CPU Security Flaws MELTDOWN and SPECTRE

Discussion in 'PC Industry' started by Bondrewd, Jan 2, 2018.

  1. no-X

    Veteran

    Joined:
    May 28, 2005
    Messages:
    2,297
    Likes Received:
    247
    Those „40 %“ for Macs corresponds to disabled HT, too. ("Hyperthreading improves performance for certain workloads by 30 % to 40 %" see chapter 7)
     
  2. Kaotik

    Kaotik Drunk Member
    Legend

    Joined:
    Apr 16, 2003
    Messages:
    8,166
    Likes Received:
    1,836
    Location:
    Finland
    https://www.nrc.nl/nieuws/2019/05/14/hackers-mikken-op-het-intel-hart-a3960208

    edit:
    Wired has info on it in English
    https://www.wired.com/story/intel-mds-attack-speculative-execution-buffer/
     
    #362 Kaotik, May 16, 2019
    Last edited: May 16, 2019
    Malo likes this.
  3. Pressure

    Veteran Regular

    Joined:
    Mar 30, 2004
    Messages:
    1,335
    Likes Received:
    267
    Indeed, the newest version of Mojave (10.14.5) reports whether or not Hyper-Threading is enabled.

    Hyper-Threading Technology: Enabled
     
    iMacmatician likes this.
  4. swaaye

    swaaye Entirely Suboptimal
    Legend

    Joined:
    Mar 15, 2003
    Messages:
    8,456
    Likes Received:
    578
    Location:
    WI, USA
    The only hyperthreading I have around is in notebooks. Surface Book (6600U), ASUS G750JY (4860HQ) and my ancient ASUS G73JH (920XM). I greatly look forward to seeing what Windows 10 does to them. I imagine the Surface Book will get more firmware updates, though I wonder how much longer MS will keep that up.

    I can't say I've noticed anything sluggish about the old 920XM with up-to-date Win7 or Win10 at this point.
     
    #364 swaaye, May 16, 2019
    Last edited: May 16, 2019
  5. entity279

    Veteran Regular Subscriber

    Joined:
    May 12, 2008
    Messages:
    1,229
    Likes Received:
    422
    Location:
    Romania
    I've the 7980XE . Maybe no HT would be a slight performance improvement in the majority of cases for me.
     
  6. Rootax

    Veteran Newcomer

    Joined:
    Jan 2, 2006
    Messages:
    1,151
    Likes Received:
    571
    Location:
    France
    With all the little regressions here and there, maybe zen+ would be come on top if a lot of reviews were re-done now with all the patches and mitigations in place... ?

    I'm still good with my 5820k OC@4.2 , but honestly, seeing how AMD is non affected by most of this, it's an argument they could push a lot with Zen2...
     
    Lightman likes this.
  7. 3dilettante

    Legend Alpha

    Joined:
    Sep 15, 2003
    Messages:
    8,122
    Likes Received:
    2,873
    Location:
    Well within 3d
    Phoronix has done some testing across various Intel CPUs with various levels of mitigation enabled. The most recent Intel cores do lose a measurable amount of performance, but many of the vulnerabilities or mitigations hit system calls or context switches, which are already high-overhead. Intel frequently had a commanding lead in those areas, and sometimes even with the losses it's a matter of some ties or a reduced lead versus Zen. Since systems try to avoid these overheads as much as possible, the overall impact outside of some things like IO-heavy loads is minimized.
    The vulnerabilities that may require disabling SMT aren't all Intel-only, and since Zen has shown better SMT scaling it would lose more if SMT is disabled.

    That many workloads still have Intel competitive or leading may mean that the goal for the next microarchitectures is to try to implement many of the Intel speculative measures while mitigating whichever corner case is leaking information. CPU generations fight for single-digit performance gains, so trying to get back 5-10% by restoring known performance improvements is a tempting direction.
     
  8. BRiT

    BRiT (╯°□°)╯
    Moderator Legend Alpha Subscriber

    Joined:
    Feb 7, 2002
    Messages:
    12,392
    Likes Received:
    8,605
    Location:
    Cleveland
    At least the shit-show is so bad that the Linux folks are building in a simple boot-time mitigation controls and also allowing for some controls at run-time too.
    • mitigations=off: Disable all mitigations.
    • mitigations=auto: [default] Enable all default mitigations, but leave SMT enabled, even if it's vulnerable.
    • mitigations=auto,nosmt: Enable all default mitigations, disabling SMT if needed by a mitigation.
    instead of:
    • pti=off spectre_v2=off l1tf=off mds=off nospec_store_bypass_disable no_stf_barrier
     
  9. swaaye

    swaaye Entirely Suboptimal
    Legend

    Joined:
    Mar 15, 2003
    Messages:
    8,456
    Likes Received:
    578
    Location:
    WI, USA
    Is there a way to disable Hyperthreading with Windows? I was going to disable it on my old G73JH with 920XM but the BIOS has no option.
     
