It’s probably been said to death in this thread already and I will pretend I read all that and concur:
These are entire classes of bugs that just started being discovered. Don’t expect it to end any time soon. These systems are fundamentally flawed in principle. And they’re going to keep making them that way, because they don’t have a choice right now.
Well, in this case it was an intel optimisation decision: access resource prior to checking access rights (sure, it’s faster, but incredibly stupid and short sighted IMHO and proving to be so now).
AMD didn’t do that. Yes, spectre is across the board, but these meltdown style attacks (such as Meltdown, Foreshadow, etc.) are intel specific.
edit:
Foreshadow is directly related to the same root cause as meltdown…
I’m guessing the would rather have the optimization in hardware and disable it in software to satisfy the customers who are more worried about performance than security. It probably is an unattractive task to re-implement everything they’ve been building on top of this foundation for the past checks tree rings scratch that, I guess they may have bit that bullet already 
From the Ars article:
Longer term, Intel promises to fix the issue in hardware. Cascade Lake processors, due to ship later this year, will not suffer the L1TF (or Meltdown) issues at all, suggesting that the new processors will change how they handle the permission checks to prevent speculative execution from running ahead of permissions checks.
Will be interested to see how this impacts their “IPC advantage” vs. AMD.
AMD never did this stuff, and sure, its an optimisation… but at the cost of “doing it wrong”…
edit:
already the 2700x and 8700k are pretty close in terms of IPC, its just clocks now…
Intel is now issuing a gag order to their CUSTOMERS from posting performance numbers before and after microcode updates in their microcode updater 'terms of service."
Oh. My. God.
Linus Torvalds would take this to court. (And HE BETTER) Heck, remove/takedown the damn intel-microcode packages in protest. Out of anyone, he WILL publish the numbers anyways, cause Intel’s damage control to Meltdown has been a disaster so far.
Lol they think they can tell the internet not to do something.
First thread with the results gets pinned
So I should download the phoronix test suite and do something about this?
Is the 8750H affect by this?
The list of CPUs not affected is shorter.
https://www.phoronix.com/scan.php?page=article&item=linux-419-mitigations&num=2
So it would seem that all the patches can make a significant difference in performance in some workloads on Intel CPUs. On one of the benchmarks there is a 21% difference!
It will be interesting to see how all of this pans out in the years come, for both Intel and AMD.
My speculation is that Intel will take a small hit in the consumer space, and potentially a major hit in the enterprise. I think those speccing new systems for enterprise will at least now consider AMD over intel, due not only to security vulnerabilities, but to cost and performance as well.
Hopefully Intel fixes this in architecture sooner rather than later. This is no easy task. Competition is good for the market, and I want that to continue.
That’s the thing. Who trusts first gen tech…Intel is fucking up time and time again fixing this in software. Who will trust the hardware fix ?
I fear that AMD is vulnerable just like Intel, but AMD CPUs aren’t under as much scrutiny, for as long.
I certainly agree. Unfortunatly it is a waiting game at this point.
I’m sure this is the case. I noticed people tend to give AMD the benefit of the doubt more than Intel.
It’s the malware on Windows problem, I think, too. Intel vastly outweighs AMD in the cloud/enterprise market, so they’re the ones getting tested on PoCs and CVEs.
Something will come up sooner or later, just has to be seen how severe it will be. I figure it is coming soon too, just that the Intel stuff is a gold mine with all directions being exploited so itnwill take a while to really uncover it all.
The msSQL performance on e5-2666v3 (virtualization) dropped so far by around 41% (from first security patches.) – one certain SQL used for tracking, we had running on 4 cores, had aprox 30% cpu utlization after patches to get around same load it goes to 60-70’s, and since upgraded to 8 cores to keep same execution times.
I was wondering about performance in VM situations as the L1 mitigation should be really hurting there and I don’t see it tested in the article. 41% Is pretty huge as this could cause lots of companies to buy more hardware.
we’ll see, so far customers are obviously notified about it - so we don’t take it on ourselves. Tho in terms of performance we are back around Nahalem physical setup levels now. Other than SQL, i haven’t noticed much issues on IIS or utility servers running virtualized windows boxes. In the end its going to be customers who’ll hurt rather than companies.
Doubt it (as far as “just like intel” goes).
You can be damned sure that the very first thing intel would have done upon being notified of this vulnerability (or any vulnerability) would be to try it on competitor hardware in order to throw shade if they were also vulnerable (“It’s not just us! Look at AMD too!”).
I have faith at this point, that AMD have not made quite as retarded decisions. I’m not saying that AMD are immune to dumb shit, but from the meltdown stuff its clear that intel have been “pushing the boundaries” (read: blatantly disregarding) regarding security vs. performance trade-offs.
I think AMD are far more retarded in terms of marketing than engineering.
