Post #422,013
1/2/18 9:34:39 PM
1/2/18 9:34:39 PM
|
Intel keeps on giving
http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/Apparently, the last decade's worth of Intel CPUs come with a flaw that can allow unprivileged processes access to kernel memory. The defect cannot be fixed with a microcode update. Instead, a workaround (disconnecting the kernel from the process memory space) has to be implemented in the OS and the cost is rather steep: Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. Ouch! And replacing the battery won't help with this one...
|
Post #422,014
1/2/18 10:46:24 PM
1/2/18 10:46:24 PM
|
17-33% hit to processing speed? This is going to hurt me
"Science is the belief in the ignorance of the experts" – Richard Feynman
|
Post #422,024
1/3/18 3:47:42 PM
1/3/18 3:47:42 PM
|
Same.
This is going to make our video rendering pipeline uglier. Regards,
-scott
Welcome to Rivendell, Mr. Anderson.
|
Post #422,031
1/3/18 6:30:29 PM
1/3/18 6:30:29 PM
|
we have both kinds of VMs oversubscribed and thin provisioned
"Science is the belief in the ignorance of the experts" – Richard Feynman
|
Post #422,047
1/4/18 4:32:05 PM
1/4/18 4:32:05 PM
|
"Speculative Execution™" ... whazzup? with a self-parody like That. Love. It. Roll dice, croupier!
|
Post #422,049
1/4/18 4:53:31 PM
1/4/18 4:53:31 PM
|
Not just Intel: everyone gets to play with Spectre!
|
Post #422,053
1/4/18 10:28:50 PM
1/4/18 10:28:50 PM
|
has anyone looked at the source code of the linux patches to see what they are doing yet?
I havn't had time with all of the meetings but would like to take a boo to see what kind of impact to thruput it will be.
From what I have read a system call will go to a new area blocked off from user space and executed.
Looking at how they are doing that may shed some light on performance.
Been so long I dont even remember where to get the source for patches. "Science is the belief in the ignorance of the experts" – Richard Feynman
|
Post #422,054
1/4/18 10:49:08 PM
1/4/18 10:49:08 PM
|
I wouldn't know what I was looking at
But according to the people I was reading to claim to know, this is basically throwing away all the performance gains from speculative execution, and possibly worse than that. I haven't seen anyone describe in simple terms* how to determine if your workload will be affected by that.
* Simple enough for me, that is. People who know what they're doing probably understand the summaries.
|
Post #422,056
1/4/18 10:54:52 PM
1/4/18 10:56:17 PM
|
I understand the summaries and I used to build drivers (a long time ago)
there is a link on redhat on tuning the fixes https://access.redhat.com/articles/3311301https://access.redhat.com/articles/3307751 Measureable: 8-19% - Highly cached random memory, with buffered I/O, OLTP database workloads, and benchmarks with high kernel-to-user space transitions are impacted between 8-19%. Examples include OLTP Workloads (tpc), sysbench, pgbench, netperf (less than 256 byte), and fio (random I/O to NvME). Modest: 3-7% - Database analytics, Decision Support System (DSS), and Java VMs are impacted less than the “Measurable” category. These applications may have significant sequential disk or network traffic, but kernel/device drivers are able to aggregate requests to moderate level of kernel-to-user transitions. Examples include SPECjbb2005, Queries/Hour and overall analytic timing (sec). Small: 2-5% - HPC (High Performance Computing) CPU-intensive workloads are affected the least with only 2-5% performance impact because jobs run mostly in user space and are scheduled using cpu-pinning or numa-control. Examples include Linpack NxN on x86 and SPECcpu2006. Minimal: Linux accelerator technologies that generally bypass the kernel in favor of user direct access are the least affected, with less than 2% overhead measured. Examples tested include DPDK (VsPERF at 64 byte) and OpenOnload (STAC-N). Userspace accesses to VDSO like get-time-of-day are not impacted. We expect similar minimal impact for other offloads. NOTE: Because microbenchmarks like netperf/uperf, iozone, and fio are designed to stress a specific hardware component or operation, their results are not generally representative of customer workload. Some microbenchmarks have shown a larger performance impact, related to the specific area they stress. "Science is the belief in the ignorance of the experts" – Richard Feynman
Edited by boxley
Jan. 4, 2018, 10:56:17 PM EST
|
Post #422,057
1/4/18 11:00:02 PM
1/4/18 11:00:02 PM
|
some code snippets on explaining the issue issue from google
"Science is the belief in the ignorance of the experts" – Richard Feynman
|
Post #422,058
1/4/18 11:15:17 PM
1/4/18 11:15:17 PM
|
A site with lots of information about the two flaws, links to vendor info, etc.
|
Post #422,066
1/5/18 10:37:53 AM
1/5/18 10:37:54 AM
|
Patch source
|
Post #422,060
1/5/18 3:06:53 AM
1/5/18 3:06:53 AM
|
Given the accelerating, historical skull-buggery of the species, immanent-in and causal
of its daily destructive behavior of all descriptions, often from sheer/random perversity: Could THIS monumental clusterfuck--of the very machines via which we share our fanciful musings--signify an authentic Insight? from.. a work of fiction which most here are apt to recall ie the closing quip from the Wopper-machine 'spoken' to its creators, in War Games,The only way to win this game is ..not to play at all.I. Mean. given the now huge numbers of marvelously techno-ept who can easily grok-to-fullness the implications of (say, all those machines piloted by millions of non-techno folks) and the inevitable lengthy delays before %some, many?--having no option but to apply the coming mondo-Patches as warned-they-Must--get around to it: Is this event an authentic harbinger of the final-Limits to many of the degrees-of-freedom thus far achieved in today's Internet? Shall it prove impossible--ever!--to achieve-for very long--a near bulletproof Internet II ??(I recall years ago some comments here re "Internet (-II ? or similar) but the topic seems to have faded and searching several variants of "Is a New Internet model in planning stages?" drew only peripheral/larger-Scale topics as in) http://www.iep.utm.edu/s-change/I expect that some thousands of folk have similar thoughts catalyzed by the current Clusterfuck. Does anyone here--even imagine that --a "Net" of this unprecedented worldwide Scale ever Could be made "near-bulletproof"?