  10. hoom

    Veteran

    Joined:
    Sep 23, 2003
    Messages:
    2,931
    Likes Received:
    485
    Zen2 includes extra hardware fixes from AMD
    https://www.anandtech.com/show/14525/amd-zen-2-microarchitecture-analysis-ryzen-3000-and-epyc-rome/3
     
    BRiT, Lightman and Malo like this.
  11. hoom

    Veteran

    Joined:
    Sep 23, 2003
    Messages:
    2,931
    Likes Received:
    485
  12. itsmydamnation

    Veteran Regular

    Joined:
    Apr 29, 2007
    Messages:
    1,296
    Likes Received:
    395
    Location:
    Australia
    Well that wouldn't make much sense given that Suite B crypto is used to secure US government and military networks along with most 5 eyes nations + who knows who else.
     
  13. pcchen

    pcchen Moderator
    Moderator Veteran Subscriber

    Joined:
    Feb 6, 2002
    Messages:
    2,743
    Likes Received:
    106
    Location:
    Taiwan
    Some elliptic-curve cryptography curves (such as the infamous Dual_EC_DRBG) has parameters that are suspected to have backdoors. Other commonly used curves are probably fine.
     
  14. hoom

    Veteran

    Joined:
    Sep 23, 2003
    Messages:
    2,931
    Likes Received:
    485
    Ah, looks like thats the one I'm thinking of :yep2:
    So a particular implementation variant rather than elliptic generally.
     
  15. orangpelupa

    orangpelupa Elite Bug Hunter
    Legend Veteran

    Joined:
    Oct 14, 2008
    Messages:
    7,088
    Likes Received:
    1,267
    Btw, for those that windows 10 suddenly become less responsive (start took longer to pop up, explorer took longer to pop up)

    Try disabling both meltdown and specter mitigation via inspecter app.

    For my Haswell tablet, it completely fixed the annoying sluggishness.

    Despite the reports that the mitigations shouldn't have any user noticeable impact on performance (other than on games or benchmark)
     
  16. Malo

    Malo Yak Mechanicum
    Legend Veteran Subscriber

    Joined:
    Feb 9, 2002
    Messages:
    6,977
    Likes Received:
    3,055
    Location:
    Pennsylvania
    Why don't you just give us your email passwords as well?
     
  17. BRiT

    BRiT (╯°□°)╯
    Moderator Legend Alpha Subscriber

    Joined:
    Feb 7, 2002
    Messages:
    12,392
    Likes Received:
    8,605
    Location:
    Cleveland
    All those flaw mitigations are overkill unless you know you're a target of State Actors. It's far easier and less performance draining to simply prevent JAVASCRIPT in Browsers from using excessive CPU, thus making the attacks impossible.
     
  18. orangpelupa

    orangpelupa Elite Bug Hunter
    Legend Veteran

    Joined:
    Oct 14, 2008
    Messages:
    7,088
    Likes Received:
    1,267
    Is that statement was what people talks as whataboutism or moving a goalpost or false equivalence?

    Anyway, My understanding about spectre and meltdown is that general users are more likely target of conventional attacks
     
  19. pcchen

    pcchen Moderator
    Moderator Veteran Subscriber

    Joined:
    Feb 6, 2002
    Messages:
    2,743
    Likes Received:
    106
    Location:
    Taiwan
    There are two scenarios for these side channel attacks: the first one is for those virtual machines from cloud providers. This is actually a huge problem for them because people used to believe that by using a virtual machine it's safe to share a physical machine with unknown people. This could make dedicated machines more popular but the thing is that large companies are already using them and small companies can't really afford them.

    For desktop users, the problem is quite different, as most people don't really run untrusted codes frequently, except (and this is a huge except) for those pesky Javascript codes from random websites. This is really a difficult problem because people are expecting to have good Javascript performance, so anything that causes a serious performance downgrade is not really acceptable. On the other hand, Javascript is kind of easier to secure because the VM actually has the source code. And no, disabling Javascript is not a realistic solution, at least for most people.
     
    Malo, pharma, BRiT and 1 other person like this.
  20. BRiT

    BRiT (╯°□°)╯
    Moderator Legend Alpha Subscriber

    Joined:
    Feb 7, 2002
    Messages:
    12,392
    Likes Received:
    8,605
    Location:
    Cleveland
    Can't you limit or quota CPU usage for Javascript, thus making the timing attacks impossible? No normal website is going to need consecutive Minutes of 100% CPU load Javascript execution. Or only use the mitigation protections for the Javascript VM engine or go slightly larger and use the protections for the entire browser process.
     
Loading...

Share This Page

  • About Us

    Beyond3D has been around for over a decade and prides itself on being the best place on the web for in-depth, technically-driven discussion and analysis of 3D graphics hardware. If you love pixels and transistors, you've come to the right place!

    Beyond3D is proudly published by GPU Tools Ltd.
Loading...