Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel Details Cascade Lake, Hardware Mitigations for Meltdown, Spectre (extremetech.com)

Posted by msmash on from the up-next dept.

An anonymous reader shares a report: Ever since Meltdown and Spectre were disclosed, Intel's various customers have been asking how long it would take for hardware fixes to these problems to ship. The fixes will deploy with Cascade Lake, Intel's next server platform due later this year, but the company is finally lifting the lid on some of those improvements and security enhancements at Hot Chips this week.

One major concern? Putting back the performance that previous solutions have lost as a result of Meltdown and Spectre. It's hard to quantify exactly what this looks like, because the impact tends to be extremely workload-dependent. But Intel's guidance has been in the 5-10 percent range, depending on workload and platform, and with the understanding that older CPUs were sometimes hit harder than newer ones. Intel wasn't willing to speak to exactly what kind of uplift users should expect, but Lisa Spelman, VP of Intel's Data Center Group, told AnandTech that the new hardware solutions would have an "impact" on the performance hit from mitigation, and that overall performance would improve at the platform level regardless. Variant 1 will still require software-level protections, while Variant 2 (that's the "classic" Spectre attack) will require a mixture of hardware and software protection. Variant 3 (Meltdown) will be blocked in hardware, 3a (discovered by ARM) patched via firmware, with Variant 5 (Foreshadow) also patched in hardware.

74 comments

  1. Hardware Mitigations? by ElBeano · · Score: 5, Insightful

    Use AMD instead.

    1. Re:Hardware Mitigations? by Anonymous Coward · · Score: 4, Informative

      Use AMD instead.

      Especially since we're mostly talking about servers here. When AMD's EPYC is on 7nm and Intel is still on 14nm++++ or whatever they are calling it, the choice will be a lot easier.

      Even Intel's 10nm doesn't appear that it will be anything like what they had previously told everyone (since they couldn't get it to work).

      If they could have pulled off the original 10nm plan, they'd be on a level playing field with the 7nm stuff, but it's looking more and more like Intel will be behind for a while yet.

    2. Re:Hardware Mitigations? by jason777 · · Score: 1

      But I'm a gamer

    3. Re: Hardware Mitigations? by Anonymous Coward · · Score: 0

      AMD is crap in the Enterprise Server market, and their Virtualization sucks ass. Oh, and they're not immune to all these attacks either, some they have quietly admitted to, a few they've claimed to not be affected.... and several recent ones they've been suspiciously silent about.

      Put simply, if you, like me, have over 10k blades running Intel you're not going to cycle all those out for AMD overnight.

    4. Re:Hardware Mitigations? by Anonymous Coward · · Score: 0

      Oh noes, 125FPS instead of 130FPS during benchmarking! The humanity...

    5. Re: Hardware Mitigations? by Anonymous Coward · · Score: 0

      AMD, ARM and other modern CPUs have the same issue

      Consider this as a stock tip for all manufacturers as companies upgrade their way out of this mess.

    6. Re:Hardware Mitigations? by Anonymous Coward · · Score: 0

      amd ain't safe from a lot of these exploits, either.

      the only winning move is not to play.

    7. Re:Hardware Mitigations? by Anonymous Coward · · Score: 0

      How about just a Financial Mitigation? Take 10 percent of my processing power, you're going to reimburse me for 10 percent of that CPU cost. (Of course, a lot of people will still be screwed over by this, because it doesn't take the total system cost into account.)

    8. Re:Hardware Mitigations? by Anonymous Coward · · Score: 0

      Gamers want performance when actually playing games, especially in those CPU bottlenecked situation where frame times spike. That's when FPS matter the most in fast paced games where fast reactions can determine whether you lose or win; not when running benchmarks. Benchmarks are often crap at evaluating performance during actual gameplay, because they don't recreate those heavy gaming workloads that can be encountered especially in multi-player situations.
      For example here you can see a performance comparison between an old i5, somewhat modern i7 and a (first generation) R7 in a simulation like ArmA 3, which is both CPU and memory intensive. I looked for videos that compare the performance of Coffee Lake and Zen+ but found none. https://www.youtube.com/watch?...
      FPS can be pretty high across all systems, when nothing is really happening. But who really needs 100+ FPS when staring at still life? It's when you need to aim during the heat of battle where those FPS count. And it's not even multi-player where the number of vehicles and player models can be highly dynamic. In multiplayer you may also want an object render distance of 3000m that puts even more strain on the simulation, because distances for sniper rifles can already be reliable up to ~2500m.
      Anyway, most of the people who complain about performance in ArmA 3 turn out to own AMD CPUs. There's also a lot of issues for old and lock clocked Intels.

    9. Re:Hardware Mitigations? by thegarbz · · Score: 1

      Use AMD instead.

