Announcement

Collapse
No announcement yet.

The Performance Impact Of MDS / Zombieload Plus The Overall Cost Now Of Spectre/Meltdown/L1TF/MDS

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    So... yet another "lets get that brand spanking new 9900K working like a 486!" "mitigation" linux kernel has to enable by default.
    The words : "he adds, it’s highly unlikely it will ever be used in the wild." and “This particular one would require the hackers to have perfect conditions in order to exploit it,” Siciliano says, is ofc absolutely NO concern i guess.


    Might not be spoken by anyone with a clue, but where is the hard evidence that any random "Joe Average" has gotten his personal computer ruined by any of those exploits running linux? Where are the horror stories? What are the REAL risks?

    I would suspect NONE tbh, but noone will ever consider doing such a shady thing as disabling those things, and with "everything" compiled WITH exploit mitigations, there are almost nothing to be gained by disabling this on a kernel level. I guess you would need to recompile everything to even gain anything back now

    F**ed if you do, f**ed if you dont

    Comment


    • #12
      That summarizes most of it pretty nicely. Thanx. Some epic crippling of performance there.
      As usual. Cheating pays off. Until you get caught. Then you'll get your ass handed to you.

      Sorry Intel, but there is no way you didn't know that you traded security and proper implementation for faster performance.

      Comment


      • #13
        Originally posted by Cybmax View Post
        So... yet another "lets get that brand spanking new 9900K working like a 486!" "mitigation" linux kernel has to enable by default.
        The words : "he adds, it’s highly unlikely it will ever be used in the wild." and “This particular one would require the hackers to have perfect conditions in order to exploit it,” Siciliano says, is ofc absolutely NO concern i guess.


        Might not be spoken by anyone with a clue, but where is the hard evidence that any random "Joe Average" has gotten his personal computer ruined by any of those exploits running linux? Where are the horror stories? What are the REAL risks?

        I would suspect NONE tbh, but noone will ever consider doing such a shady thing as disabling those things, and with "everything" compiled WITH exploit mitigations, there are almost nothing to be gained by disabling this on a kernel level. I guess you would need to recompile everything to even gain anything back now

        F**ed if you do, f**ed if you dont
        As far as I know, at least for the Meltdown Bug are JavaScripts available, which could run on any Website (but Browsers now decrease the timing accuracy so that they don't work).

        Comment


        • #14
          Originally posted by Cybmax View Post
          So... yet another "lets get that brand spanking new 9900K working like a 486!" "mitigation" linux kernel has to enable by default.
          A 486 is faster now, since it isn't affected by any of those flaws. Time to dust off my DX4-100.

          As for those flaws being "highly unlikely" to be used in the wild: there's a thing called "off-the-shelf malware." And let's not forget that Spectre is a flaw that runs deep inside the uarch, so it's highly likely there are more exploits to be discovered. With those flaws all over the press there's more incentive to exploit it.

          Of course Intel knew it all along. If a much smaller company like AMD could foresee the nastiness and take measures to secure their CPUs, so could Intel.
          Last edited by angrypie; 18 May 2019, 07:33 PM.

          Comment


          • #15
            ok. so there are more bugs now. the question that i have: does any of the manufactures removed any of them with the new processors? will they remove any of them? or they will continue to pretend that there is nothing wrong with them?

            Comment


            • #16
              Originally posted by Cybmax View Post
              So... yet another "lets get that brand spanking new 9900K working like a 486!" "mitigation" linux kernel has to enable by default.
              The words : "he adds, it’s highly unlikely it will ever be used in the wild." and “This particular one would require the hackers to have perfect conditions in order to exploit it,” Siciliano says, is ofc absolutely NO concern i guess.
              http://fortune.com/2019/05/15/zombie...ng-downplayed/

              Might not be spoken by anyone with a clue, but where is the hard evidence that any random "Joe Average" has gotten his personal computer ruined by any of those exploits running linux? Where are the horror stories? What are the REAL risks?

              I would suspect NONE tbh, but noone will ever consider doing such a shady thing as disabling those things, and with "everything" compiled WITH exploit mitigations, there are almost nothing to be gained by disabling this on a kernel level. I guess you would need to recompile everything to even gain anything back now

              F**ed if you do, f**ed if you dont
              If you only run the OS on your personal computers then ignoring / disabling these mitigations is what you should do if it impacts your processing. Unless you're into hacking yourself... bsds use sysctls and/or kernel defines to allow you to ignore them (well some bsds anyway), not sure about linux

              You may be at risk but you have been at risk most of this century - how's it been so far?
              Perform backups, use snapshots, etc. You're probably more at risk of data loss through drive failure imho.
              Last edited by Bsdisbetter; 18 May 2019, 07:55 PM.

              Comment


              • #17
                Originally posted by loganj View Post
                ok. so there are more bugs now. the question that i have: does any of the manufactures removed any of them with the new processors? will they remove any of them? or they will continue to pretend that there is nothing wrong with them?
                Nope they'll continue to pretend software can mitigate all their mistakes and intentional performance hacks where they knew they were vulnerable - and that applies not just to intel, but amd etc. A lot of these current crop of vulnerabilities like spectre have been known a long time, it's just about producing a harmful exploit. Just read the wikipedia.

