Meltdown & Spectre FAQ.

[Armakar]

I've been seeing a lot of false and speculative posts on here (even from big reviewers) reguarding spectre and meltdown, so I'm doing an FAQ.

If you have any questions, please ask and they will be added to the list. Think of this as a megathread to stop the bombardment of other threads.

What is Meltdown?
Put shortly, Meltdown is a flaw discovered in CPUs that works by abusing pre-fetching to gain access to secured sections of RAM pages, which contain sensetive data like passwords.

What is pre-fetching?

Because CPUs run so much faster than RAM, CPUs used to finish workloads given by RAM far quicker than they could recieve them. This resulted in the CPU doing nothing occasionally, because it would have completed all tasks given to it too quickly. As a result, manufacturers started using "pre-fetching", where the CPU predicts what the next process will be based on previous processes and current processes. This has huge performance gains, because even if the CPU guesses incorrectly, it doesn't matter - it was sitting there doing nothing anyway. This was very noticeable in the sandy-bridge lineup, where intel came out of nowhere to stomp AMD - this is due largely to prefetching.

What is Spectre?
Spectre is a less serious version of Meltdown. Without getting technical, Spectre requires physical acsess to the machine, which Meltdown does not. Spectre is also far harder to implement, whereas Meltdown is quite literally a few lines of assembly code. 

 

What can Meltdown do?
A lot. Having access to secured RAM pages gives you access to pretty much whatever you want within that page of RAM, passwords and pretty much ANY data in that ram page. Stealing passwords with meltdown is like hunting ants with a nuclear bomb. Meltdown can run on cloud, it's even been shown to work through Javascript in Google Chrome.

 

Who is affected?

Spectre affects pretty much EVERY modern CPU, because they all use pre-fetching. Meltdown seems to only affect intel. This is because Intel's prefetching is reckless and random - it jumps from random prefetches to another. While this does make the prefetching faster, it also means the RAM + CPU cannot keepup with sectioning pages, creating the Meltdown bug.

 

How is it solved?
Bandaid fixes like BIOS updates, windows updates and even antivirus updates can stop these bugs being as easy to implement as they are. Realistically? CPU design will need to change, mostly on Intel's part.

 

What will these solutions do?

Software based solutions will likely aim to catch Meltdown before it has a chance to get to the Prefetch stage.

Microcode and Bios updates will add a thin layer of security that will attempt to regulate memory pages properly.

 

Why are intel releasing CPUs before solving this bug?

Designing CPUs is INCREDIBLY complex and takes many, many years to do. Anyone claiming they understand how CPU design works start to finish is lying - not one person on earth understands it. It isn't possible for Intel to redesign their chips to be free of this bug in a year. CPU testing alone takes YEARS on new designs. Intel would have to stop all CPU production for years if they wanted to comply with idiotic requests to stop manufacturing processors until the problem is solved.
 

Will updating my BIOS/Windows slow my PC down?

Yes, but realistlcally, not much. You won't notice much of a performance difference at all. This is mostly because these bios updates don't entirely solve the issue, rather they just loosely address it.

 

Why are datacenters / servers getting rid of Intel CPUs so fast? Is it because of the performance drop from updating?
Actually, not as much as people think.  The performance isn't THAT huge of an amount lower even on datacenters. The problem also lies in that Meltdown can actually transfer between VMs and servers sharing the same box. 

Take for example a company that hosts servers for businsesses, like Amazon. Amazon hosts HUGE amounts of servers. If amazon are breached by the Meltdown bug, EVERY server on VMs or serverboxes with amazon becomes highly susceptible. 
THAT is why datacenters are freaking out. If ONE company is hacked with Meltdown, they all are.

 

 

 

 

[Crunchy Dragon]

Last I heard, Intel was fixing this flaw in the next generation.

[Armakar]

15 minutes ago, Crunchy Dragon said:

Last I heard, Intel was fixing this flaw in the next generation.

I'd be pretty surprised. If they do I doubt it'll be completely solved, and if it is we'll see a noticeably lesser performance gain gen to gen.

 

 

Most "New" CPUs are 3-6 years worth of technology. They are ridiculously compelx and it'll be impressive if Intel solved this completely in a year without huge performance issues. Prefetching is one of the reasons they have such a huge advantage over AMD core-to-core.