The No.1 Website for Pro Audio
 Search This Thread  Search This Forum  Search Reviews  Search Gear Database  Search Gear for sale  Search Gearslutz Go Advanced
Intel CPUs Have a Major Security Flaw, Fixing It Causes a Huge Performance Hit DAW Software
Old 3rd January 2018
  #1
Gear Maniac
 

Thread Starter
Intel CPUs Have a Major Security Flaw, Fixing It Causes a Huge Performance Hit

Old 3rd January 2018
  #2
Here for the gear
 

well that sucks, just scored a new laptop too.
Old 3rd January 2018
  #3
Gear Nut
 

Wow. But it's only for systems with virtual machines right?
I guess we'll find out.
Old 3rd January 2018
  #4
Lives for gear
 

Its relevant to any situation where a cpu will switch thread context and a running programme has to temporarily hand over control of the cpu to the kernel. Context switching is a fundamental method by which a cpu is able to multi-task. Every time your sound card driver interrupts system clock for a new buffer write to memory? Context switch.

I do wonder how this will affect DAW performance and how much you can really minimize context switching in a real-time audio signal pipeline. We shall see I guess.

Last edited by Robobaby; 3rd January 2018 at 11:34 AM..
Old 3rd January 2018
  #5
Gear Addict
 

Following this thread.
Old 3rd January 2018
  #6
From what I have read it's looking like a 5%-30% slowdown depending on context and CPU.

Given the low-latency needs of DAWs this could be a real killer of realtime low-latency audio performance. We shan't really know until the patch is out though.

Wayne
Old 3rd January 2018
  #7
Gear Head
Not on AMD

Haha
Old 3rd January 2018
  #8
Quote:
Originally Posted by mkdr View Post
Not on AMD

Haha
True. However whether the implemented workaround in MS Windows distinguishes between the two types of processor remains to be seen.

It depends on how lazy the MS developers are feeling.

Wayne
Old 3rd January 2018
  #9
Lives for gear
 

The LKML guys are pretty funny:

Quote:
Several people including Linus requested to change the KAISER name.

We came up with a list of technically correct acronyms:

User Address Space Separation, prefix uass_

Forcefully Unmap Complete Kernel With Interrupt Trampolines, prefix f--kwit_

but we are politically correct people so we settled for

Kernel Page Table Isolation, prefix kpti_
LKML: Thomas Gleixner: [patch 00/60] x86/kpti: Kernel Page Table Isolation (was KAISER)
Old 3rd January 2018
  #10
Gear Addict
Quote:
Originally Posted by Robobaby View Post
Its relevant to any situation where a cpu will switch thread context and a running programme has to temporarily hand over control of the cpu to the kernel. Context switching is a fundamental method by which a cpu is able to multi-task. Every time your sound card driver interrupts system clock for a new buffer write to memory? Context switch.

I do wonder how this will affect DAW performance and how much you can really minimize context switching in a real-time audio signal pipeline. We shall see I guess.
I'm afraid this could be very bad news for us DAW users
Old 3rd January 2018
  #11
Lives for gear
 

I just bought myself a Ryzen 1700 this past Saturday.

Shadenfreude is the only freude.
Old 3rd January 2018
  #12
Gear Maniac
 

This looks like a nice scheme to drive new CPU sales.

The good news is Intel will be able to brag about relative performance of new generation chips.

EDIT - thanks again to our friends at the NSA!
Old 3rd January 2018
  #13
Lives for gear
 

Was going to start a thread on this yesterday but wanted to gather some more info about it and understand more first . . . so this is what we are likely looking at.

This will effect ALL Operating Systems, Windows / Mac-OSX / Linux and thus a patch will be issued for each. There is now a Linux patch available and because Linux is open source, keeping this a secret any longer was not possible. The patch will likely cause a 5% to 30% performance hit with high I/O computer setups taking the bigger hit. Given that this fix is to get around a very low level bug, DAW computers which have the limitations of working in near realtime may be especially hard hit. Data Centers are also expected to be hard hit. The Linux update fix is optional via command line. As for whether Windows or OSX will have that feature, who knows but given current Windows 10 update policy you will likely be stuck with it unless you do not update by pulling the ethernet cable or keeping the box offline.

It looks like AMD CPU's are also going to be hit by this even though they seem to be immune to this particular bug as the operating system fixes do not exclude or give an option for having an AMD CPU.

The head of Intel dumped a lot of his stock so that may be very telling of how massive and harmful this bug really is.

here are some links to keep an eye on this

Tech Forum discussion on the issue: A Massive Intel Hardware Bug May Be on the Horizon | [H]ard|Forum

AMD trying to be excluded from the patches: AMD Struggles to Be Excluded from Unwarranted Intel VT Flaw Kernel Patches | TechPowerUp

Linux tech details about the patch: KAISER: hiding the kernel from user space [LWN.net]



There was a good argument for keeping your main DAW boxes offline and configurations locked in for long periods of time. Now there is a fantastic arguement for it as who want to take a performance hit when you can still move files to a NON - DAW computer for importing and exporting and let that cheapo net connected computer take the hit. This may also seal the deal on using an OS that forces this update on a DAW box like it appears will happen with Windows 10.