                Comment


                • #18
                  Originally posted by Xaero_Vincent View Post
                  Heavy context switching is a disaster for Intel chips now. Ugh.
                  Context switching has always had a high cost in hardware and in software. I think meltdown is the majority of the 16% hit in the geometric mean tests extrapolating from earlier benchmarks. MDS seems like it is the worst for context switching, but people have been writing code to avoid context switching for as long as it has existed. It's ironic that people were going after additional forms of isolation like MPX, SGX when basic process isolation had holes in it and KPTI does something the hardware should've done.

                  If any Intel engineers kept notes on potential pitfalls in the design, but then were overruled by superiors because of performance... would make for some nice diesel-gate-like evidence. Not that anything like that would ever come out of Intel, IBM or ARM for meltdown.

                  Comment


                  • #19
                    Originally posted by xfcemint View Post

                    I believe it is a mix or utter irresponibility and incompetence. They (Intel) can (or could) afford it, as market leaders. The other CPU manufacurers also acted irresponsibly, but somewhat less than Intel.

                    As someone wrote, at the end of the day Intel is gonna draw the line and look at their record high profits in the past few yers. And that's all that matters.



                    They will remove them, but it takes two-three years to design and manufacture a new processor. In the mean time, it is software mitigations acommpanied by their PR bullshit to try to convince us everything is fine and smooth.

                    And by the way, when they do design a new processor, the old bugs should be fixed but new ones will be incomming (hopefully, none as bad as Spectre class, but who knows...).
                    Doesn't matter, most people buy computers based on design of the laptop chassis anyway. And, of course, the brand, <irony ON> it is important because some brands have only good computers, and others have only bad computers. A good brand is the same one that your friends bought, because your friends are not fools.



                    Yeah, there's a new backup tech which can protect you from credit card number theft. If your credit card number is stolen, just restore it from the backup and you're fine. Same for logins and passwords, just use a time-reversing snapshot.

                    Best to disable those mitigations so you can play Battlefield 2999 at 134 FPS instead of peasantly meager 121.
                    Yeah, melodrama at its best
                    If you store ANYTHING on your computer such as credit card info then you deserve to be burned when you visit that dodgy crack site to pay for stolen goods. Likewise storing passwords in a browser is just plain dumb. Storing passwords anywhere other than a wallet not on the system in question is dumb. You can't mitigate stupidity, it seems.

                    Just realize that exploits of ssl have been around for a long time, but hey by all means dig up your old 386 and run dos on it, put your tin-foil hat on and don't use the web.

                    ps the intel microcode is available.
                    Last edited by Bsdisbetter; 18 May 2019, 09:12 PM.

                    Comment


                    • #20
                      There are hardware mitigations, and indeed they are already available in some CPUs:
                      https://www.intel.com/content/www/us...ology/mds.html

                      Regrettably, knowing a CPU is an i9-9900K is not enough to know whether it has them all, as stepping 13 does while stepping 12 does not:
                      ​​​​https://www.intel.com/content/www/us...-hardware.html

                      It'd be nice to think that CPUs currently in the sales channel are safe; but really, who knows?

                      Also unfortunate: the bigger the CPU's store buffers, the more data must be written to clear them. This is generally worse the newer the CPU (although Atom/Silvermont chips appear to have very small buffers, which is one reason they're comparatively slow to start with). For Broadwell, it's 1.5KB. For Skylake and above, it's 6KB, as described near the end of Intel's Deep Dive (ominous):
                      https://software.intel.com/security-...-data-sampling

                      The same document goes into the thread synchronization and quiescing required for Hyper-Threading, which has this fun nugget:

                      "If the thread in kernel state needs to access protected data, the OS should transition from state 6a or 6b [where one thread is in kernel mode, the other in user mode] to state 4 [where both are in kernel mode]. The thread in kernel state should use an interprocessor interrupt (IPI) to rendezvous the two threads in kernel state in order to transition the core to state 4."

                      So when one thread on the core has to access something the other software running simultaneously can't be allowed access to, it fires off an IPI leading to an additional user-to-kernel and subsequent kernel-to-user transition on the other (unrelated) thread - and that transition itself may have bigger costs now thanks to prior mitigations. Plus the second thread is probably idling while the first does the work it needs to do and then clears the buffers.

                      An inter-processor interrupt by itself can be expensive. Just sending it might cost 100 cycles, but if you are waiting for a response before you proceed, it could cost thousands. (This might be lessened by the fact that it's actually the same physical CPU core in this case.)

                      PostgreSQL has made great strides in parallel queries and can do a lot of disk reading (particularly if you don't have everything its own memory pool) and writing (of WAL and individual pages), so it's no surprise they are impacted heavily by the latest mitigations.
                      Last edited by GreenReaper; 18 May 2019, 09:10 PM.

                      Comment

                      Working...
                      X