Subscribe to this thread
Home - General / All posts - Performance effects of Meltdown and Spectre mitigations
tjhb
8,102 post(s)
#12-Jan-18 00:57

Providers are falling over themselves to work around the speculative execution bugs announced a week or so ago.

Supposedly full patches are now available for some systems, including Windows patches for Meltdown and CPU microcode revisions to reduce vulnerability to Spectre. (How far back the microcode revisions will stretch seems an open question so far.)

Only one of my systems so far has the full set (an HP ZBook 15). Before I update it I thought I should run some Manifold 9 tests, to compare performance afterwards to see how deeply the Radian engine is affected.

So this is a bookmark for results, and also a suggestion in case anyone else wants to do the same.

We could test some transport-heavy queries (a simple UPDATE, say, and a SELECT INTO using GROUP and/or CASE) as well as some heavier geometry work that utilises multiple threads.

If I sort out some suitable test data and queries (that's the intention) then I'll post them here.

tjhb
8,102 post(s)
#13-Jan-18 13:50

Best explanation of Meltdown and Spectre I have read so far is by Peter Bright in Ars Technica.

adamw


7,975 post(s)
#14-Jan-18 09:39

A more technical explanation:

Reading privileged memory with a side-channel

adamw


7,975 post(s)
#14-Jan-18 09:36

These attacks are truly next-level. The implications from the fixes are pretty horrible and the performance is only part of the picture.

There is a bit of a bright spot in that the attacker has to research what it attacks extensively and he has to work with the constraints of the attacked code. This takes time and effort and the success is not guaranteed. Furthermore, patches and updates erase a significant part or even all of the work put into creating an attack. This should limit feasible targets of these attacks significantly (basically to the OSes - which are already being patched, and to the most popular versions of the most popular apps = browsers - which are starting to take measures against the attacks as well).

tjhb
8,102 post(s)
#30-Jan-18 00:52

No timing tests yet. The situation with patches is continuously evolving--a bit of a mess.

For example, HP has pulled the firmware patch for this ZBook 15 under Intel advice. Microsoft has released an out-of-band patch to undo the patch mitigations that utilise new Intel microcode. Together they were causing "higher than expected reboots" in Intel's words--which has to be the most mealy-mouthed and dishonest description of hard crashes ever devised.

So it's still a scramble. I'm not installing any of the patches for now.

Perhaps the greatest concern is not whether these flaws create opportunities for ordinary hackers, but how they will give security agencies new tools to access data on any machine they like. They would be mad not to be investing in this new technology.

ColinD


1,867 post(s)
#30-Jan-18 01:33

I'm up to date on all patches for my three HP workstations, MSI laptop and Mac Book Air with no untoward effects.

They would be mad not to be investing in this new technology.

It was my assumption that they would have been already well into this.


Aussie Nature Shots

ColinD


1,867 post(s)
#31-Jan-18 06:21

Today on my MSI laptop (core i7-4720HQ Win-10 1709 build 16299.192 64-bit) no M8 project could be saved. The process started then can't over write target file, saved to temp as...wouldn't even let me save to a different location. Result was the saved file in temp and an apparent empty file at the original location. On trying to open the empty file there was an unsupported version message. Same happened if I pulled and renamed the file saved in temp.

Never had this happen before. A reboot resolved the situation.


Aussie Nature Shots

Bernd Raab33 post(s)
#31-Jan-18 06:50

same here two days ago. after rebooting no such problems.

adamw


7,975 post(s)
#30-Jan-18 07:04

Visual Studio folks are including some protection into the compiler:

Spectre mitigation in MSVC

We aren't using that just yet - thing should stabilize a bit first, the patches are risky - but we will.

Regarding the performance, we have been testing and we haven't seen any significant slowdowns so far (between unpatched system + old compiler vs patched system + new compiler that tries to wreck the attacks by adding extra instructions). We might have been lucky with the drivers, however.

tjhb
8,102 post(s)
#18-Mar-18 01:44

I did a series of careful tests today.

I made 15m contours from an SRTM 1s DEM for the South Island of New Zealand in Manifold 9.0.165.5. I used auto-generated SQL, to take previews out of account, and before each test ran dfrgui.exe (to do TRIM on each applicable drive) followed by a reboot.

This was on an ASUS Gryphon Z97 motherboard, with Intel i7-4790K CPU. Note that no new Spectre-focussed microcode is publicly available for this CPU yet, so this test only addresses Meltdown mitigation.

Results:

Windows 10 build 16299.125 (no mitgations): 223.459s, 228.127s

Windows 10 build 16299.309 (with Meltdown mitigations): 226.367s, 223.146s, 226.748s

Conclusion: no difference.

I will test the same procedure on this laptop, which does have post-Spectre firmware available.

