English Amiga Board


Go Back   English Amiga Board > Support > support.WinUAE

 
 
Thread Tools
Old 08 January 2018, 10:32   #1
Octopus66
Registered User

 
Join Date: Feb 2016
Location: London
Posts: 80
Meltdown and Spectre

Hi Toni,

Lots of news recently regarding the CPU design flaws which can be exploited through Meltdown and Spectre. Do you expect the Windows patches for these issues to have any impact on WinUAE performance? I have read the CPU impact can vary greatly depending on the nature of the workload.
Octopus66 is offline  
Old 08 January 2018, 11:50   #2
ptyerman
Registered User

ptyerman's Avatar
 
Join Date: Jun 2012
Location: Worksop/UK
Age: 54
Posts: 1,197
Only way to find out is to try it and see. Benchmarks are throwing out different results for different use cases currently so it's a case of carry on and see what happens.
Intel CPU's are hit the worse because of Meltdown, that causes the worst slowdowns.
ptyerman is offline  
Old 08 January 2018, 13:13   #3
Romanujan
Registered User
 
Join Date: Dec 2007
Location: Szczecin/Poland
Posts: 293
FS-UAE, no JIT used, 64-bit Linux - after anti-Meltdown patch AIBB benchmark results went down by 2-4% for me.
Romanujan is offline  
Old 08 January 2018, 13:41   #4
ptyerman
Registered User

ptyerman's Avatar
 
Join Date: Jun 2012
Location: Worksop/UK
Age: 54
Posts: 1,197
Quote:
Originally Posted by Romanujan View Post
FS-UAE, no JIT used, 64-bit Linux - after anti-Meltdown patch AIBB benchmark results went down by 2-4% for me.
That's not too bad then. It certainly could be worse with some use cases reporting as much as 25-30% slowdown.
It seems to effect I/O processes the most so servers are hit particularly hard, it's also having a pretty high detrimental effect on VM's according to some reports.

EDIT:
Phoronix have done some testing with VM's and Wine on Linux as well as Docker, Database performance and Compilation tasks. It can be found here.
It's worth keeping up with as new information is coming to light daily.

Last edited by ptyerman; 08 January 2018 at 13:50.
ptyerman is offline  
Old 08 January 2018, 13:56   #5
Toni Wilen
WinUAE developer
 
Join Date: Aug 2001
Location: Hämeenlinna/Finland
Age: 43
Posts: 22,129
It shouldn't cause anything major, core emulation does not do any OS/kernel calls (except some timing queries), I/O stuff should be similar to games.
Toni Wilen is offline  
Old 08 January 2018, 14:06   #6
ptyerman
Registered User

ptyerman's Avatar
 
Join Date: Jun 2012
Location: Worksop/UK
Age: 54
Posts: 1,197
From all the results I've read up on, gaming is about the least effected, in some cases with no noticeable differences between KPTI enabled or disabled.
I/O is the worst effected on heavy loads such as databases and such. Basically servers and cloud computing are the hardest hit but not as much as first envisaged.
ptyerman is offline  
Old 08 January 2018, 16:00   #7
meynaf
son of 68k
meynaf's Avatar
 
Join Date: Nov 2007
Location: Lyon / France
Age: 45
Posts: 3,345
These attacks require the execution of code on the target machine, so they're not that important for the prudent enough end user...
meynaf is online now  
Old 08 January 2018, 16:06   #8
ptyerman
Registered User

ptyerman's Avatar
 
Join Date: Jun 2012
Location: Worksop/UK
Age: 54
Posts: 1,197
No, they'll probably have little effect on the normal user at all, just a minor slowdown with some software.
The biggest headaches are for the likes of Google, Microsoft, Facebook, Amazon and such, big server racks with big I/O and databases.
ptyerman is offline  
Old 08 January 2018, 16:35   #9
robinsonb5
Registered User
 
