Intel bug incoming? Meltdown and Spectre exploits

[Rroff]

This is what AMD said specific to variant 2



Sorry but that is very clear, there are no known vulnerabilities to variant 2(second sentence), and due to the difference in architecture to Intel who are currently vulnerable to it we believe there is a miniscule or near zero risk of exploitation in the future.

But this is in context where everyone apparently is now questioning the safety of speculative execution in security terms. It's a new type of attack yet AMD still think it's almost impossible they'll become vulnerable to it in the future, but they very clearly say right there along with it that none of the current attacks work against AMD architectures.

What people seem to want is AMD to say they aren't vulnerable to known attacks... yet that is what they said, but also say they won't ever be vulnerable to any future variant 2 attacks, despite them being new and simply not knowing how future attacks might proceed, which is crazy. However again as highlighted above (non predictable locations for data as opposed to Intel), it's going to be almost impossible in the future.

So in the context of current vulnerabilities they already said what you're suggesting, on future vulnerability again what should they have replaced near zero with?

It is a rather peculiar way of putting it - "not been demonstrated" tends to be used when something hasn't been exhaustively tested its a cop out statement, "near zero" is meaningless - as above its a polluted PR statement which gives very little true indication of the extent or not of the problems on AMD side and a lot of trying to make sure any **** storm stick on Intel and not them even if the eventuality that they have some degree of exposure.

After all the times AMD have played this game I'm surprised to see you defending them over wording like this - it is the same kind of BS statements like we had with Vega, etc.

 

[gbgt2]

I just installed KB4056892 for Win10 (Fall Creators Update) and ran through a couple of benchmarks with Fire Strike 1.1 and CINEBENCH R15. I don't see any noticable difference in scores really. Here is Fire Strike for example:

https://www.3dmark.com/3dm/16874736 (from December 24 2016) Physics Test: 73.75 fps
https://www.3dmark.com/3dm/24401115 (taken just now with slightly lower overclock on the GPU) Physics Test: 73.59 fps

 

[Silent_Scone]

I'm most interested in seeing the impact on SQL.

 

[CAT-THE-FIFTH]

https://www.theregister.co.uk/2018/01/04/intel_meltdown_spectre_bugs_the_registers_annotations/

We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare
As Linus Torvalds lets rip on Chipzilla

LOL.

Also someone has shown how they can use the vulnerability to steal passwords too:

https://www.reddit.com/r/sysadmin/comments/7o109b/using_meltdown_to_steal_passwords_in_real_time/

 

[Bonjour]

One of our primary systems utilises an SQL server VM. Have I read correctly that it's VMs and SQL that are likely to be worst affected, performance-wise, following the patch?

 

[wolfie138]

so i take it all these potential threats are only a threat if, as usual, they get past whatever protection you're running? is it not possible for, say, NOD32 to get an update to protect/block things that could exploit this rather than choking off the CPU? of course, belt and braces etc, you should get the other too.

 

[Rroff]

One of our primary systems utilises an SQL server VM. Have I read correctly that it's VMs and SQL that are likely to be worst affected, performance-wise, following the patch?

Depending on usage SQL can take quite a hit - especially if your setup relies heavily on certain types of file IOPS you can see quite a performance drop off - this will likely be mitigated slightly down the line as some of the extra instructions for stuff like that can be accelerated down the line (batching up dispatches, etc.) but takes a lot more sanity and compatibility testing, etc.

 

[modo77]

just updated on win10. ran a quick cinebench and it dropped a whole 2 points. Tomb Raider showed no difference also.

 

[SiDeards73]

We have SQL running VM's here, 6 diff SQL servers, only 2 of them are really high use, but we use SAP via our european data center, im interested to see if it tanks any of these systems performance.

 

[CAT-THE-FIFTH]

I saw this mentioned elsewhere:

https://support.microsoft.com/en-us...garding-the-windows-security-updates-released

Microsoft has identified a compatibility issue with a small number of anti-virus software products.

The compatibility issue is caused when anti-virus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot. To help prevent stop errors caused by incompatible anti-virus applications, Microsoft is only offering the Windows security updates released on January 3, 2018 to devices running anti-virus software from partners who have confirmed their software is compatible with the January 2018 Windows operating system security update.

Wait,wut??

 

[LoadsaMoney]

Avira update coming.

 

[pete910]

I saw this mentioned elsewhere:

https://support.microsoft.com/en-us...garding-the-windows-security-updates-released



Wait,wut??

In other words the AV is dipping into the protected area by the sounds of it from userspace in which this patch stops. Thats my take on so more than likely wrong

 

[Cromulent]

Just ran Geekbench 4 on my computer after the patch and compared it to a previous benchmark result from someone else from the 31st of December. My score still beat theirs so I'm not too worried about the performance issues at the moment.

 

[antijoke]

I'm most interested in seeing the impact on SQL.

Same here, as someone who has to look after several web servers all serving SQL sites some of which are high traffic along with an aWS instance serving a very high traffic site this could cause some headaches.

 

[CAT-THE-FIFTH]

Computerbase.de did some benchmarks on a Core i7 7700K.







Hardwareluxx did some testing with a Core i7 3960X:

https://www.hardwareluxx.de/index.p...er-sicherheitsluecke-im-prozessor-design.html

Das Testsystem
Prozessor Intel Core i7-3960X 3,3 @ 3,9 GHz
Kühlung Corsair H110i GT All-in-One-Wasserkühlung
Mainboard ASUS P9X97 Deluxe
Arbeitsspeicher G.Skill
SSD OCZ Arc 100 240 GB
Netzteil Seasonic Platinum Series 1.000 Watt
Betriebssystem Windows 10 64 Bit
Gehäuse Fractal Design Define R5

A GTX1080TI was used.

However,I would like to see more I/O bound games tested,especially many open world games based on older engines such as Skyrim and FO4.

 

[CAT-THE-FIFTH]

Also,this sounds a bit dodgy:

http://uk.businessinsider.com/intel...ny-was-informed-of-chip-flaw-2018-1?r=US&IR=T

Intel was aware of the chip vulnerability when its CEO sold off $24 million in company stock

 

[pete910]

Patch now pulled for AMD into mainline kernel

https://git.kernel.org/pub/scm/linu...57741088068799b810416ac249a9ce&utm_source=anz

 

[B12B6]

It seems tests/reviews currently are not showing how badly performance is going to be capped.

Hardware Unboxed
Apparently the full fix will also rely on firmware updates from Intel, so I’ll keep you guys up to date with news and benchmark results.

 

[Bonjour]

Are chip firmware updates pushed through Windows Update?

 

[SiDeards73]

Pretty sure that MS patch just fixes one of the exploits, and 99% of gaming is not going to be affected as it doesnt really delve into the part of the system that the patch addresses... however reportedly Denuvo will take a hammering, and potentially MMORPG type games could take a hammering, so could a lot of online gaming that is reliant on cloud computing etc.