1 (edited by ramses 2018-01-10 19:10:03)

Topic: Performance impact of Spectre and Meltdown patches

Does RME or somebody else have any idea what the performance impact is for the upcoming
Windows / BIOS upgrades against Spectre and Meltdown ?

https://www.neowin.net/news/microsoft-d … wn-patches

Especially the patches against Spectre Variant 2 shall have a performance impact on i/o intensive applications (Server Systems, Databases) and the impact shall vary with the age of CPU. On more modern CPUs it shall have less performance impact compared to older ones (Haswell and older)

What I question myself is, how this impacts the performance for us folks doing recordings ?
- Does it increase the DPC latency ?
- Is the system still able to work with very low ASIO buffersizes on a given project or do they need to be increased ?
- Does it have impact on RME ASIO driver level ?

What do other folks ? The security consultants at my customer strongly recommend the upgrade.
They also will do it for their private systems.

The patch against Spectre version 2 has 2 components
- OS (Operating System) patch
- requires BIOS upgrade to upgrade the microcode of CPU (to make the OS patch work)

I am just asking the vendor of my mainboard (supermicro) whether its possible to make a microcode downgrade,
shall it turn out that the impact is not so nice, i.e. by flashing the old BIOS.
Am not sure whether BIOS makes only upgrades of CPU microcode or whether it can also downgrade...
I will report back here once I get a reply.

I hope I do not sound too pessimistic. Maybe this isn't a real issue for us at all.

I would be very thankful if you could share your experience here...
Especially shall you have the ability to test this on a test system before and after patches.
For my mainboard a BIOS upgrade is still due.

Many thanks !

Some upgrades on this topic here:
https://www.heise.de/newsticker/meldung … 37462.html

BR Ramses - UFX III, 12Mic, XTC, ADI-2 Pro FS R BE, RayDAT, X10SRi-F, E5-1680v4, Win10Pro22H2, Cub14

Re: Performance impact of Spectre and Meltdown patches

Het ramses, why do you plan to patch? Of course I will and did my internet machine, but why a daw? It is a pretty obscure bug to exploit. Do you have a virusscanner on your DAW machines?

Vincent, Amsterdam
https://soundcloud.com/thesecretworld
BFpro fs, 2X HDSP9652 ADI-8AE, 2X HDSP9632

Re: Performance impact of Spectre and Meltdown patches

I need to patch, as I have only one system which is connected to the internet.
This machine is a multi purpose system for Recording, Office, Gaming, Video Editing, ...
I do not want to administer more than this one system.
I personally regard it as useful for a DAW to have direct internet access.
My internet security solution does not impact the performance of the machine much.

BR Ramses - UFX III, 12Mic, XTC, ADI-2 Pro FS R BE, RayDAT, X10SRi-F, E5-1680v4, Win10Pro22H2, Cub14

4 (edited by cyrano 2018-01-10 21:23:39)

Re: Performance impact of Spectre and Meltdown patches

The performance impact is pretty minimal, except for 4k and over video streaming, I've been told. That's due to degraded SSD performance and most noticeable on high end setups witt SSD's in RAID.

I've tested a couple of quadcore/8 GGB and dual octocore/64 GB servers (non audio) with Debian and there's hardly any performance impact at all, but there's some software that will need updates.

I don't know nothing about audio with hundreds of channels, tho. No setup to test. But 36 channels showed exactly the same latency as before.

You need to patch, in general.

Meltdown seems pretty hard to exploit. Spectre could be easily exploited through javascript in your browser. There's no patch for Spectre, but the latest Safari (from yesterday) and the latest Firefox contain mitigations.

There's still ioHIDeous, which hasn't been patched yet and is far more dangerous... But that's Mac-only.

MB Pro - 2 X FireFace 400, FF800 & DigiFace USB
ADAT gear: Korg, Behri, Fostex, Alesis...

Re: Performance impact of Spectre and Meltdown patches

Thanks cyrano, so lets see :-)

BR Ramses - UFX III, 12Mic, XTC, ADI-2 Pro FS R BE, RayDAT, X10SRi-F, E5-1680v4, Win10Pro22H2, Cub14

Re: Performance impact of Spectre and Meltdown patches

Some -interesting- results for OSX, from a Macbook Pro and a Mac Pro:

https://reverse.put.as/2018/01/07/measu … rformance/

APFS, Apple's new filesystem shows a lot more performance loss than the patch for Meltdown, even when comparing unencrypted APFS against the old encrypted HFS+.

MB Pro - 2 X FireFace 400, FF800 & DigiFace USB
ADAT gear: Korg, Behri, Fostex, Alesis...

Re: Performance impact of Spectre and Meltdown patches

Does anybody know what CPU's are not affected by this?

I do not want to sound like the crazy conspiracy theory guy but every time i read
things like that i think that it's done intentionally (what apple did to their ollder iPhones for example)
to get people to buy new stuff..

