Meltdown and Spectre have made this a bad time to get a new x86 CPU

February 26, 2018

Despite reasonably solid plans, I still don't have a new home machine and in fact I probably won't get one for some time (even with my recent scare). Instead I'm likely to prolong the life of my current machine from 2011 at least a year longer than I was expecting. By far the largest reason for my delay is that it's currently a bad time to get a new x86 CPU, due to Meltdown and Spectre and the general class of security attacks that they've created. More specifically, for me it's due to the uncertainty about effective future CPU performance they've created.

All current x86 CPUs are vulnerable to at least some of the known Spectre attacks, and all current Intel CPUs are vulnerable to Meltdown (AMDs are believed not vulnerable to current attacks). Mitigating the current attacks costs performance, sometimes significant amounts of it, sometimes perhaps less. In addition there seems very likely to be additional speculative execution attacks discovered in the future (some may already have been found) that will require their own additional workarounds, with their own performance penalties. In short, things are only going to get worse for current CPUs.

There are least two options for what happens from here and I don't think we know which one it's going to be. The first option is that there will be good mitigations that are easy to roll into new CPUs almost immediately. Within a CPU refresh iteration or two, new CPUs could be much better at dealing with speculative execution attacks, with clearly cheaper mitigations required from software.

(This seems especially likely to happen with Intel CPUs and Meltdown, given that AMDs sidestep it entirely.)

The second option is that we're not going to get real CPU fixes for these issues for at least one major CPU generation, because small tweaks and changes won't be enough to do more than make things hurt a bit less. Discovering all the problems takes time; redesigning various bits of speculative execution hardware takes more time. In the Intel world, we might not get this until the end of 2018 with Ice Lake, or even later with Tiger Lake. This is especially possible if the first round of hardware mitigations turn out to be not enough, perhaps because people keep coming up with new attack variants that need new hardware mitigations.

If CPUs will get good mitigations in the next generation of product announcements, buying a CPU now gives you basically a lemon; soon you'll be able to get CPUs with meaningful effective performance increases because they won't need as many expensive mitigations. If CPUs won't get good mitigations until, say, the third quarter of 2019, we're probably pretty much in the usual situation with CPU performance increases; if you want a few years, you always get more (for some workloads). If the timeline is somewhere in the middle, I don't know; presumably it depends on how much you need the performance you can get with a new current CPU and system over what you have now.

(This also depends on what system lifetime you expect. If you live on the bleeding edge and discard systems after a year or two anyway, your calculations are a lot different than someone who's aiming for a five or six year lifetime.)

However, I have to admit that part of my reaction is emotional. I just don't want to buy a product that I know is flawed, and all current CPUs are flawed (in theory Intel more than AMD, but in practice AMD Ryzens and Linux are a bad combination). Rationally perhaps I should just go ahead and buy my planned machine now and just live with any performance impact (if I care, I can turn the mitigations off reasonably safely). But the mere idea of giving Intel money in this situation irritates me.

(Maybe for once I'll do a sensible, rational thing, especially with what may be a slowly dying home machine, but don't hold your breath.)

Written on 26 February 2018.
« It feels good to have a fallback option for home computing
Using Python 3 for example code here on Wandering Thoughts »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Mon Feb 26 22:00:49 2018
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.