Hardware & Technical Meltdown/Spectre-Patches Performance hit and fix

[Bortas]

Heya,

I assume everyone is aware of the ongoing security issues with virtually all contemporary CPUs and that Microsoft (and other manufacturers) hastily distributed a set of patches early this month to circumnavent the problem. Since it's a hardware issue, it cannot be fixed. Intel tested and published the performance hit the patch causes only on the latest series of CPUs... older CPU series, like the Haswell seem to be suffering considerably greater performance loss due to it.

Personally I'm using an i7 4770k (Haswell) and noticed a considerable performance hit in Elite Dangerous. I experienced serious stutter when approaching landable planets... it became especially noticable when I tried to land on the engineer site in Wyrd, which is located on one of two landable planets orbiting each other very closely. The game was barely playable in this situation.

On Windows 10 there seems to be no way to uninstall the questionable update. Luckily MS implemented a registry option to disable the CPU patch... It is described here:
https://support.microsoft.com/en-us...ive-execution-side-channel-vulnerabilities-in (in the bottom paragraph)

I tried that and the performance was back to normal... no stutter. Guess I have to live with the security hole.

Maybe this is helpful for some other commanders. It's a security issue, so decide for yourselves, wether you want to take the performance hit or the security hit.

 

[GJ51]

I've been doing a lot of research on this and patching Linux core on multiple servers.

The good news is that it now looks like the whole debacle is getting fixed in software with negligible performance hit in the next couple weeks.

For now, there are no known threats documented to be using the flaw, and the greater risk has always been to servers and VM's.

I wouldn't be terribly concerned for now on an individual PC (assuming you aren't doing dumb things)

YMMV but it now looks like this may turn into Y2K reduex

http://www.zdnet.com/article/google...ges-performance-hit-so-you-should-all-use-it/

EDIT: Just got word that what's expected to be the final release candidate with the Reptoline patches that addresses all of the Meltdown/Spectre vulnerabilities for the Linux kernel has just been released.

Now that it appears that the fix is understood and about to be final for the Linux kernel, one would hope that even Microswift can get it into a patch sometime this year.

The Retpoline patch was detailed by Google engineers in an academic paper and recently made public and indications are that it is effective and with little or no impact to performance.

One can hope.

This is a couple days old but relevant:

https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.15-rc8-BPF-Security

Keep in mind that ED runs on AWS servers which may have been impacted and will likely be improved once the final release gets rolled out.

 

[DeathStroke]

Meltdown/spectre smells like planned obsolescence 2.0 to me. Awfully convenient that older CPUs are hit worse than newer ones. Not to mention that it took so long to 'find' the issue.

 

[Morbad]

I saw essentially zero performance hit in Elite: Dangerous from the Spectre/Meltdown mitigation patches on my systems, even the Haswell and older ones.

 

[AutoMechanical]

On Windows 10 there seems to be no way to uninstall the questionable update. Luckily MS implemented a registry option to disable the CPU patch... It is described here:
https://support.microsoft.com/en-us...ive-execution-side-channel-vulnerabilities-in (in the bottom paragraph)

Control panel > Program and Features > Installed updates, then right click on the update you wish to uninstall. The update in question is KB4056892 for Windows 10, while I haven't had any issues on my pc so far 7700k and 1080ti sli this should help those that are.

 

[Jack Schitt]

Looks like we have the same Haswell CPU. I can't say I've noticed much of a performance hit, even with my ancient 3GB GPU that must be something of a bottleneck by now, but I have had four STOP errors (three playing ED, one playing Watch_Dogs) due to a CPU overheat warning since the patch went in, and that's concerning.

One of the things the patch broke was the wrapper for some utilities used by my Asus motherboard, including software fan control and sensor monitoring. Asus have pushed out a beta for this, and it sort of works, but I've noticed the CPU temperature jumping up and down quite alarmingly during heavy load. Whether this is the actual CPU overheating, or a problem with the beta software interpreting the sensors, I'm not sure.

