Intel Continuing to Work on Spectre/Meltdown Patches

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
13,500
Navin Shenoy, of Intel, says they have found the problem with the reboot issue on Broadwell and Haswell firmware updates and they have released more microcode for their Skylake platforms to the OEMs. The plan is to continue to test the updates and release them as soon as possible to the field. When it's all said and done Intel wants us to be patient and continue to update our systems as firmware becomes available. You heard it here first.......hurry up and wait.

Finally, while we continue to make progress, I recognize there is still more work to do. To our industry partners, I thank you again for your support and partnership as we advance through this process. We remain as committed as ever to addressing these issues and providing transparent and timely information.
 
OK here's a really dumb question... If I build a new Intel system today and install this firmware update will I see the supposed performance penalty? Would I be better off waiting for the next series of Intel chips that has the fix baked into the silicon?
 
OK here's a really dumb question... If I build a new Intel system today and install this firmware update will I see the supposed performance penalty? Would I be better off waiting for the next series of Intel chips that has the fix baked into the silicon?
Yes and Yes. Or just get AMD
 
OK here's a really dumb question... If I build a new Intel system today and install this firmware update will I see the supposed performance penalty? Would I be better off waiting for the next series of Intel chips that has the fix baked into the silicon?
My understanding is it totally depends on what you're running. So the answer ranges from "absolutely" to "not at all."
 
Or just get AMD
Yeah but I've priced some RAM and in order to get decent Ryzen performance you need to buy higher speed RAM which ends up eating into the price difference between AMD and Intel by a significant amount. You basically need DDR4-3000 (or higher) for the Infinity Fabric to get decent performance.

On Intel you don't necessarily need the higher speed RAM, that is, unless you game heavily. On AMD you need it!!!
 
Could buy a Meltel, or buy expensive ram for an AMD..... HMM, I would buy an AMD and get ram through Trading on HardOCP.

For myself I am sitting on a 6850K I bought 1 year ago and 8 X 8GB of Quad Channel DDR3200 .... so yeah. processor went down and RAM Skyrocketed.
 
Basically, Intel told the world a big "Fuck you. It's going to be ready, when it is ready. Nothing for you to see here". The problem is that the latest microcode and BIOS update for my 6600K was absolute GARBAGE. I had to go back to the previous bios, if I wanted to be able to use my PC normally. And don't get me wrong, the CPU is an amazing overclocker. 4.8 gHz stable without voltage added. But the Spectre/Meltdown "fix" basically fucks the CPU up.
 
OK here's a really dumb question... If I build a new Intel system today and install this firmware update will I see the supposed performance penalty? Would I be better off waiting for the next series of Intel chips that has the fix baked into the silicon?

We'll have to see with the final update they release, but it hasn't been any real performance impact for normal desktop use from the one they released already (the one that can cause rebooting issues). All the benchmarking I did on systems at work was within the margin of error. Same deal with the Windows patch that shadows kernel memory. If you are running some high performance server, then you need to do some benchmarking/research and see what the performance impact could be. If you are talking about a desktop, don't worry about it it seems to be extremely minimal.
 
WTF have they been doing the last year that they have known about this? Thumbs up their asses?
 
Yeah but I've priced some RAM and in order to get decent Ryzen performance you need to buy higher speed RAM which ends up eating into the price difference between AMD and Intel by a significant amount. You basically need DDR4-3000 (or higher) for the Infinity Fabric to get decent performance.

On Intel you don't necessarily need the higher speed RAM, that is, unless you game heavily. On AMD you need it!!!
eh... dunno about that.
Memory benchmarks it does seem to make a diff, about 16% memory speed from the lowest to the faster ram.
However in gaming/real world performance, it's a bit iffy.
I see it affecting 1080p gaming, but when you bump it to 1440x2560 or 4k, the memory curves are almost flatlined. In addition, stuff like x264 compression doesn't seem strongly affected either.
I guess the difference would be if you're gpu locked or not (for games). Source: https://www.techpowerup.com/reviews/AMD/Ryzen_Memory_Analysis/13.html
 
OK here's a really dumb question... If I build a new Intel system today and install this firmware update will I see the supposed performance penalty? Would I be better off waiting for the next series of Intel chips that has the fix baked into the silicon?

