Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Intel Windows IT Technology

Intel Says Chip-Security Fixes Leave PCs No More Than 10% Slower (axios.com) 276

Intel trying to defuse concern that fixes to widespread chip security vulnerabilities will slow computers, released test results late Wednesday showing that personal computers won't be affected much and promised more information on servers. From a report: The chipmaker published a table of data showing that older processors handled typical tasks 10 percent slower at most, after being updated with security patches. The information covered three generations of processors, going back to 2015, running Microsoft's Windows 10 and Windows 7 computer operating systems. Further reporting: Intel, Microsoft offer differing views on impact of chip flaw
This discussion has been archived. No new comments can be posted.

Intel Says Chip-Security Fixes Leave PCs No More Than 10% Slower

Comments Filter:
  • by Anonymous Coward on Thursday January 11, 2018 @01:09PM (#55909071)

    Intel was knowingly breaking security to make their crap seem faster.

    • by aliquis ( 678370 )

      Even with this change FX wouldn't become faster.

      I also assume it wasn't supposed to have these consequences when designed.

      • by Anonymous Coward on Thursday January 11, 2018 @02:00PM (#55909551)

        They were told about it over 20 years ago, by the very people who were most likely to exploit it before it became public knowledge...

        On 8 May 1995, a paper called "The Intel 80x86 Processor Architecture: Pitfalls for Secure Systems" published at the 1995 IEEE Symposium on Security and Privacy warned against covert timing channel in CPU cache and translation lookaside buffer (TLB).[23] This analysis was performed under the auspices of the National Security Agency's Trusted Evaluation Program (TPEP).

    • Even faster if you don't use rigged benchmarks and compilers!

    • Intel was knowingly breaking security to make their crap seem faster.

      Branch prediction doesn't seem faster. It is faster.

      • by HiThere ( 15173 ) <.charleshixsn. .at. .earthlink.net.> on Thursday January 11, 2018 @09:08PM (#55912439)

        Both chips did branch prediction, AMD just checked address validity before the speculative execution rather than afterwards. This allowed Intel chips to be faster at executing the code by ignoring certain (apparently known) security problems.

        But whether it was actually faster or not can be disputed, because Intel is also known to have gamed compilers to disadvantage AMD. In that case they made the AMD chips seem slower by cheating. The question is how many of the benchmarks were done with the altered compilers. And this is where the accusation that Intel made their chips *seem* faster gains validity.

  • by Anonymous Coward on Thursday January 11, 2018 @01:22PM (#55909197)

    These people lied about every aspect of each of these major vulnerabilities. 10% is whatever, that's bad but worse is that NOBODY CAN TRUST INTEL WHATSOEVER, and they are the market leader.

    Their obfuscation of the meltdown issue is unreasonably bad management, and their CEO sold a ton of shares right as the company secretly found out a year ago? The combination is absolutely toxic.

    Clean house or watch it burn.

  • Older Chips? (Score:4, Informative)

    by gettin2old ( 5221625 ) on Thursday January 11, 2018 @01:24PM (#55909233)

    According to their chart, he oldest CPU they tested is 2.5 years old. Giving that some more proactive businesses have a 3+ year retention rate on hardware, "older" is hardly the word i'd use.

    • I noticed the same thing. Just the other week I was marveling at how hardware had finally slowed down on the rate of increase (I don't think things have been doubling in speed every 18 months for quite a while now). My gaming computer was built in 2011 when Skyrim came out, and it can still run the majority of games today at very reasonable levels. So I see the article testing chips that were made in 2015 wondering if everyone else is still trying to upgrade every couple years or so. I've got an i5-2500

    • I noticed the same thing. I still have a perfectly viable i7 quad-core (gaming) laptop from c.2010. No CPU patch for me?!

      Since there currently aren't processors (from Intel) that correctly handle BOTH issues - why should I upgrade my old PC? I'd be paying money to buy a defective product - and waiting years for a better one to come along. If anything I'll wait for "next year" and CPUs that have circuitry to better handle the work-around. Video cards have the same problem!

      On the other hand - I'll realisti

      • Since there currently aren't processors (from Intel) that correctly handle BOTH issues - why should I upgrade my old PC?

