Safe Harbor on Cyber is a 'safe harbor' blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
HomeVulnerabilityMeltdown and Spectre bugs safe patch fix slowdown gets real – and what you can do about it
January 9, 2018
Meltdown and Spectre bugs safe patch fix slowdown gets real – and what you can do about it
CyberWisdom Safe Harbor Commentary:
What is most likely to be an overlooked story from theregister.co.uk declares how installing patch fixes to be safe from Meltdown and Spectre bugs. We recommended enabling PCID (Linux only) will add more performance and protections.
The consequences of fixing these mistakes are enough to attract attention and complaints. Be aware that CyberWisdom Safe Harbor on Cyber strongly recommends installing the CPU Security Vulnerability patches as soon as possible. We just want people, especially cloud users and IT administrators, aware of this impact and Meltdown and Spectre bugs safe patch fix and observed performances.
While most casual desktop users and gamers will not notice any prolonged slowdown or any performance impact, people running IO or system-call-intensive software such as databases on back-end servers may notice that the difference.
Safe Harbor on Cyber found that: Red Hat reports increases the impact of patch fix performance from 1% to 20%.
Epic Games on Friday explained why players were recently logged in and stability issues, saying: “All of our cloud services are affected by the updates needed to mitigate the crash.
The company, which relies on AWS servers, has a screenshot of a chart depicting the peak CPU utilization after the host is patched. The “registered company” asked Epic to elaborate on its findings, but one spokesman said developers are not adding any further.
Discussion of the mailing list for Luster, a parallel distributed file system, showed that the speed of some IO-intensive applications dropped from 10% to 45%.
Arman Khalatyan of the Leipzig Institute of Astrophysics wrote in a memo on Monday: “We found a poor performance on a test system with zfs + compression + gloss.
On Reddit, a Monero miner reported that after applying the Meltdown patch, that figure dropped by about 45%. Another person quoted a hash rate of 10% to 15% on this topic.
Quora, which relies on AWS on Saturday, said it is facing a slowdown because of a patch applied by AWS to Intel’s Crash and Ghost.
Through Twitter, Francis Wolinski, a data scientist with the Paris Blueprint Strategy, pointed out that Python slowed significantly (by 37%) after applying the Windows 7 Meltdown patch.
Ian Chan, director of engineering at Branch Metrics, an analytics company, also analyzed via Twitter that the CPU utilization was up 5% to 20% after Meltdown patches were applied to the AWS EC2 hypervisor handling their Kafka instances.
Safe Harbor Recommendation: Enabling PCID for Performance
In a Google Groups post on Sunday, Gil Tene, CTO, and co-founder of enterprise Java biz Azul Systems said: “PCID has become critical both for security and performance on Intel’s x86 platform.” But he observed that it isn’t present on many of the virtualized Linux instances he’s looked at.
Most KVM guests – kernel-based virtual machines – don’t include PCID, according to Tene, while most VMware guests do. And about half of the AWS instances, he looked at doesn’t have it.
“You REALLY want PCID in your processor,” wrote Tene. “Without it, you may be running insecurely (Meltdown fixes turned off by default), or you may run so slow you’ll be wishing for a security intrusion to put you out of your misery.”
In other words, if you’re seeing crap performance after applying these fixes, look at your kernel configuration and get PCID enabled – if the hardware feature is present in your chipset. Windows should, for what it’s worth, use PCID if it’s provided by the processor.
PCID first saw Linux support in the 4.14 kernel released in November 2017, and thus it’s not necessarily available by default with every Linux instance, particularly on virtual machines.
Read more for Meltdown and Spectre bugs safe patch fixes…
Analysis Having shot itself in the foot by prioritizing processor speed over security, the chip industry’s fix involves doing the same to customers. The patches being put in place to address the Meltdown and Spectre bugs that affect most modern CPUs were supposed be airy little things of no consequence. Instead, for some unlucky people, they’re anchors. Having helped find the flaws, Google insisted the software fixes that have begun to appear “introduce minimal performance impact,” and insisted the performance hit will diminish over time. Intel said as much in its statement, claiming “any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.” That may be true eventually, thanks in part to a processor feature called Processor-Context ID, or PCID. Engaging post, Read More…
thumbnail courtesy of theregister.co.uk
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » Meltdown and Spectre bugs safe patch fix slowdown gets real – and what you can do about it
Pseudo author name by David S. Eng offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. CyberWisdom author curated Cyber Security Information and News Feeds and Articles. He has six years of hands on experiences as the principal researcher for DHS Cybersecurity Pilot Program on cyber threat intelligence, risk management, cyber technologies, web collaboration tools.