8 (edited by ramses 2018-01-11 09:29:19)

Re: Performance impact of Spectre and Meltdown patches

FIXXXER wrote:

Does anybody know what CPU's are not affected by this?

I do not want to sound like the crazy conspiracy theory guy but every time i read
things like that i think that it's done intentionally (what apple did to their ollder iPhones for example)
to get people to buy new stuff..

I would prefer / regard it as better, to stick in this vendor forum / this thread to RME related discussions about
any potential impact on the product / recording, as general questions around this topic are already
heavily discussed in different IT forums.

Heise and others reports in detail about this since days. I suggest to read this 1st to get already a good overview.
Your question in regards to which CPUs are affected and to what known level there explained there in detail.

German articles:
https://www.heise.de/newsticker/meldung … 35124.html
https://www.heise.de/newsticker/meldung … 37462.html
https://www.heise.de/newsticker/meldung … 36956.html
https://www.heise.de/newsticker/meldung … 38146.html
https://www.computerbase.de/2018-01/int … itsluecke/

English:
https://www.anandtech.com/show/12214/un … nd-spectre

BR Ramses - UFX III, 12Mic, XTC, ADI-2 Pro FS R BE, RayDAT, X10SRi-F, E5-1680v4, Win10Pro22H2, Cub14

Re: Performance impact of Spectre and Meltdown patches

Performance loss can be significant .. SSDs looses much on i/o performance: https://www.heise.de/newsticker/meldung … 38747.html

Curious how this will be in terms of recording projects, ASIO buffer sizes when playing virtual amps, project load times ...

BR Ramses - UFX III, 12Mic, XTC, ADI-2 Pro FS R BE, RayDAT, X10SRi-F, E5-1680v4, Win10Pro22H2, Cub14

Re: Performance impact of Spectre and Meltdown patches

FIXXXER wrote:

Does anybody know what CPU's are not affected by this?

new Intel Xeon-W

Re: Performance impact of Spectre and Meltdown patches

Sure ? Can you pls provide information sources ?
I dont think so, because they were already designed before this whole affair started.

BR Ramses - UFX III, 12Mic, XTC, ADI-2 Pro FS R BE, RayDAT, X10SRi-F, E5-1680v4, Win10Pro22H2, Cub14

Re: Performance impact of Spectre and Meltdown patches

ramses wrote:

Sure ? Can you pls provide information sources ?
I dont think so, because they were already designed before this whole affair started.

https://security-center.intel.com/advis … geid=en-fr

But maybe it falls under "Intel® Xeon® Processor Scalable Family"? Not sure ...

Re: Performance impact of Spectre and Meltdown patches

Yeah, looks like they are affected too: https://www.techarp.com/guides/complete … pu-list/2/

Re: Performance impact of Spectre and Meltdown patches

Is it known where and how exactly the patches do what they do? Do they have to monitor/control/affect every application's RAM usage in a way that prevents access to kernel areas? Would typical audio/video applications even try to do that, and would they therefore be affected?

D. Fuchs
RME

Regards
Daniel Fuchs
RME

Re: Performance impact of Spectre and Meltdown patches

The official Intel statement: < 6%

https://newsroom.intel.com/editorials/i … t-systems/

One particular case, mkfile: > 66%

http://blog.metaobject.com/2018/01/melt … file8.html

MB Pro - 2 X FireFace 400, FF800 & DigiFace USB
ADAT gear: Korg, Behri, Fostex, Alesis...

16 (edited by ramses 2018-01-13 18:18:54)

Re: Performance impact of Spectre and Meltdown patches

RME Support wrote:

Is it known where and how exactly the patches do what they do? Do they have to monitor/control/affect every application's RAM usage in a way that prevents access to kernel areas? Would typical audio/video applications even try to do that, and would they therefore be affected?

D. Fuchs
RME

https://cloudblogs.microsoft.com/micros … s-systems/

"[...]Performance

One of the questions for all these fixes is the impact they could have on the performance of both PCs and servers. It is important to note that many of the benchmarks published so far do not include both OS and silicon updates. We’re performing our own sets of benchmarks and will publish them when complete, but I also want to note that we are simultaneously working on further refining our work to tune performance. In general, our experience is that Variant 1 and Variant 3 mitigations have minimal performance impact, while Variant 2 remediation, including OS and microcode, has a performance impact.

Here is the summary of what we have found so far:

  • With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.

  • With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.

  • With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.

  • Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation. Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel. We will publish data on benchmark performance in the weeks ahead. [...]"