        Obviously, you should upgrade to AMD because mitigation is cheap and they have been more scrupulous than Intel all along.

  • by Hal_Porter ( 817932 ) on Thursday January 11, 2018 @01:28PM (#55909261)

    I.e. the 6700K.

    I.e. all the chips have PCID

    It's a bit hazy when PCID and INVPCID became supported.

    This says PCID was first supported in Westmere

    https://www.realworldtech.com/... [realworldtech.com]

    Another long overdue improvement to the page tables is the Processor Context ID (PCID). The PCID is a field in each TLB entry that associates a given page to a process. Previously, Intel's TLB could only contain entries from a single process and whenever the CR3 register was written (e.g. a context switch), the TLB was flushed. The PCID lets pages from different processes safely inhabit the TLB together, so that CR3 writes no longer flush the TLB. Whenever a process tries to access a page in memory, the PCID is checked to determine whether the page is actually mapped into the process' address space; if the PCID does not match then a TLB miss occurred. This is very much analogous to Intel's VPID, which enables the TLB to contain pages from different virtual machines and avoid TLB flushes during VM transitions.

    The LWN patch says

    http://lkml.iu.edu/hypermail/l... [iu.edu]

    PCIDs are generally available on Sandybridge and newer CPUs. However,
    the accompanying INVPCID instruction did not become available until
    Haswell (the ones with "v4", or called fourth-generation Core). This
    instruction allows non-current-PCID TLB entries to be flushed without
    switching CR3 and global pages to be flushed without a double
    MOV-to-CR4.

    I.e. it'd be interesting to see what happens on a CPU old enough not to support enough of PCID/INVPCID to optimized KPTI.

    The claims of >10% hits are all for these old CPUs.

    • by e r ( 2847683 ) on Thursday January 11, 2018 @02:01PM (#55909569)
      So this now puts Intel chips right in line with AMD's Ryzen per-core performance... except Ryzen costs less and delivers more cores.
      I wish I'd bought AMD stock two years ago...
      • At most, Intel will adjust prices downward to compensate for the performance delta.

        This single event isn't enough to turn AMD's fortunes around. AMD's financial woes cut far deeper than a single quarter or even an entire year can fix.

      • I wish I'd bought AMD stock two years ago...

        Neither AMD nor Intel stock price has moved much after the Meltdown/Spectre news. It looks like Intel's propaganda machine is running on AMD.

      • amd is just as effected as intel on this. the first issue no but all chips are weak to the second even newer 64bit arm
    • by Hal_Porter ( 817932 ) on Thursday January 11, 2018 @02:03PM (#55909603)

      Interesting thing is that PCID predates INVPCID. And you can get some of the effects of an INVPCID on a processor which only supports PCID.

      I.e.

      http://forum.osdev.org/viewtop... [osdev.org]

      MOV to CR3. The behavior of the instruction depends on the value of CR4.PCIDE:

      If CR4.PCIDE = 0, the instruction invalidates all TLB entries associated with PCID 000H except those for global pages. It also invalidates all entries in all paging-structure caches associated with PCID 000H.

      If CR4.PCIDE = 1 and bit 63 of the instructionâ(TM)s source operand is 0, the instruction invalidates all TLB entries associated with the PCID specified in bits 11:0 of the instructionâ(TM)s source operand except those for global pages. It also invalidates all entries in all paging-structure caches associated with that PCID. It is not required to invalidate entries in the TLBs and paging-structure caches that are associated with other PCIDs.

      If CR4.PCIDE = 1 and bit 63 of the instructionâ(TM)s source operand is 1, the instruction is not required to invalidate any TLB entries or entries in paging-structure caches.

      See
      https://www.intel.com/content/... [intel.com] page 145

      This chap tried it, and apparently it works

      http://www.dumais.io/index.php... [dumais.io]

      I.e. with bit 63 and 0:11 set to PCID a write to CR3 works like INVPCID in processors which don't have INVPCID.

