Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Intel Security Technology

Intel Details Cascade Lake, Hardware Mitigations for Meltdown, Spectre (extremetech.com) 74

An anonymous reader shares a report: Ever since Meltdown and Spectre were disclosed, Intel's various customers have been asking how long it would take for hardware fixes to these problems to ship. The fixes will deploy with Cascade Lake, Intel's next server platform due later this year, but the company is finally lifting the lid on some of those improvements and security enhancements at Hot Chips this week.

One major concern? Putting back the performance that previous solutions have lost as a result of Meltdown and Spectre. It's hard to quantify exactly what this looks like, because the impact tends to be extremely workload-dependent. But Intel's guidance has been in the 5-10 percent range, depending on workload and platform, and with the understanding that older CPUs were sometimes hit harder than newer ones. Intel wasn't willing to speak to exactly what kind of uplift users should expect, but Lisa Spelman, VP of Intel's Data Center Group, told AnandTech that the new hardware solutions would have an "impact" on the performance hit from mitigation, and that overall performance would improve at the platform level regardless. Variant 1 will still require software-level protections, while Variant 2 (that's the "classic" Spectre attack) will require a mixture of hardware and software protection. Variant 3 (Meltdown) will be blocked in hardware, 3a (discovered by ARM) patched via firmware, with Variant 5 (Foreshadow) also patched in hardware.

This discussion has been archived. No new comments can be posted.

Intel Details Cascade Lake, Hardware Mitigations for Meltdown, Spectre

Comments Filter:
  • by ElBeano ( 570883 ) on Tuesday August 21, 2018 @05:06PM (#57170132)
    Use AMD instead.
    • by Anonymous Coward on Tuesday August 21, 2018 @05:30PM (#57170274)

      Use AMD instead.

      Especially since we're mostly talking about servers here. When AMD's EPYC is on 7nm and Intel is still on 14nm++++ or whatever they are calling it, the choice will be a lot easier.

      Even Intel's 10nm doesn't appear that it will be anything like what they had previously told everyone (since they couldn't get it to work).

      If they could have pulled off the original 10nm plan, they'd be on a level playing field with the 7nm stuff, but it's looking more and more like Intel will be behind for a while yet.

    • But I'm a gamer
      • Right, that's why you should be moving to Vulkan/DX12 now, the future of high performance gaming. That's where Ryzen + Radeon/Vega kick Intel's tail. Why stay mired in obsolete game engine technology? You need to be ready for the upcoming wave of high performance FPS and VR games.

    • Use AMD instead.

      Sure that works now with Ryzen, but how well does that work for all the times AMD is out of the running? For much of the past 10 years you were far better off buying Intel and living with the performance hit from the patches.

      • by gweihir ( 88907 )

        That is not actually true for server-workloads. The only thing where Intel was better was single-core gaming benchmarks.

  • by Anonymous Coward on Tuesday August 21, 2018 @05:12PM (#57170168)

    From the slide in the FA, Variant 1 (Bounds-Check Bypass, one of the worst variants), Variant 2 (Branch-Target Injection), and Variant 4 (Speculative-Store Bypass) are all still relying on OS/VMM mitigations --- which means that Intel has done absolutely nothing to try to address them.

    Still. Broken.

    • by AmiMoJo ( 196126 )

      They probably won't until the next major architecture revision. Aside from anything else new flaws keep being found and if they try to patch the current architecture they probably won't get them all, and being incompetent will probably create more.

      • Aside from anything else new flaws keep being found and if they try to patch the current architecture they probably won't get them all, and being incompetent will probably create more.

        They can't just "patch" them, they have to make actual architectural changes so that things happen in the correct order. If they could just issue a patch, they could have fixed these problems in microcode already, and declared victory over vulnerability.

