'Kernel memory leaking' Intel processor design flaw will lead to slower servers

doublethinker

doublethinker

Joined
Apr 5, 2017
Messages
133
Likes
90
Degree
0
Intel royally screwed up, and any fix will incur hit on performance. That means that as server hosts receive the updates, VPS'es that on DigitalOcean, Vultur, Linode, Amazon EC2, Google Compute Engine, OVH and more could end up being between 5-30% slower. Here are some initial benchmarks (second page).

This is the fuck up of a decade. It seems that virtually all Intel products are affected. If you want out, you will need to find a server host that uses AMD or ARM processors.

Though I would be pleasantly surprised at the goodwill of any server hosts that will make up for the difference, not holding my breath. Those that need the performance will have to upgrade or upgrade to maintain service reliability.

Will you be affected by this? What will you do? Are there even server hosts that use AMD?

I use DigitalOcean for serving static websites, and a few forums- nothing too intensive or critical. My other software business that is more affected by this runs primarily on Scaleway's ARM64 and 1/3 on x86 so I'm not too affected by this.

No Intel gadgets until this is resolved in newer chips though, a bit of a bummer.

Source: https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
 
Last edited:
(Edit: Merged in by Moderator)

For those who don't follow compusec on a regular basis, there is some pretty bad news out there.

There is a major bug in all current Intel chips that allows an attacker to exploit any system. If that sounds bad, it is. Like as bad as it gets bad. I don't know that we've see something this bad in a long time.

This bug is currently being patched on all OSs, but the embargo is going to be lifted tomorrow it sounds like. Not all details are known, and early benchmarks have started to appear. This really affects server workloads heavily, causing anywhere from 5% to 50% lower performance (redis and postgres where tested). It comes down to how many system calls the program makes.

Early benchmarks for gaming on Linux showed no impact whatsoever, so this may not be that bad for desktop and office users.

AMD is not effected but may still get caught up in this because significant reworking of how the OSs will work. Have to wait and see what happens.

Windows is allegedly having an emergency patch Friday, Linux patches are heavily in the works, and MacOS no idea.

Your servers and desktop will need to be patched and rebooted when the patches drop. So if you do your own maintenance make sure you are on top of it this week.

____

Seems MacOS 10.13.2 has this patched.

https://twitter.com/aionescu/status/948609809540046849

____

And someone has already figured out how to exploit this with just basic details.

https://twitter.com/brainsmoke/status/948561799875502080
 
I don't know that I've seen a host who uses AMD, I'm sure they exist but they are likely the minority considering AMD hasn't got competitive until recently.

Needless to say this is going to hurt a bit and cause some chaos. Very good for AMD, very bad for Intel.
 
I was reading about the Intel CEO last night. That has to amount to insider trading, right?

I'm wondering if this has any relation to the backdoors they were creating for the CIA and NSA, too.

It's way above my head but I was reading about how this allowed software on the public facing side to access information in the kernels, such as keychain passwords and all that, and the fix will require there to be two page tables now instead of one, which is what will cause the slow down. I'm sure I butchered that explanation too.
 
Ryuzaki said:
I was reading about the Intel CEO last night. That has to amount to insider trading, right?
Click to expand...

You'd think so but there also seems ways around this. From my understanding the CEO can constantly just setup up to sell a certain amount of stock, and then cancel it at any time. In theory you could always have a revolving door of sells that where placed months prior and if nothing happens, or the stock goes up you just cancel these sells. If it seems like the price will go down, well you already have a sell ready to execute.

___

Google says disclosure date is the 9th. Not sure if that means their technical writeup will be released or the embargo is lifted.
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

___

Windows 10 patch has dropped:
https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892

___

Official bug site has been released, attacks are called Meltdown and Spectre.
https://meltdownattack.com/

Also even though Windows patch notes are out, it doesn't seem downloadable yet.
 
Rageix said:
Needless to say this is going to hurt a bit and cause some chaos. Very good for AMD, very bad for Intel.
Click to expand...

I don't think AMD will get a significant boost from this. Reports to tie Meltdown and Spectre so tightly together and the general public (that I've seen) seem to absorb the news as all the chip makers being affected.

In fact, it seems that while the Meltdown patch will have detrimental effects on performance (Intel only), Spectre fixes will likely see negligible (if any) performance hits. Unless AMD starts throwing some serious Samsung-style marketing shade at Intel, it would be hard to sway the consumer market. As it is, sifting through the news was confusing enough for me.

Server hosts might start considering investing on AMD servers now that it's (recently) started to enter the market, but it will take a while for it to be an option for users. Not an immediately visible effect.

The only real player in the field with readily available servers for users to swap over are ARM servers. The Cavium ThunderX ARM servers are already in the market and are available as options via Scaleway and Packet.net. These don't seem to be affected by either bugs, and the Scaleway options had incredible value for the price already. This shitshow puts them through the roof, albeit by bringing others down.

No concrete news from major server providers yet besides "We know".
 
doublethinker said:
I don't think AMD will get a significant boost from this. Reports to tie Meltdown and Spectre so tightly together and the general public (that I've seen) seem to absorb the news as all the chip makers being affected.
Click to expand...

I think you're right from the general consumer perspective, not much will change. It doesn't really cause enough chaos to normal users. I personally will look more towards AMD in the future, but I consider myself a power user, but people like me are few number. So I probably have maybe a little more of a skewed outlook to it.

I would guess that people who run a lot of servers, and buy lots of Intel chips are going to divest more if possible. I might not be earth shattering shit but it does give AMD a good way in to server farms / cloud computing at least until Intel releases updated hardware fixing the issue, which you would guess would be at least a year or two, if they do it at all. If AMD does better that means there's more competition and that's great for everyone.
 
Window's Meltdown patch is bricking AMD computers and they're blaming AMD's 'faulty documentation':
https://www.engadget.com/2018/01/09/microsoft-halts-meltdown-spectre-amd-patches/

They've halted the patches for Meltdown and Spectre to comps with AMD processors. They said that certain AMD processors don't match what's in the documentation. I don't know though, I don't trust Microsoft or Windows at all once they started passing out the Windows 10 botnet for free. This smells like corporate sabotage to a degree *tinfoil hat*
 
From what I'm seeing it's for fairly old AMD processors (originally released in 2007). Mostly:
  • AMD Sempron 3200+
  • AMD Athlon 64 X2 5200+
  • AMD Athlon 64 X2 6000+
Honest mistakes happen in dev work, especially when the work like this is complex and effects so many end users. I don't know that I would read too much into it.
 
You must log in or register to reply here.
Back