BR Ramses - UFX III, 12Mic, XTC, ADI-2 Pro FS R BE, RayDAT, X10SRi-F, E5-1680v4, Win10Pro22H2, Cub14

17 (edited by ramses 2018-01-13 19:20:52)

Re: Performance impact of Spectre and Meltdown patches

Some more technical information here (German only):

https://www.heise.de/newsticker/meldung … 36956.html

"[...] Laut der QEMU-Webseite zielen die Microcode-Updates nur auf Schutz vor Spectre, genauer vor Branch Traget Injection (BTI/CVE-2017-5715). Demnach bringen die Microcode-Updates neue CPUID-Datenfelder und neue Model-Specific Registers (MSRs). Mit den CPUID-Befehlen können Betriebssystem und Programme erkennen, welche Funktionen ein Prozessor hat. Und über MSRs können Betriebssystem und Programme Hardware-Funktionen ansteuern.

Einige Mainboard- und PC-Hersteller stellen schon BIOS-Updates mit Microcode-Updates bereit.

CPU-Microcode-Updates

[Update:] In dem PDF-Dokument "Intel Analysis of Speculative Execution Side Channels" erklärt Intel, was es mit den Microcode-Patches auf sich hat. Gegen Meltdown ( CVE-2017-5754) sollen Updates des Betriebssystems helfen, unter Linux (K)PTI. Diese Updates bremsen allerdings die Performance bestimmter Software.

Jüngere Intel-Prozessoren ab der Generation Haswell (2013) alias Core i-4000/Xeon E5 v3 haben eine Funktion namens Process-Context Identifier (PCID), die die Leistungseinbußen durch die Meltdown-Patches verringert. Software aktiviert PCID über das Control Register CR4 des Prozessors (PCID Enable/PCIDE). Dann lässt sich in CR3 ein 12-bittiger PCID setzen, um die Speicherbereiche von bis zu 4096 laufenden Prozessen zu unterscheiden.

PCID funktioniert ohne BIOS- oder Microcode-Update.

Gegen die Sicherheitslücke Branch Target Injection (Spectre Variante 2, CVE-2017-5715) gibt es zwei Schutzverfahren. Beide verlangen bei Intel-Systemen ein Zusammenspiel von Updates des Betriebssystems mit CPU-Microcode-Updates, die neue Funktionen der Prozessoren freischalten.

Das erste BTI-Schutzverfahren verwendet drei neue CPU-Befehle, die Intel bei nicht näher genannten "modernen Prozessoren" per Microcode-Update nachrüstet: Indirect Branch Restricted Speculation (IBRS), Single Thread Indirect Branch Predictors (STIBP) und Indirect Branch Predictor Barrier (IBPB). Sie sollen auch in alle Prozessoren kommender Generationen eingebaut werden. Die genaue Dokumentation will Intel in einer künftigen Revision des Entwicklerleitfadens "Intel 64 and IA-32 Architectures Software Developer’s Manual" nachreichen.

Bei der zweiten BTI-Schutztechnik ersetzen Programmierer bestimmte Sprungbefehle durch ein Konzept namens "Return Trampoline" (Retpoline). Das funktioniert bei Intel-Prozessoren ab der Generation Broadwell (2015: Core i-5000, Xeon E5 v4) wiederum erst nach einem Microcode-Update. Letzteres wird üblicherweise per BIOS-Update eingespielt, einige Linux-Distributionen bringen aber auch Microcode-Updates mit. [/ Update]
Intel bestätigt Verminderung der Prozessor-Leistung

Der Intel-Chef unterstrich während seiner Präsentation, dass die Updates durchaus Auswirkungen auf die Leistungsfähigkeit der jeweiligen Prozessoren haben werden: "Wir glauben, dass die Performance-Auswirkungen dieser Updates stark von der jeweiligen Arbeitslast abhängig sind", erklärte Krzanich.

"Wir gehen davon aus, dass einige Workloads größere Auswirkungen haben werden als andere. Deshalb werden wir weiterhin mit der Industrie zusammenarbeiten, um die Auswirkungen auf diese Workloads im Laufe der Zeit zu minimieren." Konkrete Beispiele oder Zahlen blieb Krzanich schuldig.
Vor allem Server- und Cloud-Provider betroffen

Über die Dimension der Geschwindigkeitseinbußen durch aktualisierten Code wurde seit dem Bekanntwerden der Prozessorlücken Anfang Januar bereits heftig gestritten. [...]"

BR Ramses - UFX III, 12Mic, XTC, ADI-2 Pro FS R BE, RayDAT, X10SRi-F, E5-1680v4, Win10Pro22H2, Cub14

18 (edited by ramses 2018-03-12 21:49:50)

Re: Performance impact of Spectre and Meltdown patches

Here some measurements, Win7 and Win10 before and after CPU microcode upgrade:

https://www.tonstudio-forum.de/blog/ind … tre-EN-DE/

BR Ramses - UFX III, 12Mic, XTC, ADI-2 Pro FS R BE, RayDAT, X10SRi-F, E5-1680v4, Win10Pro22H2, Cub14

Re: Performance impact of Spectre and Meltdown patches

Interesting, thanks!

MB Pro - 2 X FireFace 400, FF800 & DigiFace USB
ADAT gear: Korg, Behri, Fostex, Alesis...