Join Date: Mar 2012
Location: Norfolk, UK
Posts: 582
Quote:
Originally Posted by meynaf View Post
These attacks require the execution of code on the target machine, so they're not that important for the prudent enough end user...
That was my first thought too - then I read that the Spectre exploit has been demonstrated using javascript.
robinsonb5 is offline  
Old 08 January 2018, 16:38   #10
meynaf
son of 68k
meynaf's Avatar
 
Join Date: Nov 2007
Location: Lyon / France
Age: 45
Posts: 3,345
Quote:
Originally Posted by robinsonb5 View Post
That was my first thought too - then I read that the Spectre exploit has been demonstrated using javascript.
This is still executing code on the machine and this is why i wrote "prudent enough" : users that don't go on dubious sites aren't really at risk.
meynaf is online now  
Old 08 January 2018, 16:39   #11
ptyerman
Registered User

ptyerman's Avatar
 
Join Date: Jun 2012
Location: Worksop/UK
Age: 54
Posts: 1,197
Yeah, Spectre is the real monster in the room. A browser can be affected by it or anything else that uses javascript. Also there's no known way currently of fully protecting against it.
ptyerman is offline  
Old 08 January 2018, 20:42   #12
nogginthenog
Amigan

 
Join Date: Feb 2012
Location: London
Posts: 681
I was reading a blog post about Meltdown and Spectre today and had a thought.
Is the 68060 susceptible to Meltdown or Spectre? After all, it does branch prediction.

I would hate for someone to hack my A4000
nogginthenog is offline  
Old 08 January 2018, 20:54   #13
meynaf
son of 68k
meynaf's Avatar
 
Join Date: Nov 2007
Location: Lyon / France
Age: 45
Posts: 3,345
Quote:
Originally Posted by nogginthenog View Post
I was reading a blog post about Meltdown and Spectre today and had a thought.
Is the 68060 susceptible to Meltdown or Spectre? After all, it does branch prediction.

I would hate for someone to hack my A4000
The 68060 does branch prediction but not out-of-order execution which is required for these to work.

Nevertheless it's not needed on an Amiga to access system parts, just about every program can do it without any trick

But nobody will hack your A4k. Because nobody is interested in hacking an Amiga anymore, you probably don't run programs from untrusted sources, and there is no sensitive data to grab from here anyway...
meynaf is online now  
Old 08 January 2018, 23:33   #14
nogginthenog
Amigan

 
Join Date: Feb 2012
Location: London
Posts: 681
Quote:
Originally Posted by meynaf View Post
The 68060 does branch prediction but not out-of-order execution which is required for these to work.
Are you sure? From what I understand the cache is loaded with data that might be executed which I'm pretty sure the 68060 does.

Quote:
Nevertheless it's not needed on an Amiga to access system parts, just about every program can do it without any trick

But nobody will hack your A4k. Because nobody is interested in hacking an Amiga anymore, you probably don't run programs from untrusted sources, and there is no sensitive data to grab from here anyway...
I never said I run AmigaOS on my A4000
nogginthenog is offline  
Old 09 January 2018, 02:00   #15
robinsonb5
Registered User
 
Join Date: Mar 2012
Location: Norfolk, UK
Posts: 582
Quote:
Originally Posted by nogginthenog View Post
Are you sure? From what I understand the cache is loaded with data that might be executed which I'm pretty sure the 68060 does.
The 68060 preloads the instruction cache with code that might be executed, but doesn't actually execute it. Current CPUs do actually execute the code speculatively - discarding and rolling back the results if they turn out not to be needed. The problem which Meltdown and Spectre exploit is that even after discarding the results, the speculatively executed code leaves footprints in the data cache which can be detected.
robinsonb5 is offline  
Old 09 January 2018, 07:17   #16
Rotareneg
Registered User

 
Join Date: Sep 2017
Location: Kansas, USA
Posts: 64
It seems to me to be a terrible idea to allow external memory reads to occur speculatively. What happens when it speculatively reads a memory mapped I/O register that is changed by reads, like the DSKBYTR register on the Amiga, which has a bit that is cleared when the register is read from?
Rotareneg is offline  
Old 09 January 2018, 10:01   #17
meynaf
son of 68k
meynaf's Avatar
 
Join Date: Nov 2007
Location: Lyon / France
Age: 45
Posts: 3,345
While a 68060 can probably prefetch data for filling its DCache, it doesn't do speculative memory accesses ('xcept maybe for fetching code).
And even if it did, I/O areas are marked by the MMU as non-cacheable (or at least they should !).

x86 are immune to this - they have IN/OUT instructions for I/O.
For ARM, I don't know.