      This actually makes a difference. My 2012 Macbook pro has a

      machdep.cpu.brand_string: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
      machdep.cpu.features: FPU VME DE PSE TSC MSR PAE MCE CX8 APIC SEP MTRR PGE MCA CMOV PAT PSE36 CLFSH DS ACPI MMX FXSR SSE SSE2 SS HTT TM PBE SSE3 PCLMULQDQ DTES64 MON DSCPL VMX EST TM2 SSSE3 CX16 TPR PDCM SSE4.1 SSE4.2 x2APIC POPCNT AES PCID XSAVE OSXSAVE TSCTMR AVX1.0 RDRAND F16C

      I.e. assuming the patches know the bit 63 set in writes to cr3 trick, they should be able to do page table invalidation per PCID even on rather old chips.

      It looks like KAISER on Linux supports/will support this

      https://github.com/nathanchanc... [github.com]

      https://lkml.org/lkml/2017/11/... [lkml.org] [currently down(!) but the title is "Subject [PATCH 4/6] x86/mm/kaiser: Support PCID without INVPCID"]

  • huh? (Score:4, Interesting)

    by jbmartin6 ( 1232050 ) on Thursday January 11, 2018 @01:29PM (#55909267)
    Is 10 percent "at most" supposed to be reassuring?
    • by gfxguy ( 98788 )

      I work in computer graphics.... the impact of a render farm running 10% slower is HUGE.

    • Considering most of the last 10 years each generation of chip has brought about 5% more performance, I'd say 10% is a horrible loss in performance.

      And once you're at the more expensive part of the price/performance curve, that extra 10% performance costs a fortune .

      10% is actually a lot worse than I'd expected.
      • by jwhyche ( 6192 ) on Thursday January 11, 2018 @04:28PM (#55910877) Homepage

        I doubt that most users would even notice a 10% difference. I've applied all the appropriate patches and I haven't noticed any difference in performance. Still that being said, I didn't pay for 90% performance. I paid for 100% performance, and I expect to have it.

        I switched from AMD to Intel for this cycles build. I'm starting to rethink that.

        • people dont get that 10% will only be for certen use cases sense most games are not cpu heavy you probably wont see any difference at all.
    • by jwhyche ( 6192 ) on Thursday January 11, 2018 @04:21PM (#55910793) Homepage

      How about we demand a 10% refund on our chips? I wonder how that would fly. I think replacement would be a better offer though.

      • How about we demand a 10% refund on our chips? I wonder how that would fly. I think replacement would be a better offer though.

        I don't think a 10% refund covers it. Depending on how cutting edge your processor was when you bought it, you may have paid a pretty steep premium to get an extra 10% performance vs lower speed processors. If you look through the chart, small performance differences can have huge costs associated with them.

        https://www.cpubenchmark.net/h... [cpubenchmark.net]

  • https://newsroom.intel.com/edi... [intel.com]
    https://newsroom.intel.com/wp-... [intel.com]
    i7 8700K Windows 10 SSD
    SYSMark 2014 SE Responsiveness 88%

    So even then it's a larger impact than 10%. On the latest processor. But the system used had their 600p SSD which is really slow. How about the 960 Pro or their Optane stuff?

    As for what the responsiveness test actually test I don't know (may be possible to google that) but file-performance and virtualization may be worse.

    There will be cases where the impact is beyond 10%, a 10% average

  • That is huge (Score:5, Insightful)

    by 110010001000 ( 697113 ) on Thursday January 11, 2018 @01:30PM (#55909273) Homepage Journal
    If Intel is admitting a 10% slowdown then it must be much much larger. Because Intel and benchmarks don't live in reality.
    • by SuperKendall ( 25149 ) on Thursday January 11, 2018 @01:40PM (#55909371)

      After an OSX update a real world compile of a project that takes around two minutes to complete, too almost exactly the same amount of time, or slightly faster... since compilation involves lots of small files and system calls I would expect it to be harder hit than most tasks. However because they had a partial Meltdown patch in around December, not sure if we would see much of an effect... no-one in December complained about slowdowns from the OSX update at that time though either.

      I don't think things most people do will be that affected by the patch.