      Sure that works now with Ryzen, but how well does that work for all the times AMD is out of the running? For much of the past 10 years you were far better off buying Intel and living with the performance hit from the patches.

    10. Re: Hardware Mitigations? by zilym · · Score: 2

      I hate it when people carelessly claim that ARM is just as vulnerable as AMD and Intel.

      None of the ARM CPUs in my tablets and smartphones incorporate speculative execution, and thus, are immune to these attacks.

      A few high performance ARM cores have speculative execution and are theoretically vulnerable. However, the vast majority of battery powered ARM devices do not incorporate high performance ARM cores! Battery powered devices are more concerned about conserving energy than raw execution speed, so manufactures more often than not choose the more power efficient ARM cores that do not incorporate speculative execution.

    11. Re:Hardware Mitigations? by Anonymous Coward · · Score: 0

      Nah, I prefer the superior performance of Intel. AMD is too slow, too incompatible and overheat a lot. Spectre and Meltdown aren't even serious and the chances of any hackers actually exploiting them to gain useful information is extremely slim (I'm more likely to win the lottery).

    12. Re: Hardware Mitigations? by Killall+-9+Bash · · Score: 1

      Put simply, if you, like me, have over 10k blades running Intel you're not going to cycle all those out for AMD overnight.

      Nope, you'll just install those meltdown mitigation windows updates like a good little MCSE. Then you get to explain the 25% performance loss to your boss.

      --
      "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
    13. Re:Hardware Mitigations? by K.+S.+Kyosuke · · Score: 1

      Superior performance of Intel?

      --
      Ezekiel 23:20
    14. Re:Hardware Mitigations? by Anonymous Coward · · Score: 0

      Then you'll be fine with current hardware without kernel/firmware mitigation. Unless you host a VM farm on your gaming rig, which you don't.

    15. Re:Hardware Mitigations? by gweihir · · Score: 1

      That is not actually true for server-workloads. The only thing where Intel was better was single-core gaming benchmarks.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    16. Re:Hardware Mitigations? by Megol · · Score: 1

      You forgot your sarcasm tag.

    17. Re:Hardware Mitigations? by Megol · · Score: 1

      The few situations when the CPU is the bottleneck and the task can't be parallelized can practically be ignored IMHO.
      For gaming that is - there are plenty of real stuff where single thread performance is important.

    18. Re: Hardware Mitigations? by Megol · · Score: 1

      Can I ask what smartphone(s) you have then? IIRC OoO execution for smartphones came ca 2008 and phones not having it now is generally called feature phones, could be wrong though.

    19. Re:Hardware Mitigations? by Megol · · Score: 1

      One of the exploits is essentially impossible to protect against without removing performance, one have never existed (Meltdown) and the rest is generally hard to exploit on Ryzen.
      You are of course right, I'll dump my computers as soon as I get this abacus on the Internet...

    20. Re: Hardware Mitigations? by Wrath0fb0b · · Score: 1

      None of the ARM CPUs in my tablets and smartphones incorporate speculative execution, and thus, are immune to these attacks.

      Really? Then you must not have

      Any ARM Cortex after A53, which was the first with branch prediction released in 2012 (if you are predicting a branch, then you are executing speculatively). The A57 then bumps this from just branch prediction to full OOO execution.

      Any Samsung Exynos after M1. The Qualcomm ones are just warmed over ARMs anyway (with an LTE modem glued on) so nothing new there. Same for MediaTek.

      Probably the Apple SOCs too, but they don't really give out slides.

      Anyway, if you are running a ARM SOC with no branch predictor (let alone OOO) then you are on a phone/tablet from 2014 or earlier.

    21. Re:Hardware Mitigations? by Anonymous Coward · · Score: 0

      whoosh

    22. Re:Hardware Mitigations? by Anonymous Coward · · Score: 0

      Maybe in your case you only ever play those games in which such situations don't occur. And that's fine. Those cases certainly exist.
      But those other games are also out there. It occurs especially among competitive online multi-players that both support large maps, with a lot of assets and don't just allow a hand full of players at a time but numbers that can get pretty high. In those cases single threaded performance is also paramount. And these things aren't likely to change in the future either.
      Then there are also examples of modern single player games like Kingdom Come: Deliverance. They've also got a ton of assets in their scenes. And both Intel and AMD struggle to stay around 60 FPS, while Intel delivers not only about 10% higher FPS but also has a a lot fewer spikes in frame times.

      Sure you can always explain it away for yourself by stating that those games are poorly optimized. I'd even agree with that. But that doesn't make them run any better in the end if you still want to play them.
      In fact even those games that have pretty amazing multi-threading, like Assassin's Creed: Origins, still run a bit better on an i5-8600k than on an R7 2700X. Taking the additional costs for that 3rd party CPU cooler on the i5 into consideration, it's still a bit cheaper than the R7 option. Of course only if games are your main concern. Otherwise you'd be pretty silly to buy an i5 over an R7.
      Therefore: If you are a gamer and don't want to worry about what game will run nicely on your hardware and what not, Intel will probably stay the go-to. Using arguments like "125FPS instead of 130FPS during benchmarking" is about as stupid as claiming that an i7-8700k is the better choice for work stations over a Threadripper because with that Adobe Premiere Pro update that utilized its IGP makes it a bit faster, equally fast, or nominally slower at certain tasks.

