back to article Meltdown's Linux patches alone add big load to CPUs, and that's just one of four fixes

Netflix engineer, dTrace guru and famed shouter at hard disk drives Brendan Gregg has cooked up a "microbenchmark" to assess the Linux kernel page table isolation (KPTI) patch for the Meltdown CPU design flaw and come up with predictions of significant-but-manageable performance degradation. Gregg explained on Friday that his …

  1. This post has been deleted by its author

    1. This post has been deleted by its author

      1. Updraft102 Silver badge

        Re: For procurement...

        Wobbly1 writes:

        You are mistaken ,many AMD and ARM designed CPUs were also affected. see https://www.amd.com/en/corporate/speculative-execution

        From that page:

        "GPZ Variant 3 (Rogue Data Cache Load or Meltdown) is not applicable to AMD processors."

        1. This post has been deleted by its author

          1. Andraž 'ruskie' Levstik

            Re: For procurement...

            They are immune against MELTDOWN. SPECTRE still aplies but MELTDOWN is the one that hits the performance hard.

          2. big_D Silver badge

            Re: For procurement...

            Meltdown is, currently explicitly an Intel problem.

            Spectre affects AMD and many ARM processors.

            As the article is specifically talking about Meltdown and not Spectre, the question is valid.

            If you having to slow the system down to cope with Spectre, you don't want to also have to slow it down further to cope with Meltdown.

            Does this mean that AMD and ARM get a free pass? No, certainly not; but we are talking specifics here.

          3. This post has been deleted by its author

            1. Naselus

              Re: For procurement...

              "What performance premium do Intel chips provide, when they have to be patched for Meltdown, and AMD chips do not?"

              At the very high end (which is where we're looking here, in cloud DCs), Intel chips have a roughly 25% higher benchmark than AMD. So even with a 6-10% slowdown from the Meltdown patches, you're better on Intel chips. The only workloads where this may not apply is heavy database usage (SQL clusters etc); the very high (upto 40%) impact of meltdown mitigation on these specific use-cases means the top AMD chip performance may squeak ahead on these server types.

              Mid-to-low end, the difference in baseline performance is less - but the use-case for servers using these chips will tend to be less impacted by meltdown mitigation too, so Intel likely remains ahead.

              AMD will generally give better performance-per-dollar at most levels, but the metrics show absolute performance on both single and multi-core remains an Intel strength. Epyc and Ryzen are very good processor lines, far better than the dross AMD have been releasing for the last decade or so, but they're not really a match for Xeon and the i-7 at the high end of the market yet.

              1. Aitor 1 Silver badge

                Re: For procurement...

                Err no to your first statement, kind of ok with the rest.

                In some very precise benchmarks they have 30%. and precisely in those benchmarks the loss is about 17-18% (my own testing, but there are many more in the web).

                It is in databases etc that intel shines.. and with Platinum processors at 10.000$ a pop.

                i would say that for mainstream server processors AMD makes more sense right now.. who knows in the future. If you use AVX-512 a lot then of course not, but then you are not using it for mainstream uses...

                1. JEDIDIAH

                  Re: For procurement...

                  It's not just the whales... The real pain point with databases is the cost of software if you are using the overpriced and overhyped commercial vendors. That will add a nice magnification factor (2-5x) to the impact/cost of this kind of slow down.

          4. This post has been deleted by its author

            1. This post has been deleted by its author

              1. fandom Silver badge

                Re: For procurement...

                What makes you think we are Intel's, or AMD's, support department to demand an answer?

                1. phuzz Silver badge

                  Re: For procurement...

                  "What makes you think we are Intel's, or AMD's, support department to demand an answer?"

                  Firstly, neither Intel nor AMD would give you a useful answer to "should I buy an AMD CPU?", and secondly, this is The Register, and most of the commentators here work in the IT industry and are exactly the sort of people who have an informed opinion on the subject (as you can see from some of the other replies).

              2. CrazyOldCatMan Silver badge

                Re: For procurement...

                "Paid by Intel" comprehension FAIL.

                There. Fixed that for you..

            2. Doctor Syntax Silver badge

              Re: For procurement...

