Glitch in Intel cpus may result in security patch with big perf hit

Discussions about anything Computer Hardware Related. Overclocking, underclocking and talk about the latest or even the oldest technology. PCA Reviews feedback
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Post by FlyingPenguin »

Sweet.

https://www.ghacks.net/2018/01/16/gibso ... e-checker/

Interestingly, Microsoft is claiming that Win10 is less effected by the performace hit of the OS patch than previous versions of Windows. I'd love to see some testing to prove that.

Keep in mind that if they release a firmware patch for your mobo, than will completely negate any performance hit.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Genom
Steely Eyed Missile Man
Posts: 866
Joined: Thu Aug 28, 2014 4:14 pm
Location: Hotlanta

Re: Glitch in Intel cpus may result in security patch with big perf hit

Post by Genom »

I have the meltdown patch installed and honestly, noticed nothing different. My games seem to be running as usual and videos play fine. No BIOS update yet for Spectre, but I'd be surprised if Asrock does an update for a 4 year old MB/CPU combo all that fast.
User avatar
Executioner
Life Member
Posts: 10133
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Glitch in Intel cpus may result in security patch with big perf hit

Post by Executioner »

Yeah I doubt my mobo/cpu will be patched. The Asus P5QE combo is over 7 years old (quad core Q6600).
User avatar
Key Keeper
Posts: 1564
Joined: Sat Oct 30, 2004 12:17 pm
Location: Austin TX

Re: Glitch in Intel cpus may result in security patch with big perf hit

Post by Key Keeper »

I installed this...yup...instant brick on my older AMD chip.

No safe mode, no last known good config, nothing. Booted off windows cd into recovery console and removed the patch and it finally booted. Took half an hour to finish up some other update that was hung up, but at least my garage machine is working. What pissed me off was the forum I was reading had the directory patch all screwed up and it errored on every commend, so I had to search the drive only to find out they left some steps out of the command. Oh well its working now and that update has been hidden.
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Post by FlyingPenguin »

Just listened to Steve Gibson on last Security Now podcast discussing Meltdown and Spectre in GREAT DETAIL, as he had to deeply dive into it and understand the issues in order to write his Inspectre utility. If you want to understand this, I would highly recommend it watching/listening.

He starts the Inspectre discussion at 1:08 but I would recommend listening to the whole show and skipping the commercials. There's lot's of info on Meltdown in the beginning during the security news segment.

I find it easier to listen to the audio podcast so you can easily skip ahead.

Podcast: https://twit.tv/shows/security-now/epis ... tart=false

"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Executioner
Life Member
Posts: 10133
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Glitch in Intel cpus may result in security patch with big perf hit

Post by Executioner »

Interesting. According to Steve's utility, I don't have a vulnerability to Meltdown, but for Spectre I do. I have not noticed any performance hit. Again, I have an old custom system I built about 7-8 years ago that I still use. The only hardware that gets updated is the HD and video card. I haven't checked for a BIOS update for this old ASUS mobo, but I'm sure it's not a priority.
Interesting according to Steve, that only Windows 10 fall creators update is patched. Nothing for previous versions of windows including 7 and 8.
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Post by FlyingPenguin »

I'm asuming you haven't installed a BIOS update yet? If Inspetre says don't have a Meltdown vulnerability, and it's an Intel CPU, that's likely because by now you certainly should have the Windows patch by now (it's been out over a week), and yours is one of the lucky CPUs that support modern features that don't cause a performance hit.

That's why he wrote Inspectre, because it's very confusing. There are instruction sets in some newer (last few years) CPUs that have instructions that can be used to perform "safe" cache isolation without compromising performance. This is because Intel probably saw something like this coming and has been slowing adding these features the last few years.

Inspectre can query the CPU and ask if any of the newer instruction sets are present, or have been installed as micro-code in the BIOS. If so, Inspectre informs you that you won't have any performance penalty.

Oh and InSpectre will tell you if you'll have a slow down issue WHETHER OR NOT you've installed the patch. That's because he's querying the CPU to see what features are available.

On older hardware with no modern instructions, the only way to work around it is to force the cache to flush every time you change from a kernel to user operation, which happens often and negates a lot of the performance benefits of the cache. Depending on the operation, the performance can be as bad as completely disabling the caches on the CPU.