We will also want to test after Manifold begins using the post-Meltdown/Spectre C++ compiler mentioned by Adam.

tjhb
8,102 post(s)
#18-Mar-18 02:01

The main thing I take from this is that Manifold's transport layer is mainly proprietary code, not relying significantly on Windows APIs.

That's not exactly a surprise. A large part of what makes the Radian engine so fast. (And a massive investment.)

tjhb
8,102 post(s)
#18-Mar-18 07:46

Tests on machine with post-Spectre firmware did show a significant slowdown.

Results in detail tomorrow.

tjhb
8,102 post(s)
#19-Mar-18 02:35

Here are my results of testing with and without the mitigations for Spectre variant 2 (branch target injection).

To recap, these mitigations have two parts: new microcode (which is like a patch to code hardwired in the CPU), plus a Windows patch.

New microcode is already available for some CPUs, but by no means all.

Without new microcode, Windows patches can address the Meltdown bug (rogue data cache load) and Spectre variant 1 (bounds check bypass), but not Spectre variant 2 (branch target injection).

So far, no new microcode is available for the i7-4790K (and ASUS Z97 motherboard) which I tested earlier. New microcode is available for this HP ZBook 15 notebook (which by the way is four years old, well done HP).

Here is what I found for the ZBook. Again this is making 15m contours for SRTM 1s DEM of the South Island of NZ in Manifold 9.0.165.5, using auto-generated SQL, running TRIM, then rebooting before each test.

(1) No mitigations

HP BIOS 1.37. Windows 10 version 1703 build 15063.786.

Baseline time 329.83s.

(2) Software mitigations only

HP BIOS 1.37. Windows 10 version 1703 build 15063.996.

Times 300.789s, 336.119s No significant difference.

(3) New microcode only, no software mitigations

HP BIOS 1.40. Windows 10 version 1703 build 15063.786.

Times 323.307s, 327.301s. No significant difference.

(4) New microcode, with software mitigations

HP BIOS 1.40. Windows 10 version 1703 build 15063.996.

Times 368.577s, 366.839s, 365.142s, 378.437s, 381.69s.

Comparing the average of times under (4) with the combined average of times under (1), (2) and (3) shows a 13% slowdown in performance.

This is only one machine, and only one kind of test. Other machines and tasks might (probably would) show very different results. But bearing that in mind, the slowdown in these tests is both consistent and significant.

For now I'm going to leave this machine fully patched and put up with the loss of performance.

Dimitri


4,902 post(s)
#19-Mar-18 16:39

Thanks, Tim, that's super work!

lionel

456 post(s)
#14-Jan-18 17:07

ALL pc layers are concern even the main problem is the CPU/architecture/manufacturer ( intel AMD ARM qualcomm...)

article for consumer : https://www.theguardian.com/technology/2018/jan/04/meltdown-spectre-worst-cpu-bugs-ever-found-affect-computers-intel-processors-security-flaw

history https://meltdownattack.com/

0) clound service

use patch from OS, cpu

amazon aws EC2

azure office 365 https://techcommunity.microsoft.com/t5/Office-365/Office-365-Meltdown-and-Spectre-CPU-bugs/td-p/141735

1)browser ( site isolation)

general https://react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript

chromium base wait 23 january the new 63 version so for now use chrome://flags/#enable-site-per-process then enable restart

Mozilla

Microsot edge https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/

webkit ( safari) https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/

2) OS

Microsoft OS use powwershell https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Apple https://support.apple.com/en-us/HT208394

Android

red hathttps://access.redhat.com/security/vulnerabilities/speculativeexecution

2) motherboard

msinfo32 ll give us the name of motherboard

gigabyte https://www.gigabyte.com/Press/News/1586

asus https://www.asus.com/News/V5urzYAT6myCC1o2

4) BIOS

--ami https://ami.com/en/tech-blog/navigating-the-meltdown-and-spectre-attacks/ Aptio_V_AMI_Firmware_Update_Utility.zip

--Phoenix Technologies https://www.phoenixtechnologyit.com/blog/what-you-need-to-know-about-meltdown-and-spectre/

--Dell https://www.dell.com/support/article/us/en/04/sln308587/microprocessor-side-channel-vulnerabilities-cve-2017-5715-cve-2017-5753-cve-2017-5754-impact-on-dell-products?lang=en

--Gateway--IBM https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/

5) CPU

intel https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html#2

AMD https://www.amd.com/en/corporate/speculative-execution

Regard's

NB color support in edit mode not in view mode

Attachments:
chrome_Speculative Execution_site_isolation.png
georeference_color.png
windows10_Speculative Execution_powershell.png


join image "Because my dad promised me" interstellar from Manifold: Time by Stephen Baxter. power Math destruction

Manifold User Community Use Agreement Copyright (C) 2007-2017 Manifold Software Limited. All rights reserved.