Depends on what you're doing. If it's super CPU intensive, possibly. If it's normal desktop usage (including most productivity software) and 99% of gaming, then probably not.
That said, if you can wait you might as well.
 
Team Red engineered a more secure solution from the get-go. I am not going to replace my 7700K with another Intel chip, that's for god damn sure.
To be fair, since it affected so many previous intel lines it's because they really haven't redesigned their architecture for such a long time. The problem is how long did they know it for? If it was prior to the disclosure and prior to them releasing a new series, then they were being malicious and not fixing what they knew to be broken.
 
Team Red engineered a more secure solution from the get-go. I am not going to replace my 7700K with another Intel chip, that's for god damn sure.

Well to be fair that's not really the case. It is not as though this issue was known or forseen. Anyone who pretends like "oh Intel should have known" is being disingenuous and acting like they had knowledge they didn't. I mean if you knew something like this was possible, why didn't you publish on it years ago? Nobody knew about this possibility, none of the top processor hackers in the world knew about it. So if a given processor is vulnerable or not is not an indication of how secure their solution is, just rather what particular choices they made in design. For example some ARM processors are vulnerable, some are not. Well why is that? If it was jsut a security thing, wouldn't ARM be all secure or all not? It's because different ARM cores are implemented differently, and some of the implementations are vulnerable, some aren't. Likewise IBM's Power and Z architecture are vulnerable, and those are completely different from x86.

You can't go an play captain hindsight on a new class of security vulnerability and say "Well they should have known," because how could have they? If nobody knew this, nobody had even theorized it, how could have a company known and engineered around it?
 
Patches? Intel could use some stinking patches.

What are we talking in terms of performance degradation?
 
Well to be fair that's not really the case. It is not as though this issue was known or forseen. Anyone who pretends like "oh Intel should have known" is being disingenuous and acting like they had knowledge they didn't. I mean if you knew something like this was possible, why didn't you publish on it years ago? Nobody knew about this possibility, none of the top processor hackers in the world knew about it. So if a given processor is vulnerable or not is not an indication of how secure their solution is, just rather what particular choices they made in design. For example some ARM processors are vulnerable, some are not. Well why is that? If it was jsut a security thing, wouldn't ARM be all secure or all not? It's because different ARM cores are implemented differently, and some of the implementations are vulnerable, some aren't. Likewise IBM's Power and Z architecture are vulnerable, and those are completely different from x86.

You can't go an play captain hindsight on a new class of security vulnerability and say "Well they should have known," because how could have they? If nobody knew this, nobody had even theorized it, how could have a company known and engineered around it?
yeah and it really depends how how much compensation intel is going to give out due to the performance degradation due to disabling the microcode through software.

So far i've heard jack about any sort of compensation. Intel's playing it off like, what? 5-10% performance decrease? What's that?
 
yeah and it really depends how how much compensation intel is going to give out due to the performance degradation due to disabling the microcode through software.

So far i've heard jack about any sort of compensation. Intel's playing it off like, what? 5-10% performance decrease? What's that?

Compensation for what? Does Intel make specific performance promises for any workloads? If so I've never seen it.
 
Compensation for what? Does Intel make specific performance promises for any workloads? If so I've never seen it.
No they don't. However degrading a product that you've purchased to perform lower than when you bought it or what you were sold as has many examples of compensation. When KIA stated that it's mpg was lower than it put on the sales sticker, people were compensated. When sony took away linux on the ps3, people were compensated. Apple just got in trouble for decreasing performance to maintain battery life and reduced the cost to replace old iphone batteries. In almost all cases, degrading performance after people buy an item is a big no-no. It doesn't matter if there were stated levels of performance or not.

I guess there are exceptions to certain products that degrade over time (batteries/tires/brakes), but this isn't one of them.
 
No they don't. However degrading a product that you've purchased to perform lower than when you bought it or what you were sold as has many examples of compensation. When KIA stated that it's mpg was lower than it put on the sales sticker, people were compensated. When sony took away linux on the ps3, people were compensated. Apple just got in trouble for decreasing performance to maintain battery life and reduced the cost to replace old iphone batteries. In almost all cases, degrading performance after people buy an item is a big no-no. It doesn't matter if there were stated levels of performance or not.