      Who knows, maybe things will change in the future if AMD manages to bump up that IPC while also increasing clocks. I certainly hope so, because if Intel gets competition even in that niche, in the end we'd all be better off. But whether or not AMD can achieve this remains to be seen.

    23. Re:Hardware Mitigations? by Tough+Love · · Score: 1

      Right, that's why you should be moving to Vulkan/DX12 now, the future of high performance gaming. That's where Ryzen + Radeon/Vega kick Intel's tail. Why stay mired in obsolete game engine technology? You need to be ready for the upcoming wave of high performance FPS and VR games.

      --
      When all you have is a hammer, every problem starts to look like a thumb.
    24. Re: Hardware Mitigations? by Anonymous Coward · · Score: 0

      That 10% edge vanishes once you apply to security mitigations, which is why AMD took the crown for best CPU at Tom's hardware.

    25. Re: Hardware Mitigations? by Anonymous Coward · · Score: 0

      Except that this would be wrong for the games in question here. The differences don't vanish.
      For example here we have a comparison between the i7-8700k and the R7 2700X in Kingdome Come: Deliverance, on a fully patched Windows 10 as far as I know. If you watch the graphs for frame times, you can easily see that Intel delivers a way more consistent experience.
      Security mitigations are also pretty irrelevant if you're mostly gaming with your PC. So why would the affect gaming performance in meaningful ways?
      And as you appear to see Tom's Hardware as a trustworthy enough source here, you may be interested in their analysis of how the security mitigations impact gameplay. Spoiler: Apparently its effects neither impact Intel nor AMD in a significantly negative way as far as gaming is concerned. So it's not like that these mitigations artificially crippled performance on AMDs in order to make Intel look better in comparison (as far as gaming is concerned of course). Although I must be honest here and say that those averages and min frame rates do not tell the entire story. More thorough testing would be required. According to that data, I'd say the impact on performance is well within the margin of error.
      So I don't know what else to say on this. Personally I don't have that much faith in Tom's Hardware because they used to be hardcore Intel fanboys in the past. Maybe the situation has changed since they've made their tests. More recent benchmarks would confirm the trend that was shown by their tests. So until someone manages to come up with a better analysis that proves all these findings wrong, you can't really say that your claim is backed up by facts.

      I've come to expect such misinformation from post-purchase rationalizing AMD fanboys. You can't just be happy with having an amazing CPU that is waaaay more cost effective for general purpose use than anything Intel has to offer, forcing Intel to finally make some more significant changes for the first time in a long time. No you must also see to it that nobody on the internet possibly considers buying and Intel, even though it may fit their very specialized niche purpose.
      Of course this phenomenon is not isolated to AMD. There's plenty of Intel and nVidia fanboys out there as well. But that doesn't make these self-righteous AMD fanboys less obnoxious.

  2. "OS/VMM" mean "Not Fixed" by Anonymous Coward · · Score: 5, Informative

    From the slide in the FA, Variant 1 (Bounds-Check Bypass, one of the worst variants), Variant 2 (Branch-Target Injection), and Variant 4 (Speculative-Store Bypass) are all still relying on OS/VMM mitigations --- which means that Intel has done absolutely nothing to try to address them.

    Still. Broken.

    1. Re:"OS/VMM" mean "Not Fixed" by AmiMoJo · · Score: 1

      They probably won't until the next major architecture revision. Aside from anything else new flaws keep being found and if they try to patch the current architecture they probably won't get them all, and being incompetent will probably create more.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:"OS/VMM" mean "Not Fixed" by drinkypoo · · Score: 1

      Aside from anything else new flaws keep being found and if they try to patch the current architecture they probably won't get them all, and being incompetent will probably create more.

      They can't just "patch" them, they have to make actual architectural changes so that things happen in the correct order. If they could just issue a patch, they could have fixed these problems in microcode already, and declared victory over vulnerability.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:"OS/VMM" mean "Not Fixed" by Anonymous Coward · · Score: 0

      Mod up. Exactly. A fudge is not a fix. I would not say done nothing - as the share price has not taken a hit.

      And there is no honesty in timelines or performance for like before/after. Instead Intel is trying to get new benchmarks made up and accepted.

      If you think about it - I think there is no fix insight - that strict enforcement will kill performance. they would have already ran simulations. Because when they chose to remove hardware checking - somebody knew full well.