The tricks are :
- Current operating systems map the supervisor area, or at least part of it, in the user's memory (for the sake of quick OS calling).
- Current cpus (again for the sake of speed) do the memory access in the cache before checking the access rights (which takes more time).

Now wondering if this kind of attack can be done from within WinUAE in JIT mode...
meynaf is online now  
Old 09 January 2018, 10:07   #18
Locutus
Registered User

 
Join Date: Jul 2014
Location: Finland
Posts: 878
Quote:
Originally Posted by Rotareneg View Post
It seems to me to be a terrible idea to allow external memory reads to occur speculatively. What happens when it speculatively reads a memory mapped I/O register that is changed by reads, like the DSKBYTR register on the Amiga, which has a bit that is cleared when the register is read from?
The page that register would be located in would have been marked as uncachable.
Locutus is offline  
Old 09 January 2018, 17:53   #19
Megol
Registered User

Megol's Avatar
 
Join Date: May 2014
Location: inside the emulator
Posts: 348
Quote:
Originally Posted by meynaf View Post
While a 68060 can probably prefetch data for filling its DCache, it doesn't do speculative memory accesses ('xcept maybe for fetching code).
And even if it did, I/O areas are marked by the MMU as non-cacheable (or at least they should !).

x86 are immune to this - they have IN/OUT instructions for I/O.
The majority of I/O is memory mapped. The I/O instructions are legacy only and _extremely_ slow.

I could do some hw hacking faster with a Pentium than with my current system. So a 90MHz in-order processor can push out more bytes than a modern 2.5+GHz 4 core out of order processor. Slow!

Quote:
For ARM, I don't know.

The tricks are :
- Current operating systems map the supervisor area, or at least part of it, in the user's memory (for the sake of quick OS calling).
- Current cpus (again for the sake of speed) do the memory access in the cache before checking the access rights (which takes more time).
Intel do. AMD say they don't.

Quote:
Now wondering if this kind of attack can be done from within WinUAE in JIT mode...
Spectre should work but what should be attacked?
Meltdown I think not as the "68k" should only be able to access the memory of the emulated Amiga anyway. Or?
Megol is offline  
Old 09 January 2018, 18:27   #20
meynaf
son of 68k
meynaf's Avatar
 
Join Date: Nov 2007
Location: Lyon / France
Age: 45
Posts: 3,345
Quote:
Originally Posted by Megol View Post
The majority of I/O is memory mapped. The I/O instructions are legacy only and _extremely_ slow.

I could do some hw hacking faster with a Pentium than with my current system. So a 90MHz in-order processor can push out more bytes than a modern 2.5+GHz 4 core out of order processor. Slow!
That they are slow isn't new.
But if they are no longer used, or declared obsolete in some way, then x86 is even worse than i supposed


Quote:
Originally Posted by Megol View Post
Intel do. AMD say they don't.
From what i've read AMD is vulnerable too, but only with Spectre - not Meltdown. But who knows.


Quote:
Originally Posted by Megol View Post
Spectre should work but what should be attacked?
I don't know, it's purely academic question.


Quote:
Originally Posted by Megol View Post
Meltdown I think not as the "68k" should only be able to access the memory of the emulated Amiga anyway. Or?
In theory it can access the memory outside of the emulated Amiga, bypassing the sandbox.
Whether it can work or not, depends on how the memory accesses are checked for validity. If it's just adding some offset then relying on the normal memory protection, then the memory outside can be accessed.
meynaf is online now  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Similar Threads
Thread Thread Starter Forum Replies Last Post
Spectre party demo/Phenomena DonutKing support.Demos 12 12 December 2011 10:42

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 18:13.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.
Page generated in 0.19197 seconds with 15 queries