I guess there are exceptions to certain products that degrade over time (batteries/tires/brakes), but this isn't one of them.

This was not intentionally done to reduce performance of processors people already purchased (unlike as you noted what Apple did recently). As Sycraft pointed out none of the processor manufacturers were even aware that this type of exploit was even possible prior to last year. Unfortunately as it happens the fixes for these exploits in software and microcode do end up impacting performance there's really no way around that given nature of speculative out of order code execution that's being used in current architectures.
 
No they don't. However degrading a product that you've purchased to perform lower than when you bought it or what you were sold as has many examples of compensation. When KIA stated that it's mpg was lower than it put on the sales sticker, people were compensated. When sony took away linux on the ps3, people were compensated. Apple just got in trouble for decreasing performance to maintain battery life and reduced the cost to replace old iphone batteries. In almost all cases, degrading performance after people buy an item is a big no-no. It doesn't matter if there were stated levels of performance or not.

I guess there are exceptions to certain products that degrade over time (batteries/tires/brakes), but this isn't one of them.

Again, you are talking about features specifically sold. If Kia says "this car gets X MPG" and then it turns out it doesn't, that's something to be concerned about. Where does Intel say what performance their processors get? I can't find it anywhere. They make no benchmark promises, no dhrystone/wheststone promises, etc. Only thing I can really find that is any kind of promise is minimum CPU clock which is not changing. Performance for a given workload will vary and they make no claims.

Also there's the issue that these patches are not all Intel, and at this point aren't Intel at all. Microsoft is the one who put the kernel memory shadowing patch in Windows (which you can turn on and off by the way, it is just a registry setting). Intel has no control over that. MS has decided that the increase in security is worth the performance penalty (which it is since it isn't big and for that matter 32-bit code running on 64-bit OSes were already effectively the same thing since you couldn't map kernel addresses in 32-bit space). So why should Intel owe you money for that? Another example of a security provision that decreases performance is a virus scanner/HIPS. That'll eat cycles, slow your system down. Yet you should run one, and Windows will set one up by default. A more fundamental one is memory protection. If you made an OS where everything operated in Ring 0, kernel mode, with no memory protection or process isolation it'd be more performance. Context switching costs cycles and you could eliminate that... at the cost of eliminating a huge security and stability gain, basically going back to the DOS days.

Really the nerd rage over this is overblown. I feel like it is 99% people who don't know what this is, don't understand it, don't actually need the level of performance they claim and are just mad at some notion of losing performance as a matter of principle rather than anything else. If you actually work on doing something like virtualized workloads on server farms and this has caused a measurable, negative, performance impact for you then I can see a reason to be annoyed, though I will point out this would hardly be the first time there's been a security issue that has needed more performant hardware to deal with it. However if you are a home users who hasn't done any research or testing in to what this is, or the impacts and are just mad because "Intel made my processor slower," then just chill out.

If you are interested in learning some basics about this, why it affects so much and how this is just the beginning of a new class of exploits that will require doing things different in software, not just hardware, watch Malware Jake's presentation on it which is a pretty good basic overview.
 
Again, you are talking about features specifically sold. If Kia says "this car gets X MPG" and then it turns out it doesn't, that's something to be concerned about. Where does Intel say what performance their processors get? I can't find it anywhere. They make no benchmark promises, no dhrystone/wheststone promises, etc. Only thing I can really find that is any kind of promise is minimum CPU clock which is not changing. Performance for a given workload will vary and they make no claims.

Also there's the issue that these patches are not all Intel, and at this point aren't Intel at all. Microsoft is the one who put the kernel memory shadowing patch in Windows (which you can turn on and off by the way, it is just a registry setting). Intel has no control over that. MS has decided that the increase in security is worth the performance penalty (which it is since it isn't big and for that matter 32-bit code running on 64-bit OSes were already effectively the same thing since you couldn't map kernel addresses in 32-bit space). So why should Intel owe you money for that? Another example of a security provision that decreases performance is a virus scanner/HIPS. That'll eat cycles, slow your system down. Yet you should run one, and Windows will set one up by default. A more fundamental one is memory protection. If you made an OS where everything operated in Ring 0, kernel mode, with no memory protection or process isolation it'd be more performance. Context switching costs cycles and you could eliminate that... at the cost of eliminating a huge security and stability gain, basically going back to the DOS days.