    4. Re:"OS/VMM" mean "Not Fixed" by Gr8Apes · · Score: 1

      They could potentially fix it, but I'm not sure what the cost of "flush the caches after every context switch" would do to the performance? Knock it down to 50%? Worse? I just can't imagine what a multi-core server with multiple threads would have occur. A CPU on its figurative knees being outpaced by a single core/threaded chip from the 2000s is floating into focus...

      --
      The cesspool just got a check and balance.
  3. These are kludges, not fixes. by Anonymous Coward · · Score: 4, Informative

    Real fixes require a new security-first attitude at Intel, and a complete chip redesign based on that attitude.
    That will take many years to materialize. In the meantime expect to see more vulnerabilities to pop-up (already have) and more ad hoc fixes.

  4. No patches by Anonymous Coward · · Score: 1

    No patches for me. The whole unit is flawed. Just rip the damn thing out.

  5. Major concern by TeknoHog · · Score: 5, Insightful

    One major concern? Putting back the performance that previous solutions have lost as a result of Meltdown and Spectre.

    It's like getting back the "A" grade you lost after they found out you've been cheating. Sure it's a major concern because now you'll actually have to work for your grade. Meanwhile, there are other students who didn't cheat in the first place. Guess which one I'm going to hire?

    --
    Escher was the first MC and Giger invented the HR department.
    1. Re:Major concern by Anonymous Coward · · Score: 0

      If a teacher from your school a decade ago only just now proved you were cheating, should they invalidate your diploma? Should there be a maximum statute of limitations? (With a processor, it would make sense to have this be the warranty period.)

    2. Re: Major concern by Anonymous Coward · · Score: 0

      You are wrong. Processors as well as cars last way longer than warranty periods. As long as the deprecated value in your books is not 0, they should be on the hook.

    3. Re:Major concern by thegarbz · · Score: 1

      Guess which one I'm going to hire?

      The cheater obviously. They have shown to be able to get to the top place with far less effort. Providing they prove their ability to treat the sewer they shat in, why hire the innefficient one?

    4. Re:Major concern by Gr8Apes · · Score: 1

      It depends, was it a smart cheater that knew the trade-offs, or were they just very lucky that they avoided being caught on day 1?

      --
      The cesspool just got a check and balance.
    5. Re: Major concern by Anonymous Coward · · Score: 0

      You're really shooting yourself in the foot by pointing to warranties. For the most part, warranties do nothing once they expire.

      Cars are an exception, but only because of safety and environmental concerns.

      Unless there is a safety issue, car manufacturers are not required to address defects after the warranty period either.

    6. Re:Major concern by GuB-42 · · Score: 1

      Hire a cheater and he will find the most efficient way of taking your money. Spoiler alert: it doesn't involve doing the work you are paying him for.

    7. Re:Major concern by thegarbz · · Score: 1

      Hire a cheater and he will find the most efficient way of taking your money.

      Well that is the goal of any employee. It sounds like your renumeration system does not favour outcomes but rather attendance. If you favour outcomes through renumeration the most efficient way of taking money is the most effecient way of achieving outcomes.

  6. Is this a good time to buy Intel stock? by Snotnose · · Score: 1

    A lot of huge customers, like cloud providers, are likely to upgrade their servers as soon as possible. Not seeing any sign they're moving to AMD, and AMD isn't 100% immune to these either.

    So, has the expected surge in demand been factored into the price of the stock, or is now a good time to buy?

    Conversely, there will soon be a bunch of Intel based servers flooding the surplus market. About the time I'll be looking to upgrade my desktop box. Can I pop a graphics card into one of these servers and make a nifty, cheap gaming box? I'm perfectly capable of moving a motherboard to a new chassis, I'm less capable at adding a PCI slot to an existing board.

    As a home user do I care about these vulnerabilities? I do banking stuff once a month. I do Amazon maybe twice a year. I do /., fark, etc etc daily, but all my logins for those are snotnose with the same password. To be honest, send me an email with a funny joke and I'll tell you the password, I don't fricken care at this level of web activity.

    1. Re:Is this a good time to buy Intel stock? by RhettLivingston · · Score: 1

      Intel flew too close to the Sun and was burned, much more so than AMD which has not as aggressively complicated their design. Now Intel is patching instead of working toward a systemic solution. It seems like denial and doesn't encourage a lot of confidence.

      There is definitely partial shift toward AMD underway. Even Intel has publicly predicted a larger move than has yet been completed and they would be many times more likely to minimize that prediction than overestimate it.

      It takes a while for momentum to build and supply chains to adjust. Would you want to upgrade at the end of this year to get some of your performance that you already paid for back or would you rather wait six months and get a fresh new 7nm AMD Epyc design that is a true upgrade in the first half of 2019? (I doubt they'll wait for Intel's 10nm server generation to start up in the first half of 2020)

      There is going to at least be some experimentation with both AMD and ARM in the data center. My guess, we'll see more diversified deployments for a while in an effort to mitigate the risk as the chip flaws in this new class continue to be discovered (and they will).