Carrion (We all realize that there exist no mathematical-Proofs here, for Reasons touched upon in some recent posts here. And Alan Turing was killed-off by pecksniff blighters from Blighty. ... Etc.)
|
Post #422,061
1/5/18 9:17:56 AM
1/5/18 9:17:56 AM
|
Was it accident or malice?
If this was an accident, then "Can we build a secure internet?" is the right question.
If, as several people have speculated, this was in fact an intentional back door, then the right question is, "*Will* we create a secure internet?"
|
Post #422,063
1/5/18 9:54:59 AM
1/5/18 9:54:59 AM
|
Most of the informed speculation I've seen seems to lean toward "accident".
Then again, you could of course question how much of an accident such an accident is: It's always a product of the circumstances and environment it happens in and the forces which shape that environment.
Like "greed for speed" (which expands into greed --> competitive pressure to sell --> speed as sales argument); engineering machismo; corporate structures which reward "performance" (of staff) over honesty, leading to rush jobs and possibly cover-ups (first internal, then external), etc etc.
We've pretty much designed our economies and societies -- or at least allowed them to evolve -- that way, so we've only got ourselves to blame. In the sense of "Nope, this wasn't really an accident; it was 'an accident' waiting to happen, and you knew (or should have known) it."
(Like so much else, from climate change and oceans of plastic, via black lives not mattering to the police and lead in the water, to Trump and Roy Moore. None of them really "accidents", are they?) --
Christian R. Conrad
Same old username (as above), but now on iki.fi(Yeah, yeah, it redirects to the same old GMail... But just in case I ever want to change.)
|
Post #422,068
1/5/18 10:48:56 AM
1/5/18 10:48:56 AM
|
Oh, who wants "informed" speculation ... I'll take the good old "wild" myself
|
Post #422,069
1/5/18 10:51:09 AM
1/5/18 10:51:09 AM
|
This.
What are the incentives? Cui bono?
If security is valued less than speed/efficiency/cost then things will be less secure.
It's good that the more serious one is more difficult to exploit. And it's good that things like this (might?) make designers take security more seriously. But it's hard to believe that the three-letter agencies won't continue to demand/find flaws in our electronics and communications systems. It is their job, after all...
Just my $0.02. I have no special knowledge.
Cheers,
Scott.
|
Post #422,072
1/5/18 11:54:41 AM
1/5/18 11:54:41 AM
|
No, that's not their job
Their job is to make "our" stuff more secure while finding ways to exploit "their" stuff. Look at what they're trying to exploit to determine who they view as "us" and "them".
|
Post #422,103
1/8/18 4:31:45 AM
1/8/18 4:31:45 AM
|
But "our" stuff _i_s_ "their" stuff nowadays.
Did that Elbrus processor thingy ever take off? Don't think so, haven't heard of it for... A decade or so? (Except the name popped up somewhere the other day, probably in a rhetorical question like this, otherwise I wouldn't even have remembered it to mention here.)
So, assuming every PC in Russia isn't running on an Elbrus or something, they use the same Intel (and some AMD) and variosly-branded ARMs as everyone else. If anyone doesn't, it might be the Chinese, but I'm guessing the situation is pretty much the same there, too. More domestic ARM cloners than in Russia, probably.
So finding or inserting backdoors in "our" stuff is inserting backdoors in "their" stuff. --
Christian R. Conrad
Same old username (as above), but now on iki.fi(Yeah, yeah, it redirects to the same old GMail... But just in case I ever want to change.)
|
Post #422,079
1/6/18 1:04:22 AM
1/6/18 1:04:22 AM
|
Perspicuous fork, there
Just maybe.. also too, others who suspect the typical devious-$or Power-oriented options will persevere in er, Niti Niti [not This.. not-That..] Should no Mc Guffins be spotted
by all who serve that pursuit, mayhap we can rest on laurels/thus on piecemeal polishing of existing implementations as now.
Still, given the likely irreversible trend --> Weaponizing abso-fucking-lutely every object in sight, does it not seem foolish to put off truly sufficient funding of
Intarweb-the-Second, post-haste? Just in Case some Clever-Lad arabesque over-night, should render the current house-of-cards instantly useless. 😈
Were I elected Dictator-post-Drumpf ...
|
Post #422,071
1/5/18 11:09:48 AM
1/5/18 11:09:48 AM
|
Some more benchmarks
Regards,
-scott
Welcome to Rivendell, Mr. Anderson.
|
Post #422,080
1/6/18 3:04:34 PM
1/6/18 3:04:34 PM
|
Once again, die intel die!
Alex
"There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge."
-- Isaac Asimov
|
Post #422,083
1/6/18 4:30:15 PM
1/6/18 4:30:15 PM
|
Once again.. we'unses placed Too-Many eggs in one human-flawed basket.
|
Post #422,132
1/9/18 1:53:06 PM
1/9/18 1:53:06 PM
|
And AMD, and Apple, and POWER...
|
