Like Formula1 racing cars, performance and benchmarking are the key differentiators that set apart the best from the rest. So too, when it comes to CPUs it is much the same.
Performance and benchmarking help to guide technical architects and software developers with their platform designs ensuring that the system can cope with the load and avoid sub-optimal situations that can cause both financial and reputational damage due to poor performance.
CPU manufactures such as Intel, AMD and ARM have discovered a security vulnerability in the way they secure internal access to CPU memory. These exploits are known as the somewhat apocalyptic Meltdown and Spectre… The flaws could allow an attacker to access sensitive data, such as passwords and cryptographic keys directly from memory. That’s the bad news.
The good news is that there will be a solution to resolve it using a technique called Kernel Page Table Isolation (KPTI) which keeps data isolated and safe. Hurrah.
However, herein lies the problem. The ‘patch’ will be software based and provided by the OS provider such as MacOS, Windows, and Linux. The patch may potentially introduce an overhead in terms of CPU performance particularly for Intel based processors.
It seems that Older Intel CPUs may be affected by this new method of securing data in memory. Newer Intel CPUs that have a feature called Process-Context Identifier (PCID) may see less of an issue.
Whether you run your servers in-house or in the Cloud, if it runs an Intel processor you need to consider the risk that performance may be affected.
The reality, at this point, is that the reported impacts of 30% reduction in performance are relatively unsubstantiated and the impact will be dependant on a vast array of variables. for example, the impacts on a membership system that manages customers will differ from a finance system handling thousands of transactions per second.
Intel knows how damaging the outcome of this could be, and will no doubt be working round-the-clock with OS providers to ensure that the impact will be as reduced as they can make it. As they say “we are working to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits”.
We will likely see more technical details of the flaw next week after OS providers have issued the patches. In the meantime, you can keep yourself updated on progress using the links below…