Gaming With Meltdown And Spectre
Imagine that nearly every PC, server, and mobile phone on the planet was suddenly vulnerable to data theft at the hands of nefarious actors. Then, imagine the exploit responsible for this vulnerability couldn't be detected by antivirus software because it merely took advantage of normal CPU operations.
Although this sounds like a bad movie script, it unfortunately became a known truth during the first few days of 2018.
On January 2nd, The Register exposed Intel's then-secret Meltdown and Spectre vulnerabilities through investigative journalism. But unbeknown to most of the world, Google’s Project Zero researchers, along with two other independent teams, discovered the vulnerabilities 200 days earlier. As a courtesy, the researchers gave Intel, AMD, IBM, Qualcomm, and ARM a grace period to develop mitigations before making their findings public. Those companies, along with developers contributing to Windows and Linux, worked together behind a veil of secrecy for months.
Perhaps understandably, the initial response to The Register's report was chaotic because it preempted that planned group disclosure. What happened after, though, appeared to be a comedy of errors, especially given the amount of time affected companies had to prepare.
Then again, the firms were trying to plug holes that were baked into hardware and software for more than a decade. In fact, nearly every Intel processor since 1995 was found to be vulnerable, so fixing the issues without breaking compatibility proved to be a mind-boggling challenge.
The patches supposedly have performance implications. So now that the industry is a month into cleaning up its mess, we're ready to start assessing the damage. First up: game performance.
The Land Of Patch Confusion
There are two general vulnerabilities in play here, and they're broken up into three categories. Variants 1 and 2 are what we've come to know as Spectre, while Variant 3 is Meltdown. Intel, ARM, and Qualcomm are susceptible to all three, while AMD is only affected by Spectre.
As we can see, Variant 1 and 3 can be patched in the operating system, while the most nefarious bug, Variant 2, requires both motherboard firmware/microcode and operating system patches.
The initial industry scramble resulted in a flurry of immature and buggy updates. Because the patches weren't distributed as drivers, processor vendors couldn't push them out directly. Instead, they filtered out through Microsoft, Linux-based operating systems, OEMs, and motherboard manufacturers. A rapid sequence of patches, re-patches, and un-patches confused enthusiasts in the know. Everyone else had to have been completely lost.
This is how bad it got: Intel released a motherboard firmware/CPU microcode patch that could cause reboots, system instability, and potential data loss/corruption. Its partners pulled the update. Microsoft published a patch of its own for AMD systems that left some of them unbootable. It, too, had to reverse course, blaming improper documentation from AMD. A fix was released several weeks later.
For now, Intel doesn't have an operating system or microcode patch for Spectre Variant 2. AMD has an OS patch for it, but the company does not have a microcode update to offer. And because microcode patches will have the biggest impact on system performance, today's benchmark results are subject to change.
Intel says it will provide patches for CPUs dating back five years and then move on to older models. Many folks speculate that we may never see patches for those legacy products, though. Both Intel and AMD claim they will have silicon-based mitigations in their next-gen processors. Of course, it remains to be seen how each company works around their security holes without compromising performance.
For now, one thing is for sure: today's patches, particularly those for Spectre Variant 2, affect performance in some workloads. Older CPUs are said to be hit the worst. Microsoft predicts that "some" users with Windows 10 on pre-Broadwell architectures will suffer noticeable slow-downs, while "most" users on Windows 7 and 8.1 on comparable systems will notice a decrease in performance.
Measuring the impact hasn’t been an easy task in our labs. The changing nature of these patches complicates matters: we’ve begun testing several times only to have a patch altered or removed. We’re diligently working on the next round of application benchmarks, and are expanding our scope to include older CPUs. For now, let's focus on gaming with a good selection of recent Ryzen, Kaby Lake-, and Coffee Lake-based processors.
MORE: CPU Security Flaw: All You Need To Know About Spectre
MORE: Best Gaming CPUs
