
Intel Security Issue Update: Initial Performance Data Results for Client Systems - taspeotis
https://newsroom.intel.com/editorials/intel-security-issue-update-initial-performance-data-results-client-systems/
======
sho_hn
Much more so than the bugs themselves it seriously undermines my confidence in
Intel that in this time of emergency, they can't bring themselves to address
customers with straight talk.

Clear information should take precedence over mitigating liability. Yet it's
fallen to others to explain defects in their products, and people are even
mostly left guessing what their attempts to fix things actually do.

Screwups happen. But do I want to go live through the consequences of one with
this vendor at my side ever again?

~~~
api
Intel is in trouble. They've lost mobile and they're in danger of losing
desktop/laptop and cloud. While AMD is some threat there, the much larger
threat comes from high performance ARM64 cores. Intel would rather see AMD
take market share from them than ARM, since at least AMD Ryzen is still an x64
core and will keep the architectural center of gravity in Intel's area.

Of course their longer term strategy seems to be to get ahead in areas like
quantum and neuromorphic computing. This is going to keep them relevant in the
long term, but in the medium to short term they could have difficulties.

~~~
dmm
Intel is also in trouble in the sense that they have multiple class action
lawsuits filed against them regarding meltdown/spectre. Anything they publicly
say will no doubt be used against them if possible.

~~~
outworlder
I do not understand this. I get that for Meltdown, but Spectre affects almost
all processors available. What grounds do they have for litigation?

------
teamhappy
The performance hit is (supposedly) much more significant on Haswell and
older, which they forgot to include.

~~~
revelation
Specifically, the oldest generation they tested (Skylake) is the first to have
the PCID feature that avoids the complete TLB flush on every syscall.

Continuing with their strategy of full transparency..

~~~
kogepathic
_> (Skylake) is the first to have the PCID feature_

PCID was introduced with Westmere (2010). [1]

However it wasn't used in the Linux kernel until 4.14 because no one saw the
need. [2]

[1]
[https://www.realworldtech.com/westmere/](https://www.realworldtech.com/westmere/)

[2] [https://stackoverflow.com/questions/20155304/does-linux-
use-...](https://stackoverflow.com/questions/20155304/does-linux-use-x86-cpus-
pcid-feature-for-tlb-if-not-why)

~~~
vardump
But only Haswell added INVPCID.

~~~
blinkingled
This is the key. Without INVPCID PCID is good as useless.

------
jonplackett
“users who use web applications that involve complex JavaScript operations may
see a somewhat higher impact (up to 10 percent based on our initial
measurements).“

Ok so that’s probably most websites these days?

~~~
mtgx
Yeah, my first thought was "Oh, so Gmail will be much slower then?"

Intel seems to be trying as hard as possible to define narrow scenarios in
which the performance drop isn't too big and only mentioning those. In its
first benchmarks, for instance, it only tested a six-core 8700K, one of its
highest-end consumer products, because obviously the percentage drop would be
lower on high-performance machines than on slower ones.

------
discreditable
It's interesting to think that every CPU comparison benchmark online is
invalid now. With these number, I wonder how AMD is shaping up to Intel?

When I bought a 7700k over the summer, I went by benchmarks which showed it
over Ryzen for most non-parallel workloads. I suspect these numbers bring
Ryzen much closer if not beyond. With all these old benchmarks online, CPU
shoppers are likely to be misled.

Thinking further, I wonder how benchmarkers patch machines? Will they keep
anti-virus enabled so that they receive the 2018-01 patch?

------
PeterStuer
Even in these PR figures, the SYSMark 2014 SE Responsiveness test results, a
benchmark addition which was specifically created to unearth pain-points in
typical everyday user activities, gets a serious wallop.

~~~
mkagenius
> New “Responsiveness” scenario. Workloads include: application launches, file
> launches, web browsing with multiple tabs, multi-tasking, file copying,
> photo manipulation, file encryption + compression, and

gone down to 86% :-(

------
a012
> As of today, we still have not received any information that these exploits
> have been used to obtain customer data. We know our customers are eager for
> updates, and via this blog, I will personally communicate with you the
> information that we have to share today and in the future.

Seriously? To Intel, all of the world is just overreacted?

~~~
detaro
The original Project Zero announcement also contained the fact that they
aren't aware of in-the-wild exploits, does that mean they say they themselves
are overreacting, or are they merely providing information?

~~~
a012
It's too early to say, it's not known _yet_. Are you waiting for a first case
to fix your bugs?

~~~
detaro
Where are they saying anything about not fixing bugs? And like it or not, with
the issues of the available patches breaking machines, virus scanner
incompatibilities, ..., organisations will have to make decisions about _when_
to patch.

~~~
a012
I said they said like "the world is just overreacted, and if you insist to
promptly applying patch they'll provide". It's about their tone in their first
statement. And you're misleading my point here.

~~~
detaro
And I really do not see how you get a "the world just overreacted" tone from
this post or specifically your quote, I did not intend to mislead from your
point. Their overall communication strategy has been pretty bad, but this
instance seems fine to me. It's providing information. I guess they should
even provide more information against patching, since they don't talk about
the issues fixes can cause.

------
Keyframe
OT, but that guy's picture seems amazingly inappropriate for the topic and
unsettling in general.

~~~
nerdponx
It's not that off-topic. It's really bizarre in this context; it's the kind of
appeal to "ethos" that you see in all sorts of B2B marketing.

------
YouKnowBetter
Surely this is written by his PR department and the techies are ashamed of the
numbers & interpertation.

------
djhworld
I'm having trouble reading the table, surely they could have presented it as a
graph?

------
sector777
Is this fixable in the next generation in hardware, or is this a permanent tax
on performance going forward?

What I mean is (using a hypothetical): Suppose there's a flaw in the
arithmetic unit (e.g. integer division). There's a microcode update, all
integer divisions are correct, but run at 86% of previous performance. In next
generation, the hardware is fixed and performance will be back up to 100% of
designed performance.

Does the same type of handwaving apply to these types of security exploits?

~~~
pkaye
I think Intel can take the same approach as AMD for some of the issues. For
this remaining issue, I think there might be solutions with minimal
performance impact when you are doing a full chip redesign. For example, have
a separate branch prediction hardware for privileged code execution? An
additional cache area for speculated reads?

------
FollowSteph3
Any data on older processors? For example I run a sandy bridge 3930k but
didn’t see anything?

Also how far back are they going to patch?

~~~
teamhappy

        > [...] Intel expects to have issued updates for more
        > than 90 percent of processor products introduced within
        > the past five years.
    

[https://newsroom.intel.com/news-releases/intel-issues-
update...](https://newsroom.intel.com/news-releases/intel-issues-updates-
protect-systems-security-exploits/)

Sandy Bridge is older than that.

~~~
gravypod
Is SB going to remain unpatched? Those systems are still perfectly fine for
consumer use. I hope business starts selling them off cheap.

~~~
teamhappy
Looks like Sandy Bridge is going to remain unpatched. That doesn't mean that
your OS, compiler and so on won't get updates though.

------
tedunangst
With what mitigation config? IBRS? IBPB?