Really the nerd rage over this is overblown. I feel like it is 99% people who don't know what this is, don't understand it, don't actually need the level of performance they claim and are just mad at some notion of losing performance as a matter of principle rather than anything else. If you actually work on doing something like virtualized workloads on server farms and this has caused a measurable, negative, performance impact for you then I can see a reason to be annoyed, though I will point out this would hardly be the first time there's been a security issue that has needed more performant hardware to deal with it. However if you are a home users who hasn't done any research or testing in to what this is, or the impacts and are just mad because "Intel made my processor slower," then just chill out.

If you are interested in learning some basics about this, why it affects so much and how this is just the beginning of a new class of exploits that will require doing things different in software, not just hardware, watch Malware Jake's presentation on it which is a pretty good basic overview.
Eh, out of order execution was theorized way in the past in 2015: https://www.blackhat.com/docs/us-15...ecution-For-Covert-Cross-VM-Communication.pdf
It was never addressed and still continued to be used by intel to this day. As far as i understand, specter is just an application of the theory.

Anytime someone sells something then changes the performance down the line because of things they knew about, it's a problem for the consumer. I'm sure there'll be a class action lawsuit soonish.

Also as a reminder, intel does compare performance with it's previous series such as this:
https://www.techpowerup.com/img/17-02-10/26da1b08bc2d.jpg

Did the fixes modify that? Probably
 
Last edited:
I kept my recent build in my signature here (for now) but I sold it last week (no, not because of the vulnerability). No longer give a hoot what they release - or not. Gives me a feeling of, well, freedom ...
 
The way I used the PC, I have noticed no difference.

9VoEffj.jpg
 
My motherboard is several years old (Intel 3rd gen). There is no way the manufacturer still creates firmware updates for it. To fix this buy, is it baked into a Microsoft patch or do I actually need a firmware update for my motherboard to patch this hardware bug?
 
Team Red engineered a more secure solution from the get-go. I am not going to replace my 7700K with another Intel chip, that's for god damn sure.

Then wait till 2019 when AMD fixes Spectre in Zen2 otherwise you will purchase a processor that is susceptible to Spectre. That is unless you are advocating giving up your 7700K for a Rasberry Pi (which is one of the few CPUs that is unaffected by either)

Don't come in here with your pro Intel BS.

So you are telling me that when the researchers found Spectre that they told Intel long before they told AMD, IBM and ARM (which all are affected)? That is what I am taking exception with the idea that Intel knew long before anyone else.
 
Last edited:
I'm just not worrying about it. There will be another flaw and another...

What will be will be.
 
My motherboard is several years old (Intel 3rd gen). There is no way the manufacturer still creates firmware updates for it. To fix this buy, is it baked into a Microsoft patch or do I actually need a firmware update for my motherboard to patch this hardware bug?

It sounds like you need a bios update in windows to be protected from spectre. From what I read you can use microcode update in Linux without bios update but it wont work in windows. More info on it in this thread. http://forum.asrock.com/forum_posts.asp?TID=7353&title=spectre-microcode-update-for-windows-user.
Another option might be to mod bios. Looks like Intel will have microcode updates for processors at least back 1st gen core duo.
 
OK here's a really dumb question... If I build a new Intel system today and install this firmware update will I see the supposed performance penalty? Would I be better off waiting for the next series of Intel chips that has the fix baked into the silicon?

Be prepared to wait a while. Maybe six months, but more likely a year or more. To fix the vulnerabilities while achieving pre-patch speeds, Intel is going to have some serious redesign work to do. It will be a generation or two before Intel will have those processors ready.
 
  • Like
Reactions: DocNo
like this
I am wanting to build a new system but going to wait till a new CPU is designed. Guess I will be stuck with my 5960x/Titan Xp for a while.
 
hmmm, they continue working on it; that's nice ... Go Intel :cool:
 
Compensation for what? Does Intel make specific performance promises for any workloads? If so I've never seen it.

Prior to the revelations they were astroturfing hard in the forums and pushing Covfefe Lake and their i9 chips as serious competitors to Ryzen/Threadripper. I feel sorry for anyone who spent $2k on a 7980XE based on that marketing.
 
Back
Top