              "from the same page"

              That'll be the page dealing with SPECTRE, not MELTDOWN. You're failing to distinguish between the two and to note that the OP's question was specifically about the latter. That's why you're getting downvoted.

              1. CrazyOldCatMan Silver badge

                Re: For procurement...

                You're failing to distinguish between the two

                Said auto-reply bot seems to be sponsered by Intel..

            3. iron Silver badge

              Re: For procurement...

              @wobbly1 Please ask your English teacher for extra lessons after school. In particular you need to focus on reading comprehension and the fact that spelling Meltdown with the letters s-p-e-c-t-r-e makes it a different word.

              1. Anonymous Coward
                Anonymous Coward

                Re: For procurement...

                Glad I've got a 3 year old i5 laptop and AMD desktop PC so I'm not affected by either of these issues

                1. Anonymous Coward
                  Anonymous Coward

                  Re: For procurement...

                  "Glad I've got a 3 year old i5 laptop and AMD desktop PC so I'm not affected by either of these issues"

                  Um...Core i5 IS on the Meltdown list. AFAIK, this goes all the way back to Core 2.

      2. Anonymous Coward
        Anonymous Coward

        Re: For procurement...

        You are mistaken. Only Intel CPUs are affected by meltdown, which is easy to exploit and expensive in performance terns to fix.

        Spectre is pretty much across all CPUs (with a handful of exceptions), and is much harder to exploit, harder to patch, but potentially much lower performance impact.

    2. Aitor 1 Silver badge

      Re: For procurement...

      Ok, look at this:

      https://www.servethehome.com/intel-offers-enterprise-meltdown-spectre-benchmarks-gift-amd/

      In modest size postgresql virtualized servers I see 18% loss..

      1. Doctor Syntax Silver badge

        Re: For procurement...

        "In modest size postgresql virtualized servers I see 18% loss."

        It would be interesting to see the effects on well tuned examples of different database engines.

        1. Aitor 1 Silver badge

          Re: For procurement...

          Absolutely.

          It seems that a deep knowledge of the issue,recompiling Postgres and a few tricks can reduce this a lot.

          Then I would have to keep doing that everytime, and at that point I am better using AMD, or assuming the costs of "meh" tuning.

      2. Naselus

        Re: For procurement...

        "Ok, look at this:

        https://www.servethehome.com/intel-offers-enterprise-meltdown-spectre-benchmarks-gift-amd/"

        Your quoted page largely supports my argument.

        "Still, if the Intel Xeon Platinum was 27% faster pre-patch, we would expect it to be no faster than 22% faster now."

        "The one we really want to see the results of is the “Storage bound workload” for the NoSQL database. Intel claimed a 27% lead over AMD EPYC but it is showing that some storage bound workloads using fio can see a 22% decrease. If Intel had a 22% decrease there, it would actually push Intel below AMD EPYC on that benchmark."

        So... Intel generally likely to remain significantly better on generic workloads at high-end, but some risk of AMD taking a lead in intensive DB ops. As in, exactly what I proposed in my initial post.

        So yeah, I generally wouldn't be looking at AMD in the server room - yet. Epyc is OK when there's a major budget constraints - for SMBs looking to run a lot of stuff on one box, say - but as you move up into serious enterprise kit and you can spend serious money, AMD still aren't competitive. But it's really not far off, and the performance loss Intel have suffered from Meltdown really does mean AMD could feasibly overtake again for a generation or two in the near future.

        Then Intel will just do what they did in the late 1980s and the early 2000s and hurl so much money at the problem that they leave AMD in the dust again. Same thing happens every 15 years or so.

  2. andyp-random-number

    Patches applied yet?

    I don't know if any of these patches have been applied yet but for my general use I haven't seen any slow downs. I think for the average Joe this speed thing may be just a storm in a tea cup. I use Linux / Fedora.

    The wife's laptop runs windows 10 which is so slow due to pop ups about this that and the other, like software renewals and anti-virus warnings, I don't think any speed decreases will be noticed even if the cpu went 30% slower. She spends half her time waiting for the updates to do their stuff. Turn on then then make a cup of tea, then ask why isn't windows ready yet for the first 10 minutes. It's got so bad the laptop is just left running over night. Against this back ground of update / nag ware this cpu issue means nothing.