My 2015 gaming PC won't be slowed down (haven't patched it yet). My old 2010 workstation (1st gen Core i7), which I'm using at the new house until I move my new 2016 workstation over here, indicates that Meltdown is patched BUT I'm taking a performance hit. Mind you, I'm not subjectively noticing any performance issues, but I'm mainly using this for browsing, Office, and remoting into my new workstation at the old house.

If you scroll down in the Inspectre display he does explain some of this in layman's terms. The podcast covers it really well too.

If you don't want to listen to the whole podcast, you can start around the 35 minute mark. That's in the middle of the news segment, but a lot of the news is about Meltdown and Spectre. Then the main segment about Inspectre is at 1 hour and 8 min.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Executioner
Life Member
Posts: 10133
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Glitch in Intel cpus may result in security patch with big perf hit

Post by Executioner »

The last time my BIOS had an update was July 2009 LOL (just checked Asus site), and I'm running the latest one. I kept the mobo because I never had an issue with it and my Q6600 cpu. I've only upgraded the HD and video cards throughout the years. Even my win7 installation is old. I think I went from XP to Win7 in 2013.
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Post by FlyingPenguin »

Hmmmm. I wonder why a Q6600 would show up as not having a performance issue. That's too old a CPU to have any of the newer instructions.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Executioner
Life Member
Posts: 10133
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Glitch in Intel cpus may result in security patch with big perf hit

Post by Executioner »

FlyingPenguin wrote:Hmmmm. I wonder why a Q6600 would show up as not having a performance issue. That's too old a CPU to have any of the newer instructions.
Here is what the tool says:

Vulnerable to Meltdown: NO
Vulnerable to Spectre: YES!
Performance: SLOWER
This system's older Intel processor does not provide high-performance protection from the Meltdown vulnerability. Windows is therefore doing the best job it can to protect the system, though with a possibly significant performance penalty. You may wish to considering disabling this system's Meltdown protection until it is offered at lower system performance cost.
but like I said, I haven't noticed any difference in performance.
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Post by FlyingPenguin »

Oh, so it is reporting properly. I misunderstood.

Yeah I have yet to see any slowdown on that old 2010 workstation I'm using.

Be aware that you can run a benchmarch with meltdown protection on and off and compare. Inspectre lets you toggle it through a registry setting (requires reboot).

Right now there are no known exploits in the wild, so if you do see a performance hit you can disable meltdown protection for now with little risk - especially if you're a careful person who doesn't install untrusted software, and you use Firefox or Chrome.

I'm going to kill it on my gaming rig.

Sooner or later they'll spot something and then we'll all need to turn it on.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Post by FlyingPenguin »

I checked and found that Asus released a BIOS update for my workstation mobo on 1/12/18 than included "Updated Intel Microcode" in the notes. Sure enough, after installing it, I am now protected from Spectre.

FYI: Make sure to take photos of all your BIOS settings before you upgrade your BIOS. Your settings usually get reset.

I forgot to do that and the factory settings wouldn't recognize my M.2 boot drive because the M.2 slot was disabled and UEFI had been turned back on. That was a bit aggravating for a while.

Nothing yet for my gaming system, but that hasn't gotten a BIOS update since 2015.

Image
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Post by FlyingPenguin »

:] And of course, after I installed this, Intel says there's an issue and everyone should stop installing BIOS updates for now until they sort it out, and may want to roll back to a previous version. Hmm.

No random reboot issues on my workstation so far, so I'll stick with it for now.

https://www.theverge.com/2018/1/22/1691 ... ctre-patch
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Glitch in Intel cpus may result in security patch with big perf hit

Post by FlyingPenguin »

For the time being, Steve Gibson recommends that if you've installed the Spectre fix BIOS update, and your PC is not having any problems with random reboots, you might as well leave it installed. If you ARE having problems then roll back to the previous version.

If you haven't updated the BIOS yet, then don't.

He also makes a valid point that Spectre is far more of a threat to data center servers than home users. No exploit has been seen in the wild yet, it's a local exploit so nothing can reach into your PC, and all it does is allow a malicious program (that you have to allow to install via some traditional manner) to see data running in other processes. This is really no worse than letting a malicious app install that runs as a keygen. ANYTHING gets into your system and you're toast.

Data center servers are much more threatened because a server generally has a lot of data from multiple users running through it, and as such is a much more target rich environment.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Executioner
Life Member
Posts: 10133
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Glitch in Intel cpus may result in security patch with big perf hit

Post by Executioner »

So just like windows updates, better to wait a few months for all the bugs to be figured out.
Post Reply