Hopefully the major DAW builders who hang here will do DAW testing before and after patching to give us a real world idea of what king of performance hits we are looking at for DAW specific boxes and then we can make a collective opinion on what are the best options moving forward.

Last edited by Bassmankr; 3rd January 2018 at 08:11 PM..
Old 3rd January 2018
  #14
Lives for gear
 
EvilDragon's Avatar
Linux fix will eventually probably be updated not to be applied on AMD CPUs. And I'd venture a guess MS will do the same thing when the patch rolls out.
Old 3rd January 2018
  #15
What about just forgoing the patch and keeping the DAW system offline?
Old 3rd January 2018
  #16
Gear Head
 

Quote:
Originally Posted by candyflip View Post
What about just forgoing the patch and keeping the DAW system offline?
That'll work so long as you never update your computer with the update(s) addressing the issue. Or upgrade to a new OS version. Or install an OS in the future that's compiled after this "fix" is in.

Personally, I'm expecting to no longer be able to mix songs with many audio tracks and effects on my aging PC. Thanks, Intel.
Old 3rd January 2018
  #17
Lives for gear
 

Quote:
Originally Posted by candyflip View Post
What about just forgoing the patch and keeping the DAW system offline?
For a lot of us that's just too inconvenient. Imagine a download that's pretty darn large with an internet connection that isn't too fast. Now you have to wait for the download and then move it over to a new machine. It's time consuming and annoying. You double the amount of computers you need this way.

It's just a no-go for many.
Old 3rd January 2018
  #18
Lives for gear
 
jwh1192's Avatar
so this is related to Every Single Computer Running an INtel Processor ???? can someone please calrify this a bit ..
Old 3rd January 2018
  #19
Lives for gear
 
EvilDragon's Avatar
Yes. Every single 64-bit Intel processor. Except Coffee Lake, apparently.
Old 3rd January 2018
  #20
Lives for gear
 

Huh? Who said it doesn't affect Coffee Lake?
Old 3rd January 2018
  #21
Lives for gear
 
jwh1192's Avatar
Quote:
Originally Posted by EvilDragon View Post
Yes. Every single 64-bit Intel processor. Except Coffee Lake, apparently.
thank you ... and Great !!! sounds like a massive class action suit !!!
Old 3rd January 2018
  #22
Lives for gear
 
EvilDragon's Avatar
Quote:
Originally Posted by Robobaby View Post
Huh? Who said it doesn't affect Coffee Lake?
Hm, I can't seem to find the reference now, I skimmed over it somewhere... Trying to find it. If I don't - my apologies.
Old 3rd January 2018
  #23
Lives for gear
 

Quote:
Originally Posted by Bassmankr View Post
Was going to start a thread on this yesterday but wanted to gather some more info about it and understand more first . . . so this is what we are likely looking at.

This will effect ALL Operating Systems, Windows / Mac-OSX / Linux and thus a patch will be issued for each. There is now a Linux patch available and because Linux is open source, keeping this a secret any longer was not possible. The patch will likely cause a 5% to 30% performance hit with high I/O computer setups taking the bigger hit. Given that this fix is to get around a very low level bug, DAW computers which have the limitations of working in near realtime may be especially hard hit. Data Centers are also expected to be hard hit. The Linux update fix is optional via command line. As for whether Windows or OSX will have that feature, who knows but given current Windows 10 update policy you will likely be stuck with it unless you do not update by pulling the ethernet cable or keeping the box offline.

It looks like AMD CPU's are also going to be hit by this even though they seem to be immune to this particular bug as the operating system fixes do not exclude or give an option for having an AMD CPU.

The head of Intel dumped a lot of his stock so that may be very telling of how massive and harmful this bug really is.

here are some links to keep an eye on this

Tech Forum discussion on the issue: A Massive Intel Hardware Bug May Be on the Horizon | [H]ard|Forum

AMD trying to be excluded from the patches: AMD Struggles to Be Excluded from Unwarranted Intel VT Flaw Kernel Patches | TechPowerUp

Linux tech details about the patch: KAISER: hiding the kernel from user space [LWN.net]



There was a good argument for keeping your main DAW boxes offline and configurations locked in for long periods of time. Now there is a fantastic arguement for it as who want to take a performance hit when you can still move files to a NON - DAW computer for importing and exporting and let that cheapo net connected computer take the hit. This may also seal the deal on using an OS that forces this update on a DAW box like it appears will happen with Windows 10.