      Intel has barely begun to suffer their come to God moment. If they've got any sense at all, there is a more thorough redesign in the works for the 2020 generation. So, turnaround in early 2020, very late 2019 at the earliest - barring success with some major architectural slight of hand like pushing the Optane agenda.

    2. Re:Is this a good time to buy Intel stock? by Anonymous Coward · · Score: 0

      If your server only has PCIe 8x slots and they're not open ended (PCIe 16x won't fit) then you will have to cut the plastic end of the slot.
      But there may be two 16x slots anyway.

    3. Re: Is this a good time to buy Intel stock? by Anonymous Coward · · Score: 0

      AMD server share doubled last quarter I believe. It's started from a low base, but not what I'd call 'no sign of shifting to AMD'. Intel CEO anticipating 15-20% market share from AMD going forward, up from current 1%.

  7. Wouldn't it be funny by CptLoRes · · Score: 1

    If Intel marketing started claiming higher percentage gains with the HW mitigations on new chips, then the 5-10 percent they say we lose today. Buy now, it's 20 percent faster clock for clock then previous generation chips!

    1. Re:Wouldn't it be funny by Anonymous Coward · · Score: 0

      Buy now, it's 20 percent faster clock for clock then previous generation chips!

      than

    2. Re:Wouldn't it be funny by CptLoRes · · Score: 1

      Sure thing. Next time I'll write in my native language (Norwegian), and make sure to correct any grammatical mistakes you'll make in that language.

  8. Also helps as Dickwad mitigation. by Anonymous Coward · · Score: 0

    We finally have a tool to show Intel that it's not OK to treat us how they did.
    I will be using it for quite some time. At least until 2037 (2018+19), given that Intel’s dickishness has harmed since 1999 (2018-19), when they murdered three out of the four mainboard manufacturers who dared to sell Athlon mainboards. (The other ones didn’t even dare, given Intels threat to hold Intel chipsets to bankrupt them.)
    The fact that Intel wasn't shut down as a company... (the "corporations are people" equivalent of somebody getting the chair for murdering several people and threatening to murder a whole community) ... is unacceptable, and makes the legal system that allowed this just as criminal.

  9. Bug by bug patches? by RhettLivingston · · Score: 3, Interesting

    This seems like an effort to stick a bunch of fingers in holes in a dam when the dam has a systemic design flaw. What are the chances that other problems will be discovered after tape-out of the new processors?

    These bugs are an indictment of the complexity of the speedup techniques Intel has used. With complexity comes extra design expense, reductions in yield, reductions in reliability, and now, security issues that were not very foreseeable.

    Adding more complexity in the form of changes to address all these little problems does not give comfort that the syndrome is fixed.

    This was serious enough to warrant going back to the drawing board and designing in changes that eliminate this class of problems, not the individual problems that we know of. This is a disappointing effort.

    1. Re:Bug by bug patches? by Anonymous Coward · · Score: 0

      This seems like an effort to stick a bunch of fingers in holes in a dam when the dam has a systemic design flaw.

      Exactly. The central problem is that if a processor begins in state A, then performs a speculative execution that fails, the processor's state should be reset back to state A. But that isn't happening. Various parts of the processor (such as the cache) aren't being reset to their previous states.

      If Intel completely reset the processor to its previous state after a failed speculative execution, then the processor would be immune to all speculative execution attacks--even speculative execution attacks that haven't been discovered yet. But it doesn't appear that that's what Intel is doing. Instead, their strategy appears to be to design a separate patch for each different speculative execution attack after that attack is discovered.

    2. Re:Bug by bug patches? by williamyf · · Score: 2

      If Intel completely reset the processor to its previous state after a failed speculative execution, then the processor would be immune to all speculative execution attacks--even speculative execution attacks that haven't been discovered yet. But it doesn't appear that that's what Intel is doing. Instead, their strategy appears to be to design a separate patch for each different speculative execution attack after that attack is discovered.

      What did you expect? It takes about four years to engineer an new microprocessor architecture. More if you are starting from scratch. I am 99% certain that right now, there is a team of Intel Microarchitects designing such microprocessor from scratch, we may as well see the fruits of their labour in something like six years (maybe more, if there are more slowdownd in the Fab side of things). But in the meantime, Intel needs something to sell, otherwise, the company would go bankrupt before that new microprocessor design is out the door, so, we end up with this.

      And before you think about going to some other manufacturer (AMD, Arm, IBM Power, Spark, VIA), remember that their processors are also suceptible to Spectre type attacks, so do a cost/benefit business case analysis before taking the plunge...

