didn't expect it to be much considering it's more isolated than some of the other syscall / context switching heavy workloads benchmarked. But for those concerned whether running the patched Linux kernel could lead to a drop in frame-rates, it doesn't appear to be when firing up some of the common Linux games on Steam.

    For this quick testing was a Radeon RX Vega 64 running on the Intel Core i7 8700K "Coffee Lake" system with Linux 4.15:
    linux gaming after intel fix applied.JPG
    The frame-rates were pretty much stable in the different Vulkan/OpenGL games tested. Likewise, in the earlier article applications like FFmpeg also weren't significantly impacted unlike some of the synthetic I/O benchmarks, etc.
     
    Last edited: Jan 2, 2018
    Ashtrix, KY_BULLET, HTWingNut and 3 others like this.
  3. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,800
    Messages:
    16,658
    Likes Received:
    20,510
    Trophy Points:
    931
    For Now At Least AMD CPUs Are Also Reported As "Insecure"
    Written by Michael Larabel in AMD on 2 January 2018 at 09:16 PM EST.
    https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-Test

    "Right now with the big mysterious security vulnerability causing the rush of the x86 Page Table Isolation work that landed in the Linux kernel days ago, it's believed to be a problem only affecting Intel CPUs. But at least for now the mainline kernel is still treating AMD CPUs as "insecure" and is too taking a performance hit.

    Besides my initial benchmarks of the performance impact as a result of this x86 workaround in the Linux 4.15 kernel, I've been working on various other tests since yesterday and one of them was just seeing what happens on AMD hardware.

    image.jpg
    Back on 26 December is when Tom Lendacky of AMD posted a patch to confirm this PTI problem shouldn't affect the company's processors -- at least with what information is currently known. Lendacky wrote, "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault."
    image (1).jpg
    But over one week later, that patch has yet to be merged to the mainline kernel. When booting the Linux 4.15 kernel on an AMD EPYC box, indeed, for now the AMD CPU is still treated with a bug of "insecure_cpu."

    An immediate workaround at least until the AMD patch lands where PTI isn't applied to AMD CPUs is by booting the kernel with the nopti kernel command-line parameter. This can also be applied to Intel systems too on a patched kernel if wanting to regain the performance and are not too concerned about this vulnerability.

    In affected benchmarks (those making use of a lot of system calls, context switches, etc), indeed AMD EPYC faces a performance penalty similar to Intel. I'll have more test data to share on Wednesday.

    Hopefully more details on the underlying vulnerability come to light soon to really know if AMD CPUs have any chance of being affected and other details."
     
    Ashtrix, Huniken, Dr. AMK and 2 others like this.
  4. ajc9988

    ajc9988 Death by a thousand paper cuts

    Reputations:
    1,174
    Messages:
    4,821
    Likes Received:
    6,748
    Trophy Points:
    581
    Sounds like in dealing with this, they just wanted to default it until more thoroughly explored. But, that is no bueno on the wait until they change that.
     
    Vasudev and hmscott like this.
  5. Mr. Fox

    Mr. Fox Undefiled BGA-Hating Elitist

    Reputations:
    23,153
    Messages:
    32,248
    Likes Received:
    45,517
    Trophy Points:
    931
    Well, that is good news if the noptl command will restore unpatched performance for those that are not concerned about this hype. I am thankful if it will be that simple to maintain control and autonomy to handle my personal property in whatever manner I deem to be appropriate. As far as I am concerned, not a big deal in the grand scheme of things. I do not use antivirus software either.

    It will still be a big deal for Intel, primarily because the general public is going to be extra emo about it... guaranteed... especially with the special help and influence of the alarmist media that will milk the story drier than a popcorn fart.

    It will be cute to see all of the talking head media muppets regurgitating technical mumbo jumbo they don't even comprehend. They seem to be really good at that, no matter what the subject matter happens to be.
     
    Ashtrix, KY_BULLET, Huniken and 4 others like this.
  6. Robbo99999

    Robbo99999 Notebook Prophet

    Reputations:
    3,274
    Messages:
    5,630
    Likes Received:
    4,258
    Trophy Points:
    431
    Any word yet on when we can expect a Windows patch for this security hole? I'm interested to see if there's any performance hit, and thanks hmscott for your Linux gaming performance posting.
     
    Vasudev likes this.
  7. Falkentyne

    Falkentyne Notebook Prophet

    Reputations:
    5,083
    Messages:
    4,349
    Likes Received:
    5,839
    Trophy Points:
    581
    The later the better. I don't want no 'patch'.
     
    KY_BULLET and Mr. Fox like this.
  8. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,632
    Messages:
    1,182
    Likes Received:
    2,586
    Trophy Points:
    181
    Watch Jason Bourne 2016 :), but it's not about one platform, all technology owners are the same and serve the same master. It will never stop as @Mr. Fox said. No one can force them to correct what they are doing, so it's our decision go with it or just leave it and try to find something else, BTW they didn't leave the open source alone, they already injected their poisons inside most of it.
     
  9. Mr. Fox

    Mr. Fox Undefiled BGA-Hating Elitist

    Reputations:
    23,153
    Messages:
    32,248
    Likes Received:
    45,517
    Trophy Points:
    931
    Just because one company chooses to do things a certain way imposes no obligation for another to follow suit. Intel following AMD's lead would be kind of like the tail wagging the dog at this point in time. AMD had no horse in the CPU race until the release of Ryzen, and Intel was doing things as they are today when they were still a worthless nothing outfit in the CPU realm. Had they not been doing things in the manner they are coming under fire for now, AMD's CPU offerings before Ryzen would have still been miles apart from Intel because their pre-Ryzen CPU architecture was pure garbage.

    Plus, I do not want them to play fairly. They should behave as cut-throat rivals and if they do not we will all suffer the consequences. I am very happy that they are finally in a bitter feud over the CPU performance crown and hope that it escalates even more. I wish AMD had the financial resources and technical skill to engage NVIDIA in the same manner. The bitter battle is what drives innovation and excellence for consumers, and they both need to behave as though they are in it to win it. Chivalry has no place in battle.

    And, we should all be very thankful that Intel is under scrutiny now for this swiftly over-hyped security concern rather than AMD. Intel will likely end up damaged over it, but they should have the resources to make it through the fire and still come out breathing after the smoke has cleared. Had the tables been turned, this scenario would have most likely dealt an unrecoverable fatal blow to AMD. I think AMD would likely cease to exist and we would be left with Intel being the only processor manufacturer to serve the needs of the masses.

    This latent security issue is not new. What is new is the phenomenon that for the first time in more than a decade, AMD threatens to take a portion of Intel's long-held market share and diminish their deadly monopoly. When you start doing the math and reflecting on recent events, it really begs the question, why is this only becoming a talked-about issue now and who is behind the hype?
     
    Last edited: Jan 3, 2018
    Ashtrix, Raiderman, KY_BULLET and 4 others like this.
  10. Phoenix

    Phoenix Super Tweaker

    Reputations:
    14,300
    Messages:
    17,702
    Likes Received:
    24,520
    Trophy Points:
    931
    Ughhh why?
     
Loading...

Share This Page