I need to do some experimentation, up to and including rolling back the patch and/or applying that registry tweak, before I can really tell what's going on.

TL;DR: no performance hit in ED that I can tell, but it might be killing my CPU!

 

[bootsam]

As I understand it is not necessrily restricted to CPU's. GPU's too are vulnerable to this. Which may be more problematic for high graphical content such as ED. But as I am in a book reading phase, ive not switched on my pc for 3 weeks.

 

[Bob McBobblehead]

My CPU(ryzen 1600x) runs at 15% utilization on average, no readings for individual cores. I think it's my GPU(RX 480 8GB) that is causing the odd dip below 60fps. DX11 is not multi-threaded like DX12 and Vulkan, so that could be a issue to.

 

[GammaZ]

GJ51 ,
Retpoline (return trampoline) only "fixes" one variant of spectre though, intel-specific meltdown still needs KPTI/KAISER in linux and similar thing in windows, and it is what causes most noticeable performance impact...

Also... not installing this patches on home PC... seems like most sensible thing to do at the moment...

 

[Phazon Xenomorph]

This is one of those times I'm glad I'm still on Windows 7 and don't allow updates to run or background download at all. The security vulnerability is most likely nothing that would affect someone like me so there's no need to update to win 10 or get a new rig anytime soon and I'm on an i7-4790k. Thankfully I seem to be alright since I can't have those updates forced on me. Really sucks for Intel and Microsoft to pull a stunt like this though for those who are on Windows 10... it's a despicable operating system and nothing but garbage.

 

[GJ51]

There are still a lot of moving parts here including micro-code patches that we have looked at. The jury is still out, but it's looking quite positive that all the vulnerabilities are going to be addressed eventually with out much of a performance hit. Different CPU's may be affected to a lesser/greater degree than others, but overall things don't look as gloomy as first reported.

Time will tell

 

[Morbad]

As I understand it is not necessrily restricted to CPU's. GPU's too are vulnerable to this.

They aren't. GPUs don't use speculative execution and lack these vulnerabilities.

GPU drivers have been patched for compatibility reasons and because they are executed on CPUs.

Also... not installing this patches on home PC... seems like most sensible thing to do at the moment...

Disagree. Home users are least affected by the negative aspects of these patches and have little reason to avoid them.

 

[Zak Gordon]

Running a i5 3350P (ivybridge), Windows 7, and installed the Security only Quality Update for this via Microsoft Update Catalog:

http://www.catalog.update.microsoft.com/Search.aspx?q=kb4056897

As you only get the bundled update via Microsoft Update. Now i 'think' that is the correct version, and if it is, i have not noticed any slowdown or overheating issues outside of my normal operating parameters. Given it has only been installed for a few days that might change, but so far overall performance has not changed for me.

Edit: Ok running performance has not changed noticeably, so for example FPS in a game is the same as it was before, but start-up launch times have increased! I was not sure as i often mutli-task so didn't notice right away, but i decided yesterday evening to run some tests and about 80-90% of my most used software (from Photoshop to LibreOffice to most games) has a much slower launch time. Anything from 5-10 secs!

Once running everything seems about the same (and i obviously pay close attention to fps counts etc) but those longer start-up times will add up over time.

I'll keep with it for now, but i'm thinking on rolling back that update (as it is a machine mostly 99% of the time offline) and maybe trying the later fixes out, give MS (and others) more time to work on a better fix. Off course IF this is part of a forced obsolescence push the fixes might not get more efficient.

 

[Zak Gordon]

One thing i read yesterday and have implemented is a browser adjustment to enable site isolation. This can mitigate some of the dangers from the Meltdown/Spectre issue in relation to your browsers apparently.

So proceed with caution and do a general internet search about this issue before continuing.

=====================

In the address bar for Chromium based browsers (So Chromium, Chrome, Slimjet etc), type (or copy/paste):

chrome://flags/#enable-site-per-process

Which will show an 'enable' toggle (so click on it to 'enable').