Hopefully the major DAW builders who hang here will do DAW testing before and after patching to give us a real world idea of what king of performance hits we are looking at for DAW specific boxes and then we can make a collective opinion on what are the best options moving forward.
Apparently Apple already patched this in 10.13.2 but will do more in 13.3.

MS patched this last November for the insiders edition. Apparently it doesn't differentiate between AMD and Intel so it affects all x86 CPUs on Windows. That's bit of a bummer and MS should definitely fix that.
Old 3rd January 2018
  #24
Lives for gear
 

Quote:
Originally Posted by EvilDragon View Post
Hm, I can't seem to find the reference now, I skimmed over it somewhere... Trying to find it. If I don't - my apologies.
The way I understand this bug, Coffee Lake should be affected by it, just like all the other Lake processors and everything before that going back to the mid 90s when Pentium Pro first introduced out of order and speculative execution.
Old 3rd January 2018
  #25
Lives for gear
 

Mattiasnyc, once the facts are in you are just going have to look at which options will kill your productivity the least while offering the security level you desire. That huge download over a slow connection will take the same amount of time for the download itself regardless of using one or two machines. The advantage of using a net - only extra computer is it can be a low spec used desktop / laptop under $100 if you don't already have an older computer gathering dust. With a simple USB stick for under $10 you have an isolated means of moving files between your work computer and your net computer. Using your work computer without the net or networking for that matter will increase it's performance. Basically it's the old "Sneakernet" method of moving files between machines to maintain security, using a USB stick/drive instead of floppy disks. The "Sneaker" in Sneakernet refers to using your shoes to walk between machines. You are just creating physical isolation and thus higher security.

We still need time to see the full effects of the bug and patches. Though it looks like the sky is falling and it will hit DAW computers harder, best practice for now is to at least wait to update your OS. I'm sure the DAW builders that hang here will offer up info they gather through testing once it's available as they have a track record of providing critical facts to this community.

Last edited by Bassmankr; 3rd January 2018 at 09:56 PM..
Old 3rd January 2018
  #26
Terrible news :(
Old 3rd January 2018
  #27
Gear Head
 

Is anyone on this forum a windows beta tester? Would love to start getting an idea of impact on audio. Mac, too (though I don't use mine for music).
Old 3rd January 2018
  #28
Lives for gear
 

Quote:
Originally Posted by Bassmankr View Post
Mattiasnyc, once the facts are in you are just going have to look at which options will kill your productivity the least while offering the security level you desire. That huge download over a slow connection will take the same amount of time for the download itself regardless of using one or two machines. The advantage of using a net - only extra computer is it can be a low spec used desktop / laptop under $100 if you don't already have an older computer gathering dust. With a simple USB stick for under $10 you have an isolated means of moving files between your work computer and your net computer.
It's not going to happen. I'm not going to do it, and a ton of studios and post production houses aren't going to do that either. Consider a multi-room post production facility, with like 30 rooms all with computers wired up for internet access because everyone in those rooms need that. Do you think they'll all of a sudden buy 30 used computers just to download files!?!?

Quote:
Originally Posted by Bassmankr View Post
Using your work computer without the net or networking for that matter will increase it's performance.
Probably won't though. I haven't seen any benchmark ever showing that.
Old 3rd January 2018
  #29
Gear Nut
 

I'm not sure if this is as crazy or it if it's just being really exacerbated.
Sound like it will affect servers more than anything.
It sounds like some folks had to know about this for quite a while, but since Linux is open source people could look at the patch, see the code and that's how they found out this out. Otherwise it would've just been a regular patch and we'd all be none the wiser right?
I mean is this super uncommon ?
I would imagine there have been patches for potential exploits of CPU architecture before, for both intel and amd. And I'd think they'd have slowed things down too.
Old 3rd January 2018
  #30
Gear Addict
 

Yeah, so what does this security flaw do? Can you get my password? Can you take control of my PC? What if we just don't update (at all, or that specific patch if we can recognize it)?

The quick skimming I did kept talking about VMs. I don't do any of that type of stuff at home or in the studio...
Post Reply

Welcome to the Gearslutz Pro Audio Community!

Registration benefits include:
  • The ability to reply to and create new discussions
  • Access to members-only giveaways & competitions
  • Interact with VIP industry experts in our guest Q&As
  • Access to members-only sub forum discussions
  • Access to members-only Chat Room
  • Get INSTANT ACCESS to the world's best private pro audio Classifieds for only USD $20/year
  • Promote your eBay auctions and Reverb.com listings for free
  • Remove this message!
You need an account to post a reply. Create a username and password below and an account will be created and your post entered.


 
 
Slide to join now Processing…
Thread Tools
Search this Thread
Search this Thread:

Advanced Search
Forum Jump
Forum Jump