      • Right..probably not for desktop users. They are used to things being slow. However a 2 minute compile isn't a very good test. The big problem is going to be server side. If you were getting a certain throughput previously and now it is 10% to 50% slower that is a big problem because that comes out of your pocket. Intel is going to have to make people whole and recall their processors.
        • I agree the bigger problem is server side, but like I said after an update I'm not seeing a small decline - I'm seeing zero decline, possibly a small speed increase. So I'm not even sure what server tasks will really see much impact... the main thing I could see possibly being an issue would be database performance, I'll bet Oracle has a much better handle on the real impact of this than almost anyone else...

          Although I'd be inclined to be skeptical of Intel as well, I'm not sure they are wrong on this and

          • You should publish your benchmarks and tell Intel. They aren't agreeing with you.
      • by AmiMoJo ( 196126 )

        Compilation isn't really very disk I/O intensive these days. Everything gets cached and it barely loads an SSD.

        Databases, BitTorrent on a fast connection, stuff that involves a lot of small reads and writes, is going to be hardest hit. Early server benchmarks from Epic Games production servers show a 60% performance loss.

    • If Intel is admitting a 10% slowdown then it must be much much larger. Because Intel and benchmarks don't live in reality.

      Depends on how you benchmark. Most users will see 0% change in speed. Don't worry your alarmist sky is falling posts will be hitting Slashdot at the same speed they always have.

      Only very select workloads will hit the 10% mark, and older CPUs will be worse effected than more recent ones. So if you run a datacentre in your home then freak out, those 10% are going to break you.

      • "Most users will see 0% change in speed."

        Wow, amazing. You must have run your own benchmarks. Even Intel didn't say 0%! You should work for Intel.
        • Wow, amazing. You must have run your own benchmarks. Even Intel didn't say 0%! You should work for Intel.

          Your cynicism is amazing. It's almost like you didn't realise that every sort of benchmark on a wide variety of loads, OSes and system configurations have been plastering the entire internet on this issue for the past week.

          Even Intel didn't say 0% because they didn't run the loads that show a 0% change, i.e. games, web browsing, office applications. You know, the kind of things most users do, and the kind of things that have been widely benchmarked in the past week.

          The internet is an amazing place, you shou

    • Because Intel and benchmarks don't live in reality.

      Because they live in "virtual" reality??

      Thank you, I'll be here all week. Try the veal.

  • after the way, last week, that they put it about that the problems affected all chips from all manufacturers to the same degree. They showed themselves to have better skills at sophistry that chip design.

  • Then I guess I'm expecting at least 10% of the cost of the processor cost back as a refund.

  • by Anonymous Coward

    I'm still not clear on if the slowdown is due to the per-OS workaround, or if Intel is talking about their eventual fix to the hardware/firmware problem causing the slowdown...TFA seems to indicate a "fix" to Windows OS' specifically, which would imply the per-OS workaround.

    Anyone?

    • There is no hardware or firmware fix to the problems, just software workarounds. The only hardware fix is to remove your processor and throw it away and replace it with something else that isn't broken.
  • On this machine (i5-5250U in an NUC5i5RYK) performance is fucking AWFUL after the Windows 7 patch and BIOS update. Webpages like YouTube peg a CPU core somehow. So does SSMS.

    My main machine is fine, because it's so old (2600k) that there is no BIOS update available for my motherboard. Allegedly you can download the microcode patch and shove it in yourself if your odn't get an official BIOS release. But fuck it. I'll be upgrading to the next Ryzen revision in a couple of months, hopefully. But FUCK cur

    • Webpages like YouTube peg a CPU core somehow

      Then something got fucked with the patching. Absolute single worst case scenario with a synthetic benchmark specifically designed to bring out the worst in the changes puts it at somewhere around 20-25%. Except a desktop user will *never* hit that workload, and sure as heck won't do it in a browser which should see an immeserable change even on your old pre-PCID support hardware.

      You broke something.

      • Nope. Intel broke something.

        Ever since the BIOS patch and MS patch (both applied at nearly the same time so I can't isolate the cause between them), my system has been fucking slow. Scrolling a result set from SSMS? Forget about it! YouTube? Hah! Looking through a a large folder ("label") in Gmail? Be prepared to wait. Even something as simple as dimming the display to show the UAC prompt takes a lot longer. And I get random hitching where my mouse (and everything else) will just freeze up for a couple

    • You and me both buddy, fuck the RAM producers right in their ass.