    1. Anonymous Coward
      Anonymous Coward

      Re: Patches applied yet?

      Yes you do wonder what windows update is doing half the time. Some updates seem to take longer than a fresh os install.

      Doesn't kernel 4.15 have significant speed boosts that offset the other patch slow downs ?

    2. big_D Silver badge

      Re: Patches applied yet?

      I have Windows 10 and Linux laptops and desktops, all run more or less the same speed after patching, for typical single user usage.

      Where you will see an impact is in processing large datasets or on multi-user systems. Also if you are hosting a lot of virtual machines, you will probably see a slow down,

      That said, my ThinkPad L470 Core i7 and Ryzen dekstop, both with 5 or more Hyper-V VMs running are not showing signs of slowdown. But the test VMs running on those systems are fairly processor un-intensive.

    3. Anonymous Coward
      Anonymous Coward

      Re: Patches applied yet?

      "I haven't seen any slow downs."

      I see this a lot and always fail to see the point being made. If I bought a Ferrari that can do 150mph, but I only ever drive it at 70mph, the meltdown patch could have clocked it to 100mph and "I haven't seen any slow downs", despite the car now performing measurably slower.

      Just because you don't notice the slow down, it doesn't mean it isn't happening. I see what you're saying about Windows rubbishyness, but the two issues need looking at independently. Windows being a bloated bag of nagware doesn't justify CPUs slowing, even if Windows does spend half it's time locking you out of your mostly idle PC to update it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Patches applied yet?

        So what you are saying is that if I don't use my processor to it's full potential I won't see the slow down because I'm hardly ever running it at full speed?

        I think you may be misunderstanding how this all works, every call will be effected so even running slow tasks will be slower because it is every time you access the CPU with an instruction.

        It's not like the instruction can pull extra speed.

        1. Richard 12 Silver badge

          Re: Patches applied yet?

          If you never take any CPU core near full utilisation, you will never see this slowdown.

          The Meltdown workaround is to make the CPU wait a moment for each context switch.

          So if the CPU normally spends much time twiddling its thumbs, the extra context switch time will not have any effect - it wasn't doing anything anyway.

          1. Anonymous Coward
            Anonymous Coward

            Re: Patches applied yet?

            ok, so I send an instruction to the CPU and it can't now try and predict what the instruction is going to do so you're saying that there won't be any slow down because it's going to use the rest of the processing power to make up for this prediction that no longer exists? You're also contradicting by saying it now has to wait because if it's got to wait then how is it going to use extra processing power to not wait?

            I'm not really getting this, any explanations would be welcomed. Thanks.

            1. Anonymous Coward
              Anonymous Coward

              Re: Patches applied yet?

              Consider a case with some (randomly created) numbers:

              Where it previously took 1 cycle to complete an system call, it now takes 3.

              If you've loaded the processor down, then each time it needs to make a system call, it now takes an extra 2 cycles. Lots of system calls, lots of slow down.

              But, if you're not fully utilizing the CPU, then you might have 10 cycles of nothing between actual computation. You can easily throw a couple of those at the Meltdown fix and not notice, since the processor was waiting for something to do anyway.

              In the second case, the total time to complete a task really isn't affected, since the Meltdown delay didn't delay anything else. In the previous case, you got a cascading effect where each delay delayed something else, so the total delay just kept accumulating.

              1. Anonymous Coward
                Anonymous Coward

                Re: Patches applied yet?

                That makes sense, thanks for the explanation. So realistically on a home computer all I have to do is not use chrome and I should be fine.

            2. Doctor Syntax Silver badge

              Re: Patches applied yet?

              "I'm not really getting this, any explanations would be welcomed."

              It depends on what you're doing. If you're busy typing a document, reading mail or commenting on el Reg there'll be a burst of activity every time you hit a key. The waiting time until you hit the next key will be an age in terms of CPU cycles so that you'll not notice that the brief burst of activity was slightly less brief. Even the time spend dragging the next mail or page from the net doesn't disturb the CPU's peace that much. If you look at the processes running on a modern OS you'll see there's other stuff running beside what you think of as your application but they only typically consume a few % or less.

