Spectre and Meltdown Fixes ‘massive overhead’ will slow Linux systems, warns Netflix engineer

Your Feed is from https://www.safeharboroncyber.com/Blog/
CyberWisdom Safe Harbor Commentary Spectre and Meltdown Fixes
A recent story from techrepublic.com proposes a revealing two main affects from Spectre and Meltdown Fixes.
Due to performance overhead between 1% and 800%, changes to the Linux kernel have been found to reduce system speed in order to mitigate the effects of the crash.
Systems that use large numbers of system calls or have a high page error rate are particularly badly affected.
Netflix engineers warn that patches based on Linux systems can cause “huge overhead” in response to Meltdown CPU defects.
Brendan Gregg found that depending on the nature of the workload, there is a 1% to 800% overhead increase anywhere updating the Linux kernel to mitigate the risks associated with Meltdown.
Spectre and Meltdown Fixes Impacts
Spectre and Meltdown are vulnerbilities in modern chip design that could allow attackers to circumvent system protection on nearly all recent PCs, servers and smartphones, enabling hackers to read sensitive information (such as passwords) from memory.
“Due to extra CPU cycle overhead and memory work set size,” your position on this spectrum depends on system calls and page-error rates due to TLB refresh of system calls and context switches, “he wrote. Continuing the assessment could affect Netflix’s AWS-based system.
“In fact, due to our system call rates, I expect my cloud system from Netflix to experience a 0.1% to 6% overhead on KPTI and I expect we will reduce this system to less than 2% .
The severity of KPTI’s patch impact depends on:
System Call Rate: The system call rate goes up. Gregg estimates that there are 50,000 system calls / second per CPU, and the overhead may be 2%.
Page Error Rate: High rates increase spending again.
Working Set Size (Hot Data): Exceeds 10MB of overhead translates from 1% overhead to 7% overhead due to TLB (Conversion Lookaside Buffer) flushing.
Cache Access Mode: The worst-case scenario is a 10% reduction in performance overhead if the workload switches to access inefficient caching mode.
To reduce the impact of KPTI on Linux-based systems, Gregg suggests a number of measures: including using 4.14 for PCID support, large pages (which may also provide some gain), and system call reductions, as described in more detail here.
Gregg added that the actual performance impact of protecting Linux-based systems from Meltdown and Specter will be even greater because changes to KPTI are part of a series of updates to prevent vulnerabilities. In addition, there are Intel firmware updates, cloud provider hypervisor changes, and Retpoline compiler changes – all of which may further affect performance.
In an eager patch release, multiple instances of Spectre and Meltdown related updates lead to computer instability and performance issues-specifically, Intel firmware updates for variant 2 of the Spectre defect.
According to AMD chief executive Brian Krzanich, Intel is developing new designs for its processors to mitigate threats posed by Spectre and Meltdown vulnerabilities, and AMD is also reducing the specter risk.
IBM also released Meltdown and Specter patches for systems running on Power family of processors. Although IBM can provide operating system and firmware updates because Power4, Power5, and Power6 series systems are out of support, IBM does not patch these systems.
For more CyberWisdom articles on Spectre and Meltdown Fixes
Malware POC Analysis exploiting Spectre and Meltdown flaws

CyberWisdom Safe Harbor Commentary on Spectre POC Malware Analysis I couldn’t believe this story from securityaffairs.co that believes Malware exploits Spectre, crash flaws may come by proof-of-concept analysis. Researchers at AV-TEST, an anti-virus testing company, have uncovered more than 130 malware samples specifically developed to exploit the Spectre and Meltdown CPU vulnerabilities. The good news is
Read More
Intel’s Meltdown and Spectre patch hold up. What to do while you wait.

CyberWisdom Safe Harbor Commentary Waiting on Meltdown and Spectre Patch: I couldn’t believe this story from scmagazine.com that talks about the truth about while Intel pausedMeltdown and Spectre patch and we are waiting, what should we do when we are waiting Intel earlier this week suggested that users using processors that may be affected by Specter / Meltdown
Read More

Meltdown and Spectre Report: A Guide for Awareness

Meltdown and Spectre Report: A Guide for Awareness Now for almost three weeks, the legendary patch and resolution continue. This article is an update of the Implementation Guide to Meltdown and Spectre CPU Design Flaw or Chip Flaw. Currently, the world is still waiting for the “sure” fixes from Intel’s recently released bungled patch. However,
Read More

Update: Meltdown and Spectre Flaw and Vulnerability Implementation Guide – Intel Stops Bungled Patches
Intel Halts Meltdown and Spectre Chip Flaw/CPU Patches Over Unstable Code An update from my Meltdown and Spectre Flaw and Vulnerability Implementation Guide … by David S. Eng Meltdown and Spectre Flaw and Vulnerability Implementation Guide Now for almost three weeks, the legendary patch and resolution continue. This article is an update of the Implementation Guide to Meltdown
Read More
Meltdown and Spectre Chip Flaw and Vulnerability Implementation Guide Update: Intel holding off Patches

Intel Halts Meltdown and Spectre Chip Flaw/CPU Patches Over Unstable Code An update from my Meltdown and Spectre Flaw and Vulnerability Implementation Guide Meltdown and Spectre Flaw and Vulnerability Implementation Guide Now for almost three weeks, the legendary patch and resolution continue. This article is an update of the Implementation Guide. Currently, the world is still waiting
Read More

Why Meltdown and Spectre are ripe for ransomware attacks
CyberWisdom Safe Harbor Commentary: Today I came across this story from csoonline.com that declares a little known possibly that Meltdown and Spectre vulnerabilities are a path and ripe for ransomware attacks Before we study the solution, let’s take a closer look at Spectre and Meltdown. Specter breaks the isolation between different applications. It allows attackers to

Read More
Meltdown and Spectre patches varies performance impact and can cause unwanted reboots, Intel warns

CyberWisdom Safe Harbor Commentary: I couldn’t believe this story from securityaffairs.co that details Intel’s announcement that the test results on the Meltdown and Spectre patches and their impact on performance, confirming serious problems.Running Meltdown and Spectre patches based on S & G systems with several types of processors may experience more frequent restarts. Performance Hit A few days
Read More
Industrial systems scrambling to catch up with Meltdown, Spectre patch vulnerability

CyberWisdom Safe Harbor Commentary: Today, theregister.co.uk lays out things we don’t talk about that many industrial system vendors joined the vendor’s long list of performance and stability vulnerabilities that Meltdown and Spectre processors responded. So far, a dozen vendors have told ICS-CERT that they use a vulnerable processor, and The Register thinks there’s a
Read more…
Brendan Gregg describes the impact of updates to the Linux kernel that work around Meltdown as demonstrating the “largest kernel performance regressions I’ve ever seen”…. Engaging post, Read More…
thumbnail courtesy of techrepublic.com

(adsbygoogle = window.adsbygoogle || []).push({});

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post
The post Spectre and Meltdown Fixes ‘massive overhead’ will slow Linux systems, warns Netflix engineer appeared first on Safe Harbor on Cyber.

Powered by WPeMatico

convert this post to pdf.