        • by Gr8Apes ( 679165 )
          They could potentially fix it, but I'm not sure what the cost of "flush the caches after every context switch" would do to the performance? Knock it down to 50%? Worse? I just can't imagine what a multi-core server with multiple threads would have occur. A CPU on its figurative knees being outpaced by a single core/threaded chip from the 2000s is floating into focus...
  • by Anonymous Coward on Tuesday August 21, 2018 @05:18PM (#57170216)

    Real fixes require a new security-first attitude at Intel, and a complete chip redesign based on that attitude.
    That will take many years to materialize. In the meantime expect to see more vulnerabilities to pop-up (already have) and more ad hoc fixes.

  • by Anonymous Coward

    No patches for me. The whole unit is flawed. Just rip the damn thing out.

  • Major concern (Score:5, Insightful)

    by TeknoHog ( 164938 ) on Tuesday August 21, 2018 @05:23PM (#57170234) Homepage Journal

    One major concern? Putting back the performance that previous solutions have lost as a result of Meltdown and Spectre.

    It's like getting back the "A" grade you lost after they found out you've been cheating. Sure it's a major concern because now you'll actually have to work for your grade. Meanwhile, there are other students who didn't cheat in the first place. Guess which one I'm going to hire?

    • Guess which one I'm going to hire?

      The cheater obviously. They have shown to be able to get to the top place with far less effort. Providing they prove their ability to treat the sewer they shat in, why hire the innefficient one?

      • by Gr8Apes ( 679165 )
        It depends, was it a smart cheater that knew the trade-offs, or were they just very lucky that they avoided being caught on day 1?
      • by GuB-42 ( 2483988 )

        Hire a cheater and he will find the most efficient way of taking your money. Spoiler alert: it doesn't involve doing the work you are paying him for.

        • Hire a cheater and he will find the most efficient way of taking your money.

          Well that is the goal of any employee. It sounds like your renumeration system does not favour outcomes but rather attendance. If you favour outcomes through renumeration the most efficient way of taking money is the most effecient way of achieving outcomes.

  • A lot of huge customers, like cloud providers, are likely to upgrade their servers as soon as possible. Not seeing any sign they're moving to AMD, and AMD isn't 100% immune to these either.

    So, has the expected surge in demand been factored into the price of the stock, or is now a good time to buy?

    Conversely, there will soon be a bunch of Intel based servers flooding the surplus market. About the time I'll be looking to upgrade my desktop box. Can I pop a graphics card into one of these servers and
    • Intel flew too close to the Sun and was burned, much more so than AMD which has not as aggressively complicated their design. Now Intel is patching instead of working toward a systemic solution. It seems like denial and doesn't encourage a lot of confidence.

      There is definitely partial shift toward AMD underway. Even Intel has publicly predicted a larger move than has yet been completed and they would be many times more likely to minimize that prediction than overestimate it.

      It takes a while for momentum to

  • Comment removed based on user account deletion
  • Bug by bug patches? (Score:4, Interesting)

    by RhettLivingston ( 544140 ) on Tuesday August 21, 2018 @05:51PM (#57170366) Journal

    This seems like an effort to stick a bunch of fingers in holes in a dam when the dam has a systemic design flaw. What are the chances that other problems will be discovered after tape-out of the new processors?

    These bugs are an indictment of the complexity of the speedup techniques Intel has used. With complexity comes extra design expense, reductions in yield, reductions in reliability, and now, security issues that were not very foreseeable.

    Adding more complexity in the form of changes to address all these little problems does not give comfort that the syndrome is fixed.

    This was serious enough to warrant going back to the drawing board and designing in changes that eliminate this class of problems, not the individual problems that we know of. This is a disappointing effort.

    • What are the chances that other problems will be discovered after tape-out of the new processors?

      100%. The average CPU product line has hundreds of eratas (hardware bugs) over its life across the entire industry. It just happened that these specific bugs were security related.

  • ... if they submitted samples of the CPUs to researchers to find these kind of flaws BEFORE they commit to making the first 100 million of them?

Never test for an error condition you don't know how to handle. -- Steinbach

Working...