              If you're doing something more compute-intensive, especially something that involves a lot of /IO such as streaming lots of data from the network or disk then you might well see a slow-down. The reason for the I/O effect is that it's the OS that handles the I/O and it's the switches between application and OS kernel that are affected by the mitigation. In there's still some slack time on your CPU you might not notice but you're likely to find the fan running faster because more work is being done and more heat generated. If the extra work is sufficient to push you from having some idle CPU time to being 100% all the time then you'll find the system slowing down somewhat. If your CPU was running flat out before the mitigation you'll find it a lot slower because it's now trying to do the original work plus the extra and the only way it can achieve that is by taking longer.

        2. David Roberts Silver badge
          Headmaster

          Re: Patches applied yet?

          Think about a turnstile.

          If the rotation is slowed by 10% then each individual passing through will go through slightly slower.

          If the turnstile is only used 40% of the time and there is never a queue then the change in throughput is going to be negligible.

          If the turnstile always has a queue then the processing through the turnstile is going to be noticeably slower.

          In computing terms your process has to be very cpu bound for the patch to have a major effect. If this was the case you would see the cpu running flat out most of the time. Most home systems don't see this so the patch generally will not make a noticeable difference.

          If you are usually running at 5% cpu a 10% overhead will take it up to 5.5% worst case. A slowing of 0.5% in the performance is not usually noticeable.

          Edit: see that A/C has beaten me to it.

          1. Anonymous Coward
            Anonymous Coward

            Re: Patches applied yet?

            Different person asking a question. This won't affect my home use much, I don't except. It is my thought that if the CPUs have to work harder, use more cycles, this will affect heating in the servers and air conditioning (AC) costs in data centers. Data centers are built to do a certain amount of work (a maximum of CPU cycles) and AC costs to cool that equipment. Could this add a significant cost to cooling and affect the life expectancy of CPUs?

      2. Anonymous Coward
        Anonymous Coward

        Re: Patches applied yet?

        > "I see this a lot and always fail to see the point being made."

        That the performance impact is not noticable in whatever context that person is using it (e.g. home-office)? Due to the "30% slowdown" headlines, some people were holding off installing the patch, due to fears of serious performance degradation - depending on what people are doing, this may not be an issue, and holding off patchingmay be a bad idea. Honestly, I'd have thought it was obvious ...

    4. Anonymous Coward
      Anonymous Coward

      Re: Patches applied yet?

      > I don't know if any of these patches have been applied yet but for my general use I haven't seen any slow downs.

      Not sure how Fedora handles them, but for some distros kernel upgrades are seggregated from the main set of updates, so you might want to double-check you've got the latest kernel revision. Having said that, I'm running a patched 4.13 kernel, and haven't noticed a slowdown after patching (on a 3.6GHz i3).

  3. David Roberts Silver badge
    Joke

    Netflix chap 'and predicts

    Is this subtle code for Netflix onanist?

  4. alain williams Silver badge

    Power usage

    Do we have any numbers on how the Meltdown fix affects CPU power use for the same workload ?

    If it is having to do more work at every context switch then that will mean less time idle/...

    The argument above is that unless you use the CPU at 100% then you will not notice the patch overhead -- but then you might notice a bigger electricity bill???

    1. TechnicalBen Silver badge

      Re: Power usage

      10p per year? For home users we would never notice most changes in power usage unless running mining/server gear and it swapping from 10% util to 100%. 1-30% probably will not be noticed.

      Server farms and big providers though, yes it is important to them.

  5. Anonymous Coward
    Anonymous Coward

    Conformant to expectations

    So, not as bad as predicted, but still debilitating. Life's overhead.

  6. herman Silver badge

    Well, if your video playback is already stuttering, then it will be stuttering more and if it was smooth before, then it may start stuttering after. Also, your electricity bill will be a little higher.

  7. Stuart 22

    Farmer's Lament

    It does effect many people's computing is done in the cloud or within each organisation's server farm.

