Meltdown and Spectre CPU Architecture Bugs: Apple Has Partially Addressed with No Performance Impact?
It is my working theory that recent security updates have broken performance on some Macs, both 10.12.6 and 10.13.2. By recent, I mean over the past 8 weeks or so. It is also suspicious that compatibility is broken with some applications, but perhaps that is just the usual Apple Core Rot.
Weird compatibility and performance bugs that I only noticed in the past few weeks to me suggest strongly that the Apple mitigations for Meltdown and Spectre CPU architectural bugs have degraded some software—including my own—more on that below.
Specifically, macOS 10.13.2 and macOS 10.12.6 (16G1114) have compatibility and performance issues that I cannot recall ever observing before. This has been nagging at me for some weeks and why I released performance updates for diglloydTools IntegrityChecker.
As it turns out, I have discovered that the IntegrityChecker performance improvements are now highly machine specific and may be worse on some machines with my updates. Stranger still, the Java version of IntegrityChecker can now (sometimes) outperform the native version by up to 3X at times—bizarre at best—and yet my C++ source code and Java code have not changed. Both are now highly sensitive to thread count and buffer count, and this was never the case before. Buffers for I/O have to be mapped into real memory and that is precisely a situation where kernel vs application address space come into play.
Never before have I been at a total loss as to how to optimize either my C++ or Java code—I’m working on quicksand now. Yet this issue only emerged in recent weeks, right after the updates to 10.13 and 10.12.6. Ten years of solid performance for IntegrityChecker, then a sudden change up to 3X slower? This cannot be random chance.
Meltdown and Spectre
The Meltdown and Spectre CPU bug fixes almost certainly prompted Apple to work overtime over the past few month, and Apple has stated that macOS is already partially secure. As quoted below, it is a misleading statement to claim no performance reductions based on benchmarks, since standardized benchmarks invariably fail to accurately predict real world performance for any particular program or workflow (as my years of testing show without fail).
Benchmarks correlate with real-world performance but only ignorance can excuse anyone claiming they do more than correlate with any particular workflow performance. Since I do not think Apple is ignorant, that necessarily leads me to say that Apple is avoiding discussing the issue and not telling the whole truth.
From About speculative execution vulnerabilities in ARM-based and Intel CPUs, emphasis added:
Meltdown is a name given to an exploitation technique known as CVE-2017-5754 or "rogue data cache load." The Meltdown technique can enable a user process to read kernel memory. Our analysis suggests that it has the most potential to be exploited.
Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2. watchOS did not require mitigation.
Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.
Apple necessarily would not have even mentioned changes in the release notes prior to early January 2018, for security reasons. It is after most recent updates when I started seeing odd behaviors across machines.
MPG’s view is that the “average user” doesn’t read this blog, but that professionals do and that high performance computing might well be strongly affected. As per Intel Issues Updates to Protect Systems from Security Exploits, emphasis added:
Intel (INTC) said that "for the average user," the performance impact on products using the processors from the last five years "should not be significant and will be mitigated over time."
More on Spectre and Meltdown
But The Register broke the news in early January, and now we see that Apple has already been hard at work to deal with the issue.
- Meltdown and Spectre: Here’s what Intel, Apple, Microsoft, others are doing about it
- Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign — Speed hits loom, other OSes need fixes
- Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs AMD, Arm also affected by data-leak design blunders, Chipzilla hit hardest
- Here come the lawyers! Intel slapped with three Meltdown bug lawsuits Class-actions start piling up after El Reg blows lid on CPU security cockup