      PS: I favour AMD for servers (since this article is about servers) but there are many caveats beyond AMD's control that make it an uphill battle to use their chips. This has nothing to do with obscure machinations from Intel like in the early '00s, and fortunately will get better in the future, but, again, the thing is, do a detailed cost/benefit analysis before taking the plunge.

      --
      *** Suerte a todos y Feliz dia!
    3. Re:Bug by bug patches? by Anonymous Coward · · Score: 0

      if they really fix the problem, AMD is ahead on performance at this point. Intel cheated to stay ahead and it's cost them.

    4. Re:Bug by bug patches? by Anonymous Coward · · Score: 0

      A number of the Intel flaws relate to access checks on data being done after the speculative execution rather than before. I would hope with this new design they have moved the access checks forward so that they happen before the data is operated on - that would eliminate most of the Intel-specific attacks without a major change, including attacks that possibly haven't been found yet.

      But, yes, I certainly don't expect these new processors to be completely immune and I think we'll be hearing about this sort of class of bugs for a while still, but as others have said, Intel doesn't have the ability to do a completely new processor this quickly.

    5. Re:Bug by bug patches? by thegarbz · · Score: 1

      What are the chances that other problems will be discovered after tape-out of the new processors?

      100%. The average CPU product line has hundreds of eratas (hardware bugs) over its life across the entire industry. It just happened that these specific bugs were security related.

    6. Re:Bug by bug patches? by fintux · · Score: 1

      [--] there are many caveats beyond AMD's control that make it an uphill battle to use their chips.

      I barely know anything about the server space, so I'd be interested in hearing what kind of issues there are. Could you shed some light on this? (Special care was tried to be taken to not sound like I'm asking because I doubt your statement - I genuinely am just interested to learn about this)

    7. Re:Bug by bug patches? by drinkypoo · · Score: 1

      Well, I doubt his statement. Ever since AMD started selling their own chipsets, I have found zero drawback to using AMD other than reduced performance — but given the cost:performance ratio comparison between the two, unless you are chasing the absolute maximum frame rate in gaming or similar, there are no real drawbacks. Unless you're at the top of the range, you can solve that problem with money, and usually still come out ahead of Intel by spending less of it.

      Back when you had to use a VIA chipset for an AMD system, but you could get an Intel chipset for an Intel system, there were real and significant differences. Any more? Not so much. And it might be noted that a motherboard with an Intel chipset would be literally $100 more than one with a VIA chipset. And even today, there is a ~$100 price gap between similarly-equipped Intel and AMD motherboards, favoring AMD. And those AMD systems have more PCI-E lanes...

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    8. Re:Bug by bug patches? by williamyf · · Score: 1

      I am preparing a blog post (+ LinkedIn series) about it. But since this is slashdot, and not something I write for CIO level people, and since you asked nicely (and are not an Anon Coward), I'll give you the TL;DR preview, I'll simply list the caveats, without much explaing. Please remember we are talking about SERVERS. For companies. Not desktops, not laptops, not gaming rigs, not servers for a home lab. Some people seem to forget that...

      0.) If your workload needs anything Intel propiertary, like transactional memory, or some other weird stuff, then game over. By the same token, if you need something AMD exclusive, like the niffty feature that encrypts a VM's RAM so that not even the VMM can see it, then go AMD.

      1.) Does your Workload (usually legacy) depend on single threaded performance? In that case, is likely that intel will be faster, but do a side by side trial and benchmark, as that will depend on the performance loss for the Spectre patches for both intel and AMD.

      3.) Is your software licensed by core, not socket? (If it is FOSS, then the answer is, no, move on) Then, you need the configuration which achives the desired performance with the MINIMUM numer of cores, even if the Processor that achieves that is supper-expensive... The Software tends to be ORDERS OF MAGNITUDE MORE EXPENSIVE then the SERVERS (I am looking at you Oracle). So, again benchmark, but remember AMD has more cores, per socket, but intel tends to have more single thread performance, so, again, side by side trial and benchmark.

      4.) Does your workload has problems with NUMA (also, mostly legacy)? In that case, certainly, intel. (with the use of "core-complexes" XEN has more "NUMA-ness" than intel, by a long shot. Even a single socket XEN processor is NUMA).

      5.) If you are doing virtualization or cloud, does your VMM/Cloud SW support AMD properly? If not, is it worth it for your organization to add a new VMM to your stable on top of a new server chip? Like it or not, not all VMMs/Cloud SW support AMD yet, I hope this changes in the near future.

      6.) If you need to LIVE migrate VMs from the old kit to the new kit and back, then the kit has to be either all intel, or all AMD. (migrating turned off machines is easier, the problem is LIVE migrating)

      7.) Are the server makers in your approved provider list selling AMD servers? Is it worth it for you as a tech to go through the process with finance/purchases to add a new server provider?

      8.) Are the server makers that sell AMD servers providing good service in your country? Are they providing good service to your company? Service varies by region and account.

