CPU security flaw: What are the expected performance losses?
A serious security flaw in CPUs has the tech industry scratching its head. Initially, there was only talk of Intel processors. However, security researchers at Google later announced that both AMD and ARM are also impacted. In other words, all chips since 1995 are exposed – from PC to smartphone, from Windows to iOS.
What does it all mean?
The security flaw grants unauthorised access to an operating system core memory, so-called kernel memory. This happens because of the way CPUs handle processes called «Speculative Execution», a technology that predicts processes. Take the following example: If your computer features the number sequence 1, 2, 3, the CPU computes that the next number is 4. This type of prediction speeds up processes. If 4 does not follow in the sequence, the process is rolled back. Unfortunately, an exploit in this system enables system memory to be read; giving attackers access to passwords, encryptions and sensitive information.
Meltdown and Spectre are the names of two potential attack scenarios that could take advantage of this flaw. The flaw has been known since June 2017. Companies including Microsoft, Google and Amazon have been working their fingers to the bone to come up with an antidote to protect their Cloud services in particular. After all, anyone with access to a virtual machine has access to all other entities that run on physical machines.
The original plan was to publicly announce the flaw on 9 January. But due to the premature announcement of this security issue, the update has now been brought forward. The operating systems MacOS and Linux are equally affected as Windows. Microsoft has already rolled out an update. However, it has not yet been played out on all devices due to various antivirus services. Unfortunately, the patches used to mend the flaw have a catch: They slow down processor performance.
A visualisation of a Meltdown hack.
A solution is in sight and all operating system manufacturers are involved. Their goal is to isolate the data. The technology behind this solution is called “kernel page table isolation”. To prevent the flaw from being exploited, the technology works with a copy of the original memory area. This means that every running process only sees the memory area it is allowed to see.
Creating this copy in the memory requires performance. The losses that occur with every call up vary depending on the processor family and application. Fluctuations can be due to the fact that older Intel processors empty their Translation Lookaside Buffer (TLB) – a kind of temporary storage for recently referenced memory addresses – with every page table change. According to the Heise tech blog, more recent processors are better at dealing with this thanks to so-called process context identifiers (PCIDs).
What should I do?
The only thing you can do is wait and install updates for both your operating system and firmware. It’s up to the manufacturers to patch up the flaws. Only future hardware will get rid of the flaw for good.
For more information, go to the following Intel webseite.
Who is affected and how badly?
New updates and patches keep on coming out. We’ll only be able to assess the extent of performance loss with absolute certainty after the updates have been rolled out on a large scale. Current benchmarks are only giving us an approximate estimate. Most users should not be affected – with one exception: Applications that trigger a frequent change of memory address, such as copying many files.
The open source guru and mastermind behind the Linux-oriented website Phoronix, Michael Larabel, hardly noticed any changes in his benchmarks in Linux with various Steam games. Processes required for games are less likely to be affected by the security patch. Phew, now that’s a bit of luck.
This is another field in which Larabel carried out tests with an early patch version. Neither H.264 video encoding nor FFmpeg video conversion showed any negative effects.
Processing large volumes of data
Based on Phoronix’ results, the Youtube channel Hardware Unboxed put SSDs through a test course just like Techspot. Particularly in the 4K reading range, both found severe losses of up to 23%. However, following the Windows 10 patch, hardly any changes were registered in CPU-focussed benchmarks such as 7-Zip and Cinebench.
According to Google, the updates have no negative effects on cloud computing, even though this service handles huge data volumes.
Smartphones and tablets
To date, no clear statement has been made regarding expected impairments. Android, iOS and some Chrome OS devices are affected. Android devices with the latest security update from January are already protected. However, only very few devices (Google Pixel etc.) got the update. Therefore, Android poses the greatest risk for users. Practice has proven that updates are painfully slow at making their way to the millions of terminal devices. Therefore, it is recommended to avoid online banking, credit card payments etc. on an unpatched Android device until further notice.
Once again, the tech industry has dug a hole for itself. By producing ever faster processors, a security gap was created that can only be bridged by making compromises. Although it appears that security patches will soon be rolled out, the flipside is that certain areas of application are faced with substantial performance losses. Primarily, this will affect the processing speed when working with lots of files, as the Phoronix benchmarks show. This will prove particularly annoying for anyone dealing with large data volumes. But for now, all we can do is wait. Only the next generation of chips will finally fix the flaw.
If you want to do some serious reading up on the matter, this very technical Google blog post may interest you.
And here is another handy overview and FAQs.
Senior Editor, Zurich