IWETHEY v. 0.3.0 | TODO
1,095 registered users | 3 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Intel keeps on giving
http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

Apparently, the last decade's worth of Intel CPUs come with a flaw that can allow unprivileged processes access to kernel memory. The defect cannot be fixed with a microcode update. Instead, a workaround (disconnecting the kernel from the process memory space) has to be implemented in the OS and the cost is rather steep:
Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model.

Ouch! And replacing the battery won't help with this one...
New 17-33% hit to processing speed? This is going to hurt me
"Science is the belief in the ignorance of the experts" – Richard Feynman
New Same.
This is going to make our video rendering pipeline uglier.
Regards,
-scott
Welcome to Rivendell, Mr. Anderson.
New we have both kinds of VMs oversubscribed and thin provisioned
"Science is the belief in the ignorance of the experts" – Richard Feynman
New "Speculative Execution™" ... whazzup? with a self-parody like That. Love. It. Roll dice, croupier!
;^>
New Not just Intel: everyone gets to play with Spectre!
New has anyone looked at the source code of the linux patches to see what they are doing yet?
I havn't had time with all of the meetings but would like to take a boo to see what kind of impact to thruput it will be.
From what I have read a system call will go to a new area blocked off from user space and executed.
Looking at how they are doing that may shed some light on performance.
Been so long I dont even remember where to get the source for patches.
"Science is the belief in the ignorance of the experts" – Richard Feynman
New I wouldn't know what I was looking at
But according to the people I was reading to claim to know, this is basically throwing away all the performance gains from speculative execution, and possibly worse than that. I haven't seen anyone describe in simple terms* how to determine if your workload will be affected by that.


* Simple enough for me, that is. People who know what they're doing probably understand the summaries.
--

Drew
New I understand the summaries and I used to build drivers (a long time ago)
there is a link on redhat on
tuning the fixes
https://access.redhat.com/articles/3311301

https://access.redhat.com/articles/3307751

Measureable: 8-19% - Highly cached random memory, with buffered I/O, OLTP database workloads, and benchmarks with high kernel-to-user space transitions are impacted between 8-19%. Examples include OLTP Workloads (tpc), sysbench, pgbench, netperf (less than 256 byte), and fio (random I/O to NvME).

Modest: 3-7% - Database analytics, Decision Support System (DSS), and Java VMs are impacted less than the “Measurable” category. These applications may have significant sequential disk or network traffic, but kernel/device drivers are able to aggregate requests to moderate level of kernel-to-user transitions. Examples include SPECjbb2005, Queries/Hour and overall analytic timing (sec).

Small: 2-5% - HPC (High Performance Computing) CPU-intensive workloads are affected the least with only 2-5% performance impact because jobs run mostly in user space and are scheduled using cpu-pinning or numa-control. Examples include Linpack NxN on x86 and SPECcpu2006.

Minimal: Linux accelerator technologies that generally bypass the kernel in favor of user direct access are the least affected, with less than 2% overhead measured. Examples tested include DPDK (VsPERF at 64 byte) and OpenOnload (STAC-N). Userspace accesses to VDSO like get-time-of-day are not impacted. We expect similar minimal impact for other offloads.

NOTE: Because microbenchmarks like netperf/uperf, iozone, and fio are designed to stress a specific hardware component or operation, their results are not generally representative of customer workload. Some microbenchmarks have shown a larger performance impact, related to the specific area they stress.
"Science is the belief in the ignorance of the experts" – Richard Feynman
Expand Edited by boxley Jan. 4, 2018, 10:56:17 PM EST
New some code snippets on explaining the issue issue from google
"Science is the belief in the ignorance of the experts" – Richard Feynman
New A site with lots of information about the two flaws, links to vendor info, etc.
New Patch source
https://lkml.org/lkml/2017/12/4/709

I haven't had the chance yet to take a look (too much snow to shovel ;-)
New Given the accelerating, historical skull-buggery of the species, immanent-in and causal
of its daily destructive behavior of all descriptions, often from sheer/random perversity:

Could THIS monumental clusterfuck--of the very machines via which we share our fanciful musings--signify an authentic Insight? from..
a work of fiction which most here are apt to recall
ie the closing quip from the Wopper-machine 'spoken' to its creators, in War Games,

The only way to win this game is ..not to play at all.

I. Mean. given the now huge numbers of marvelously techno-ept who can easily grok-to-fullness the implications of (say, all those machines piloted by millions of non-techno folks)
and the inevitable lengthy delays before %some, many?--having no option but to apply the coming mondo-Patches as warned-they-Must--get around to it:
Is this event an authentic harbinger of the final-Limits to many of the degrees-of-freedom thus far achieved in today's Internet?
Shall it prove impossible--ever!--to achieve-for very long--a near bulletproof Internet II ??

(I recall years ago some comments here re "Internet (-II ? or similar) but the topic seems to have faded and searching several variants of
"Is a New Internet model in planning stages?" drew only peripheral/larger-Scale topics as in) http://www.iep.utm.edu/s-change/

I expect that some thousands of folk have similar thoughts catalyzed by the current Clusterfuck. Does anyone here--even imagine that
--a "Net" of this unprecedented worldwide Scale ever Could be made "near-bulletproof"?



Carrion
(We all realize that there exist no mathematical-Proofs here, for Reasons touched upon in some recent posts here.
And Alan Turing was killed-off by pecksniff blighters from Blighty. ... Etc.)
New Was it accident or malice?
If this was an accident, then "Can we build a secure internet?" is the right question.

If, as several people have speculated, this was in fact an intentional back door, then the right question is, "*Will* we create a secure internet?"
--

Drew
New Most of the informed speculation I've seen seems to lean toward "accident".
Then again, you could of course question how much of an accident such an accident is: It's always a product of the circumstances and environment it happens in and the forces which shape that environment.

Like "greed for speed" (which expands into greed --> competitive pressure to sell --> speed as sales argument); engineering machismo; corporate structures which reward "performance" (of staff) over honesty, leading to rush jobs and possibly cover-ups (first internal, then external), etc etc.

We've pretty much designed our economies and societies -- or at least allowed them to evolve -- that way, so we've only got ourselves to blame. In the sense of "Nope, this wasn't really an accident; it was 'an accident' waiting to happen, and you knew (or should have known) it."

(Like so much else, from climate change and oceans of plastic, via black lives not mattering to the police and lead in the water, to Trump and Roy Moore. None of them really "accidents", are they?)
--
Christian R. Conrad
Same old username (as above), but now on iki.fi

(Yeah, yeah, it redirects to the same old GMail... But just in case I ever want to change.)
New Oh, who wants "informed" speculation ... I'll take the good old "wild" myself
--

Drew
New This.
What are the incentives? Cui bono?

If security is valued less than speed/efficiency/cost then things will be less secure.

It's good that the more serious one is more difficult to exploit. And it's good that things like this (might?) make designers take security more seriously. But it's hard to believe that the three-letter agencies won't continue to demand/find flaws in our electronics and communications systems. It is their job, after all...

Just my $0.02. I have no special knowledge.

Cheers,
Scott.
New No, that's not their job
Their job is to make "our" stuff more secure while finding ways to exploit "their" stuff. Look at what they're trying to exploit to determine who they view as "us" and "them".
--

Drew
New But "our" stuff _i_s_ "their" stuff nowadays.
Did that Elbrus processor thingy ever take off? Don't think so, haven't heard of it for... A decade or so? (Except the name popped up somewhere the other day, probably in a rhetorical question like this, otherwise I wouldn't even have remembered it to mention here.)

So, assuming every PC in Russia isn't running on an Elbrus or something, they use the same Intel (and some AMD) and variosly-branded ARMs as everyone else. If anyone doesn't, it might be the Chinese, but I'm guessing the situation is pretty much the same there, too. More domestic ARM cloners than in Russia, probably.

So finding or inserting backdoors in "our" stuff is inserting backdoors in "their" stuff.
--
Christian R. Conrad
Same old username (as above), but now on iki.fi

(Yeah, yeah, it redirects to the same old GMail... But just in case I ever want to change.)
New Perspicuous fork, there
Just maybe.. also too, others who suspect the typical devious-$or Power-oriented options will persevere in er, Niti Niti [not This.. not-That..] Should no Mc Guffins be spotted
by all who serve that pursuit, mayhap we can rest on laurels/thus on piecemeal polishing of existing implementations as now.

Still, given the likely irreversible trend --> Weaponizing abso-fucking-lutely every object in sight, does it not seem foolish to put off truly sufficient funding of
Intarweb-the-Second, post-haste? Just in Case some Clever-Lad arabesque over-night, should render the current house-of-cards instantly useless. 😈



Were I elected Dictator-post-Drumpf ...
New Some more benchmarks
https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2

ffmpeg not slowed, which is good for us. PostgreSQL 10-20% slowed, which is bad for us.
Regards,
-scott
Welcome to Rivendell, Mr. Anderson.
New Once again, die intel die!
Alex

"There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge."

-- Isaac Asimov
New Once again.. we'unses placed Too-Many eggs in one human-flawed basket.
New And AMD, and Apple, and POWER...
     Intel keeps on giving - (scoenye) - (23)
         17-33% hit to processing speed? This is going to hurt me -NT - (boxley) - (2)
             Same. - (malraux) - (1)
                 we have both kinds of VMs oversubscribed and thin provisioned -NT - (boxley)
         "Speculative Execution™" ... whazzup? with a self-parody like That. Love. It. Roll dice, croupier! - (Ashton)
         Not just Intel: everyone gets to play with Spectre! -NT - (pwhysall)
         has anyone looked at the source code of the linux patches to see what they are doing yet? - (boxley) - (5)
             I wouldn't know what I was looking at - (drook) - (3)
                 I understand the summaries and I used to build drivers (a long time ago) - (boxley) - (2)
                     some code snippets on explaining the issue issue from google - (boxley) - (1)
                         A site with lots of information about the two flaws, links to vendor info, etc. - (Another Scott)
             Patch source - (scoenye)
         Given the accelerating, historical skull-buggery of the species, immanent-in and causal - (Ashton) - (7)
             Was it accident or malice? - (drook) - (6)
                 Most of the informed speculation I've seen seems to lean toward "accident". - (CRConrad) - (4)
                     Oh, who wants "informed" speculation ... I'll take the good old "wild" myself -NT - (drook)
                     This. - (Another Scott) - (2)
                         No, that's not their job - (drook) - (1)
                             But "our" stuff _i_s_ "their" stuff nowadays. - (CRConrad)
                 Perspicuous fork, there - (Ashton)
         Some more benchmarks - (malraux)
         Once again, die intel die! -NT - (a6l6e6x) - (2)
             Once again.. we'unses placed Too-Many eggs in one human-flawed basket. -NT - (Ashton)
             And AMD, and Apple, and POWER... -NT - (pwhysall)

APOD is cool today.
228 ms