      They are colluding on prices again for like the 8th time, where is the government investigation this time around?

  • now it's 10%. Also, define "Personal Computer". My bro regularly runs 3-4 VMs in a virtual computer lab on his i7 while learning new tech or testing our scripts. And it's a 4th Gen i7 to boot.
    • No nothing has changed in the past week. The patches slow down specific workloads and effect specific chips differently.

      I.e. if you have PCID expect at worst a 10% performance drop. If you are a desktop user, expect no performance drop. Your bro is not a desktop user. If you synthetically bench systems without PCID in a way specifically designed to show the worst effect of this change expect somewhere between 20-30% drop, though in more realistic workloads that expose the worst it will likely be 10-20%.

      Game

  • I'm covered in the dust of the leader. He favors me!

    I am even dustier -- dustier than thou! [frinkiac.com]

  • CPU cost $999 so $99.90 refund coming my way - sweet

  • by MSTCrow5429 ( 642744 ) on Thursday January 11, 2018 @02:15PM (#55909711)

    I don't think there is a small amount of Intel chippery prior to 2015 running around. I'm probably an outlier, but mine is from 2008, (c) 2007.

    • I don't think there is a small amount of Intel chippery prior to 2015 running around. I'm probably an outlier, but mine is from 2008, (c) 2007.

      I am running with 2011 made i5-2500K, windows 7, asus P8Z68 mobo and nvidia 1070

      After installing the patch I overclocked from stock 3.3ghz to 4.5ghz, just in case, and called it a day.

      At least fallout 4 and playerunknowns battlegrounds seem to running smooth as ever as they did before patching.

    • I run my computers until they drive me to insanity before replacing them. A 10 year old computer still being used isn't unheard of in my house.

      As long as it plays whatever games I have and can surf the Internet, I'm good. My most recent upgrades were last year... and that was just a video card on my workstation so I could improve the appearance of GTA V. I still have a laptop from 2007 that I've only JUST given up on because of issues with 32bit processors. FFS, I'm still using a BlackBerry Playbook as

  • So when are we customers going to get ten per cent of our money back?

  • If one of my products turned out to do only 90% of advertised, I'd offer a rebate or return for credit (customer's choice). Maybe that's why I'm a small company, not a mega-corp.
  • This page over here, using actual benchmarking software before and after the Meltdown and Spectre patches, shows iPhone performance losses around 40% after applying the patches: https://melv1n.com/iphone-perf... [melv1n.com]

    Given that most of the last week's media spiel has been saying that "ARM's CPUs are supposed to be largely unaffected by these things" I doubt Intel's CPUs would behave much differently, certainly not better and certainly not "only 10% impact at worst".

  • > going back to 2015
    > older CPUs

    A good CPU from 2015 (Haswell) is a pretty new CPU. High-end CPUs from 2012 (Ivy Bridge) are still perfectly capable, especially in laptops. If you don't need stuff like USB 3.0, you can easily end up today with a pretty beefy Ivy Bridge/Haswell laptop by just doing RAM and storage updates (and maybe WiFi). This is just a carefully designed PR piece to make the issue look less bad, nothing to see here.

    • 2011 built and bought(with +95% online time since then), Sandy Bridge i5-2500K here; Games still run on ultra, I did however overclock for the first time, from stock 3.3ghz to 4.5ghz.

      Only upgraded parts on my build are SSDs and graphics.
  • I just spent a lot of money building a gaming rig, and overclocking it to get another 20% boost. Every bit matters in games. So, -10% is still huge to me. Intel should offer some compensation. Maybe not a whole new chip, but maybe at least a voucher of say $100 on a new CPU.
  • Okay, then give me a 10% refund on your defective product because this isn't what I paid for. I literally JUST GOT my Nvidia compensation check for their single lane 512MB block of GDDR5 that they pretended had full speed access.
    • On Red Hat they can be disabled by kernel command line switches: noibrs, noibpb, and nopti. REF: https://access.redhat.com/arti... [redhat.com]

      I believe there are similar kernel command line switches for a lot of other distros though you'll have to Google them yourself.

A physicist is an atom's way of knowing about atoms. -- George Wald

Working...