In the address bar for Firefox, type:

about:config

agree to the warning then search for 'privacy' and look for the entry:

privacy.firstparty.isolate

Double click or right-click-enable to get that set to 'on'.

Palemoon did not seem to have this entry, so i assume as a more secure version of Firefox by default it already has this covered.

============

So far all the mentioned browsers appear to be working as before, so fingers crossed this helps the general situation we find ourselves in.

 

[Jorki Rasalas]

Control panel > Program and Features > Installed updates, then right click on the update you wish to uninstall. The update in question is KB4056892 for Windows 10, while I haven't had any issues on my pc so far 7700k and 1080ti sli this should help those that are.

I’ve been having problems with my two (extended) displays & MSI1080 GPU for a couple of weeks- Direct3D file failing to open & ED crashing, mouse freezing when moving between screens, ShadowPlay icons disappearing/reappearing, etc. Rolled back the NVIDIA driver from 390 to 388, & deleted CAM monitoring app but no difference. Disabled KB4056892 this afternoon & seems to have cured the problem, however it reinstalled itself on the first restart; the second attempt was successful but it’s queued to reinstall on reboot. Just downloaded and run an app from MS to block this but it still seems to be queued for reinstall.....

I haven’t updated the BIOS since I built the PC but have today checked & there’s an update this month that is supposed to provide compatibility with this MS update. Rather hesitant to do that as I would expect a totally bricked motherboard if anything goes wrong.

EDIT: wushowhide.diagcab is the MS utility to prevent the deleted security update reinstalling, & it seems to be working. Still shows as due to be installed on the settings/security&updates/Windows Update History but isn’t being installed on boot up.

 

[GuruNot]

A useful little tool can be found at https://www.grc.com/inspectre.htm , be aware of the following:

BOGUS “SmartScreen” WARNING from Edge and IE11 Browsers
Windows Defender “SmartScreen” appears to have decided that InSpectre is malware. This also happened briefly after the release of our Never10 utility. In this case, it is likely due to the fact that InSpectre's initial release was triggering anti-virus scanners due to the program's use of a specific registry key used to enable and disable the Meltdown and Spectre protections. The second release obscures its use of that (apparently worrisome) key and now appears to pass through most A/V without trouble. So we are hopeful that this SmartScreen false alarm will disappear soon.

In the meantime, PLEASE do not get a copy of this program from any 3rd-party download site, since that one could actually be malicious. If you have any non-Microsoft web browser (Chrome, Firefox, Opera, etc.) you should be able to obtain and use InSpectre without trouble. If you have a friend who is using some other computer (Windows 7 has no problem with this either) ask them to grab it from here and send it to you. Since the program is only 122k (written in assembly language) it's feasible to eMail it.

 

[Raino]

and here it goes on (i am still waiting for the big hit, but it starts)

next 2 attack vectors on CPUs
https://react-etc.net/entry/skyfall-and-solace-vulnerabilities

 

[GuruNot]

For Intel / Windows users that are still waiting for a BIOS update you can get windows to patch the Microcode for you via a driver. Some good instructions are at: http://forum.asrock.com/forum_posts.asp?TID=7353&title=spectre-microcode-update-for-windows-user

They are not ASROCK specific. When an official update is released for your platform you can uninstall the driver.

 

[Morbad]

For Intel / Windows users that are still waiting for a BIOS update you can get windows to patch the Microcode for you via a driver. Some good instructions are at: http://forum.asrock.com/forum_posts.asp?TID=7353&title=spectre-microcode-update-for-windows-user

They are not ASROCK specific. When an official update is released for your platform you can uninstall the driver.

Tested this on one of my systems without a firmware update, but will all Windows patches.

Seems that the driver loads the microcode too late for the branch target injection mitigation to work:

Looks like I'll have to get around to modding the firmware after all.

 

[Morbad]

Ok, just spent an hour in an hex editor copypasting microcode and padding garbage, then looking for a modded flash tool to get past the checksum.

Looks like it worked: