meltdown and spectre bug

Here you can discuss things that are not directly related to running or using XBMC4XBOX.
Post Reply
User avatar
professor_jonny
Posts: 1296
Joined: Thu Jul 05, 2012 5:41 am
Location: New Zealand
Has thanked: 66 times
Been thanked: 196 times

meltdown and spectre bug

Post by professor_jonny »

Has any one herd about the meltdown and spectre exploits that have popped up recently ?
looks like it is quite serious bug that effects generations of intel, arm and possibly amd processors enabling access to other apps memory pools.
This basically means an app could look at all other apps memory including passwords and any other sensitive data.

There are patches available for most operating systems but there are compatibilit issues with virus software under windows be sure to update your virus software so the ms patch will be applied.

See this doc for current compatibility with windows antivirus software:
https://docs.google.com/spreadsheets/d/ ... true#gid=0

more info here:
https://meltdownattack.com/
Coldly-Indifferent
Posts: 436
Joined: Thu Mar 19, 2015 4:01 am
Has thanked: 74 times
Been thanked: 56 times

Re: meltdown and spectre bug

Post by Coldly-Indifferent »

The question I'm asking is why these apparently serious flaws not been spotted before? I've seen articles which say they affect almost any CPU likely to have been manufactured in the last 10 years or more. I'm probably being overly cynical but I'd be looking for evidence that these problems were actually known about long ago and just not addressed for the usual reason: cost.

But, once found, why on earth have they been so stupidly widely advertised? Hasn't the already suspect computer security industry only compounded the risk by allowing news of these flaws to leak? Instead of keeping quiet, creating a trouble free patch ASAP and releasing that fix everyone and their grandmother knows about them.

There's nothing the average PC user can do about it until it is properly patched and yet now on every forum around the world like this you suddenly have millions of people wringing their hands in fear about a security problem they have been living with for possibly as long as a decade but blithely unaware.
Last edited by Coldly-Indifferent on Tue Jan 09, 2018 1:58 pm, edited 1 time in total.
User avatar
professor_jonny
Posts: 1296
Joined: Thu Jul 05, 2012 5:41 am
Location: New Zealand
Has thanked: 66 times
Been thanked: 196 times

Re: meltdown and spectre bug

Post by professor_jonny »

problem is the patch will slow down branch prediction by aprox 15-20 % from my rough tests, it is really quite damaging in honesty.

it seems that amd does not have all of the bugs identified but some os's are applying all patches penalising their performance.

we may see it time microcode updates drizzled down onto bios updates but sadly there is a lot of hardware out there with these bugs that will never get patched and a lot of software that will not get patched too.

it was found and released months ago by a project called google project zero they reported this issue to Intel, AMD and ARM on 2017-06-01 way before it became publically available.
User avatar
Dan Dar3
Posts: 1176
Joined: Sun Jul 08, 2012 4:09 pm
Has thanked: 273 times
Been thanked: 257 times
Contact:

Re: meltdown and spectre bug

Post by Dan Dar3 »

Microsoft published some benchmarking results:
https://cloudblogs.microsoft.com/micros ... s-systems/
Performance

One of the questions for all these fixes is the impact they could have on the performance of both PCs and servers. It is important to note that many of the benchmarks published so far do not include both OS and silicon updates. We’re performing our own sets of benchmarks and will publish them when complete, but I also want to note that we are simultaneously working on further refining our work to tune performance. In general, our experience is that Variant 1 and Variant 3 mitigations have minimal performance impact, while Variant 2 remediation, including OS and microcode, has a performance impact.

Here is the summary of what we have found so far:
  • With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.
  • With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
  • With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
  • Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.
For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation. Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel. We will publish data on benchmark performance in the weeks ahead.
Post Reply