Meltdown & Spectre
- Details
- Last Updated: Wednesday, 26 February 2025 14:42
This issue is unusual in that it is not strictly a software problem, but a design flaw in the actual hardware or CPU chip itself. It affects mainly Intel made devices but AMD and Qualcomm are affected to a lesser extent. CPU chips are not entirely all hardware but use microcode inside to create additional instructions and is a form of software although not a functional language as we know it.
The seriousness is in that it affects virtually every personal computer made since about 1998 and to fix the problem properly would require new chips. As this is obviously not practical, software vendors and Intel are implementing fixes with software and changes to microcode where possible.
Unfortunately in many cases this will cause a slow-down in performance of up to 50%. The problem itself is that years ago various tricks were implemented to speed up CPU's using caching and code prediction. Caching simply stores code that loops or repeats a lot in very fast memory, and also in the CPU itself to avoid having to fetch it again. This is where Meltdown occurs.
Prediction is similar in that when more that one outcome of a calculation or set of instructions occurs on chips with multiple cores, both can be evaluated together and the wrong path discarded with no time lost. Its somewhat like urgently needing an item or ingredient but not sure which shop has it. Rather than first going to the wrong one and then to the other, sending two people one to each shop could halve the time needed. This is where Spectre occurs.
In both cases, when the CPU is interrupted to switch between tasks, the state is preserved so when it returns it can continue where it left off. The M & S problem recently discovered is that nothing prevents the code in either task from seeing the state information of the other. For your home or work PC this is probably not a worry. Your spread sheet being able to see your photos is not a concern as only one person uses the PC at time. Your web browser however, is running code from many sources and you certainly wouldn't want that code to be able to view parts of the CPU that might still contain your password for example.
The good news is that Google has developed a simple change called retpoline to compilers which can prevent this and most browsers will likely be recompiled and updated asap. It is unreasonable, however, to expect every piece of code on your machine to get this treatment for some time, if ever. What can be done though is to force software to clear the caches and areas involved in prediction storage whenever a task is switched. Obviously on return there will be no continuing until the code is reloaded and this is a major performance hit.
For those computers in many data centers supporting the cloud, such as Amazon, Google and Microsoft, its a major issue. If their servers slow by 50% they then need twice as many to keep up with the present load. Fortunately, newer CPU chips have some extra hardware that may cope with the problem, but this requires much work by Intel in providing updated microcode in those chips, and also changes to the firmware and software in such servers to fully support it. These newer chips won't suffer such a major slow-down. These fixes can eventually be applied to your home PC if less than about three years old. It will still need the Intel fixes and firmware updates to be applied and these won't happen automatically. The user - you - must do it manually or pay your local PC shop to do it. I expect in time that we maybe seeing offers to do this in their shop windows.
In the meantime their is little one can do. Hopefully malware that could take advantage of these flaws won't become prevalent for a while. No doubt Intel will eventually produce chips without the problems and maybe then will be the time for us to replace our current computers. No doubt time will tell!
Update
Since first discovered it appears that no actual malware exploiting these weaknesses has been detected. In the light of this, some professional administrators have requested options to disable the very code patches that provide protection in order to restore the lost performance. There is some merit to this for computers that only run tasks for single users.