      9.) Are the server providers that deal with you providing AMD servers in the Form-Factor your project demands. I've seen mostly blades thus far. If you need 4U with many 2.5"disks, or 1U, or some other format, is it made by the server sellers your company approves?

      Finally, a server is more than the microprocessor it uses, and actually, the microprocessor is a small part of the cost. Maybe the server seller is trying to get this project for strategic reasons, or increase their footprint in your company, or hit the sales goal so that they collect the bonus and pay their yatch. In the end, your project needs servers that cover it's needs in terms of security, performance, form factor and support, amog other things. If after all these hurdles are cleared, for whatever reason, a server seller is offering you a less expensive intel server that covers your needs, go for it. If the less expensive one is AMD, go for it

      As you see, none of this is in AMD's control, it will get better over time, and none of this is due to evil machinations from intel.

      I hope this is usseful to you, and hope I've got a new "friend" on /.
      Let me know what you think.

      PS: For Grammar nazis, I bet my english is better than your spanish, AAAAND I also can communicate in french*, not too shabby for an electronics engineer.

      *used to be able to speak, read and write french, but after 15 years of no practice, I forgot most of it.

      --
      *** Suerte a todos y Feliz dia!
    9. Re:Bug by bug patches? by williamyf · · Score: 1

      In my original post I wrote:

      "I favour AMD for servers (since this article is about servers) but there are many caveats beyond AMD's control that make it an uphill battle to use their chips."

      the word "servers" is written twice.

      The article is about a server chip.

      I work with blade servers in telco. Also 4U ones with lots of 2.5" SSDs. Each of those servers cost $20,000,oo onwards.

      If you want to discuss $200 mobos for gaming, is OK. I have been using and recomending AMD chips since the 486, K6-3, and now XEN. Skiped their K5, K6 and anythig buldozer derived. But that was/is for personal use. For server use, is a different story.

      In my answer to fintux is my list of reasons. If you whish, go and read it. If not, no biggie, live a happy life.

      --
      *** Suerte a todos y Feliz dia!
    10. Re:Bug by bug patches? by fintux · · Score: 1

      Thank you a lot for taking the time to write the reply, this was very informative! This seems to especially apply to data center kind of servers, and not necessarily so much often affect smaller scale servers (although in some cases may).

      So there is indeed some truth behind the Intel's claim of their ecosystem, but it is not at least completely about compatibility (though to some extent also that, such as the transactional memory, VMM etc.), but also about stuff being optimized for Intel, and also the supply chain. But indeed highly depending on the use case.

      I started to think about this more out-of-the-box and I realized that for very large scale implementations, performance-per-watt might also be an important factor. And I think this also needs benchmarking for the use-case. Adding that to the single-thread performance, it is not a trivial equation at all!

      Of course, in the light of the constant security issues discovered with Intel processors, the risk and cost of data leak is also something to keep in mind.

      PS: My native language is not English either, but Finnish, and I speak also German, Swedish, some Italian and a tiny bit of French :P Too bad I don't speak any Spanish, and with my level of Italian, it would not be comprehensible to me probably even in writing, even though for native speakers it is possible to an extent...

    11. Re:Bug by bug patches? by drinkypoo · · Score: 1

      But that was/is for personal use. For server use, is a different story.

      It doesn't matter, even slightly. Once upon a time you didn't have the option to use AMD chipsets for servers or desktops, because they didn't exist. That was a good reason to use intel. Now, for both servers and desktops, you can use AMD chipsets. That reason went away. HTH, HAND!

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    12. Re:Bug by bug patches? by williamyf · · Score: 1

      I worked with a lot of Finish guys (Nokia, technomen) at the start of my career, even went to finland for a job interview in Jan 2001, but alas, it was not meant to be.

      What you say abot performance/watt in ultra large scale deployments (Like Amazon, Azure, facebook, Google) is 100% true, and well known, but my deployments are more large scale (Telcos). And also, if I took it to that level, the point would be lost to people who are still thinkig at the level of a gaming desktop, or a tower server for a 5 people company...

      As per the security, AMD (and all the others) has similar issues with speculative execution and side channel attacks, some have more issues, some have less issues, is just that Intel gets the bulk of the publicity for the time being, due to their large size.

      Cheers

      --
      *** Suerte a todos y Feliz dia!
    13. Re:Bug by bug patches? by fintux · · Score: 1

      I worked with a lot of Finish guys (Nokia, technomen) at the start of my career, even went to finland for a job interview in Jan 2001, but alas, it was not meant to be.

      Interesting! I also worked at Nokia with some Spanish people, though they were in a different team and abroad, so I think I only had a chance to see them once, was around 2008 or 2009 maybe :)

      What you say abot performance/watt in ultra large scale deployments (Like Amazon, Azure, facebook, Google) is 100% true, and well known, but my deployments are more large scale (Telcos). And also, if I took it to that level, the point would be lost to people who are still thinkig at the level of a gaming desktop, or a tower server for a 5 people company...