    Those large scale operations will have been sized to operate at optimum utilisations - the highest achievable before unacceptable degradation sets in. Or just after for some providers! Otherwise they can be undercut by competitors.

    To take an an analogy - the NHS is running its hospitals on a 96% bed occupancy than 'only' a 2% extra is pretty catastrophic. And processors as they saturate can really start flapping. How much depends on the nature of the load. Degradation may be steep, very steep or cliff edge. Of course AWS & Netflix can sort their situation by 'only' increasing the servers farms by adding 2 racks for every existing 100. That's still an awful lot of kit to be ordered, manufactured, installed and tested on top of planned growth.

    Right now their contingency farms are probably taking the extra load so we may not notice. That's fine until the contingency is needed. Then it could be blackout time.

    But then I'm assured here my PC will still be working fine. So it'll be a good test of my 'what happens when the cloud disappears' backup procedure. A lesson on dependency many of us never really learn.

  8. jms222

    Though it's true 2% can make a difference for the NHS for most cloud services it's more like when you press a button the website it takes 0.938s to respond instead of 0.925s to respond.

    If you spend much of your day browsing and experiencing a few milliseconds here and there due to this extra overhead and the rest discussing it on this forum chances are the difference really won't affect you.

    The problem is really for providers that share their hardware between customers AND there's lots of I/O or system call or context switch stuff going on.

    For some applications like fraud pattern chasing and banking stuff is overnight and non-interactive.

    For home non-gaming users it's likely the CPUs are either completely idle anyway or running malware.

    1. Killfalcon Silver badge

      I wonder how this will impact the coin mining malware types, since I hear they usually run the *ahem* borrowed CPU as hard as they can.

  9. analyzer

    Confusion reigns

    It would seem that people have confused how these vulnerabilities got their names.

    SPECTRE V1 and V2 are vulnerabilities that arise from issues with speculative execution and how instructions are retired. V1 is quite easy to take advantage of whereas V2 is a great deal more difficult. The chances are that if your current CPU does speculative execution then you are vulnerable to both of these.

    Mitigation for these 2 vulnerabilities causes the least slowdown in operation.

    MELTDOWN breaks down the isolation between user space and kernel space. So far the only *modern* processors that have been found vulnerable to this is Intels. This is the big slowdown as the only solution is to force a full context switch when moving to and from kernel space. The problem for Intel is the large number of CPU states that it takes to achieve this context switch.

    For those old enough to remember WNT3.1 it was dog slow because Intel CPUs were not that fast and the device drivers were not in kernel space. The BSOD appeared from WNT3.5 onwards when device drivers were put in kernel space for speed reasons.

    In general use the same always applies, it doesn't matter which CPU you use you're unlikely to push the system to the type of limits where you'll come across these slowdowns. If you do push a system that far then you will need to test under your specific use case. As always with these things not only will your mileage vary but so will your fuel consumption.

  10. jelabarre59 Silver badge

    If Netflix suffers

    I have to wonder, if Netflix will suffer from this patch, have to wonder about smaller streaming services like Crunchyroll. CR already has enough slowdowns as it is.

  11. breakfast

    So if I recently purchased an Intel-based system on the grounds of it being fast and it is still under warranty, should Intel be sorting me out with a new processor as soon as they have figured out how to security? It seems like it would be the right thing for them to do.

  12. Nano nano

    Exceptions to every rule ...

    So could we have a (privileged) means of running processes in a non-KPTI environment ?

  13. SAdams

    Intel crypto mining

    You have to hand it to Intel - they've come up with a genius way of dealing with the fact they've hit a brick wall in Moore's Law, breaking their business model. By inventing "vulnerabilities" in order to mine Bitcoin/Monero etc on all machines globally they've secured themselves a strong new revenue source....

  14. Lorribot

    Is there a reason that Gregg's was used through out this piece?

    Such as "Gregg's explained on Friday".

    Maybe I am a bit slow and misssng the joke but his name was Gregg, Gregg's indicates possesion as in "Gregg's hat" and not just a refernce to a person, you could, in the jocular, refer to him as Greggs of even Greggsy but Gregg's is just ugly and wrong.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019