Meltdown-Spectre: Intel says newer chips also hit by unwanted reboots after patch
Intel says the unexpected reboots triggered by patching older chips affected by Meltdown and Spectre are happening to its newer chips, too.
Intel confirmed in an update late Jan. 17 that not only are its older Broadwell and Haswell chips tripping up on the firmware patches, but newer CPUs through to the latest Kaby Lake chips are too.
The firmware updates do protect Intel chips against potential Spectre attacks, but machines with Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake architecture processors are rebooting more frequently once the firmware has been updated, Intel said.
Intel has also updated its original Meltdown-Spectre advisory with a new warning about the stability issues and recommends OEMs and cloud providers test its beta silicon microcode updates before final release. These beta releases, which mitigate the Spectre Variant 2 CVE-2017-5715 attack on CPU speculative execution, will be available next week.
Despite the stability issues, Intel has told OEMs not to withdraw the already released updates for end users.
However, it warned IT admins at datacenters to proceed with caution: “Evaluate potential impacts from the reboot issue and make decisions based on the security profile of the infrastructure”.
Navin Shenoy, Intel’s EVP and GM of the datacenter group, has also released test data on the performance impact of the firmware updates on servers running its latest Skylake-based server Xeon Scalable systems.
On “common workloads” in the enterprise and cloud, Intel has seen an impact of 0% to 2%, while it had a four percent impact on a simulated brokerage firm’s customer-broker-stock exchange transaction system.
There is a large variance in the fix’s impact on data-storage systems depending on CPU utilization and other factors, such as the read-write mix, block size, and drives.
On one benchmark at full CPU utilization, Intel found an 18% decrease in throughput performance, while on a 73/30 read/write model there was only a two percent hit on throughput performance.
Shenoy highlighted Google’s software-based Retpoline fix for the Variant 2 attack as another mitigation that “could yield less impact”. Google last week urged the whole industry to adopt Retpoline because it mitigated the attack but had almost no negative performance impact on current hardware. “Retpoline fully protects against Variant 2 without impacting customer performance on all our platforms,” a Google executive said.
Google’s fix isn’t a patch that consumers would apply to their own systems and addresses the variant that has the greatest risk for virtualized cloud environments.