      Okay, I didn't really know what your target audience is.

      As per the security, AMD (and all the others) has similar issues with speculative execution and side channel attacks, some have more issues, some have less issues, is just that Intel gets the bulk of the publicity for the time being, due to their large size.

      You're right, however, and the nature of the speculative execution is such that it is quite difficult to get performance from it without sacrificing some of the security. I saw an idea about resetting the state in case of a failed speculation, but that is quite difficult with the different cache levels etc. That said, there has been only a couple of Spectre-like issues affecting AMD CPUs, and the worst one, Meltdown, does not affect them due to differences (speculative execution in AMD products does not bypass privilege boundaries). Intel has been cutting corners for the sake of performance, and they're getting hit by it. So the size is not the only factor for Intel getting the publicity.

  10. I'm not waiting to buy non-Intel CPUs by Anonymous Coward · · Score: 0

    I'm not surprised that Intel announces such hardware mitigation measures - but whether this is just some quick PR attempt at keeping people from replacing Intel CPUs, and quickly so, still remains to be seen. After all, we have not yet read about any L1TF fix for the VM-to-VM attack case that would cost less than 50% performance.

  11. If you’re OK with betting on / supporting as by Anonymous Coward · · Score: 0

    then yes.

    But then you’ll become the enemy of everyone, who was a victim of Intel. Which, at this time, is pretty much everyone who used a PC.

  12. Wouldn't it be interesting ... by WoodstockJeff · · Score: 1

    ... if they submitted samples of the CPUs to researchers to find these kind of flaws BEFORE they commit to making the first 100 million of them?

    1. Re:Wouldn't it be interesting ... by Anonymous Coward · · Score: 0

      ... if they submitted samples of the CPUs to researchers to find these kind of flaws BEFORE they commit to making the first 100 million of them?

      It took them over a decade to find these flaws, so yes it would certainly be interesting, assuming that you consider arbitrarily long delays to be particularly "interesting".

  13. Switch to something else? by Anonymous Coward · · Score: 0
    To hell with Intel I am switching to Frito Lay permanently and putting every Intel made chip in the compost heap except this one. Before the network clap trap con men and Russian hackers get to me. Posted from an old silent atom 512 with no speculative execution, fans or other crap while I munch on my bag of chips. Gang a bunch of them up like HP was starting to do before they lost their way and they can make one hell of a good server to boot.

    Either way Intel will win big time with this one because everyone is going to need new servers except for the few that run old AMDs and atoms! Hell I even still have a few working T42 non-pae laptops kicking around which can serve up stuff in a pinch if necessary. Might be a little slower than a hacked intel setup, but at least I know it will not be used to influence the next US election by someone in a cyber war command post redirected through a .tk purchased by and redirected to a .ru! Like the last bullshit hack that tried to hose this camper with a spector variant!

  14. All chips have similarities by Anonymous Coward · · Score: 0

    Seems like many chips have similarities but affect some of them more then others. What's more interesting is that none of this is really being exploited even months after disclosure. obviously a good ideal to try and mitigate what has been found to be weaknesses. But its hardly a huge threat to anyone yet. You can buy into a ARM or AMD and feel secure now, but what about down the road? I don't see any real fixes on the hardware side, only with OS, microcode and bios updates as we move forward for at least the next few years.

    1. Re:All chips have similarities by David_Hart · · Score: 1

      Seems like many chips have similarities but affect some of them more then others. What's more interesting is that none of this is really being exploited even months after disclosure. obviously a good ideal to try and mitigate what has been found to be weaknesses. But its hardly a huge threat to anyone yet. You can buy into a ARM or AMD and feel secure now, but what about down the road? I don't see any real fixes on the hardware side, only with OS, microcode and bios updates as we move forward for at least the next few years.

      My understanding that most of the Intel flaws require physical access to the system. Plus, BIOS and OS updates have been quickly developed to mitigate some of the issues. I'm not sure if this is reason why there haven't been more exploits or if because of some other factor.

    2. Re:All chips have similarities by jbmartin6 · · Score: 1

      My understanding that most of the Intel flaws require physical access to the system.

      Unclear what you mean here, obviously you don't have to poke your finger into the processor to exploit. There is a certain difficulty in exploiting these flaws, true, which is why we haven't seen much in the wild activity on them. But a lesson was learned from the Rowhammer exploit, 'they' said it was too difficult to locate an appropriate bit in memory and know when to flip it, until someone demonstrated a real attack using it. SPECTRE family is much the same, it requires a deeper level of knowledge than the commodity ransomware attackers out there. But once the details of a real attack are figured out and released it will become more important.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
  15. FUCKWIT by Anonymous Coward · · Score: 0

    The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.