Computers with newer Intel processors are suffering from random reboots after being updated to guard against the Spectre CPU flaws.

Further testing by Intel has revealed that unexpected reboots are affecting its newer processors, not just its older Broadwell and Haswell chips as it originally thought.

After installing Intel’s Spectre-related firmware update on computers with Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake architecture processors, Intel found the machines suffered from an increase in unwanted reboots.

In spite of these side effects, Intel is not advising computer manufacturers to stop offering the Spectre firmware updates to users.

But Intel says datacenter admins should assess whether the risk of Spectre being exploited in an attack outweighs that of unwanted reboots.

SEE: Incident response policy (Tech Pro Research)

“Evaluate potential impacts from the reboot issue and make decisions based on the security profile of the infrastructure,” it writes in a security notice.

Spectre and Meltdown are design flaws in modern CPUs that could allow hackers to bypass system protections on a wide range of devices, allowing attackers to read sensitive information, such as passwords, from memory.

The firmware update blamed for increasing the risk of reboots is designed to mitigate against attacks using Branch Target Injection to exploit the Spectre vulnerability CVE-2017-5715.

“We have now issued firmware updates for 90 percent of Intel CPUs introduced in the past five years, but we have more work to do,” said Navin Shenoy, Intel’s EVP and GM of the datacenter group.

Intel says it is “making progress toward identifying the root cause” for the reboots and will release new beta firmware updates to system vendors for validation next week.

Fixes for Meltdown and the other Spectre vulnerability are being addressed by separate operating system and virtual machine patches released by vendors.

These updates have also caused problems. Microsoft recently said that some Windows PCs won’t receive any further security updates until their third-party AV software is verified as compatible with Windows patches for Spectre and Meltdown. And chipmaker AMD has been working with Microsoft to resolve problems after patches caused PCs running on some older AMD Opteron, Athlon and AMD Turion X2 Ultra processors to refuse to boot.

Performance impact

Intel also found the same Spectre-related firmware updates can also cause a significant decrease in server performance.

However, the extent of the slowdown was heavily dependent on the nature of the workload and the configuration of the system, with some jobs barely affected and others taking noticeably longer.

Intel tested server platforms running two-socket Intel Xeon Scalable systems based on its Skylake microarchitecture.

The worst affected workloads were those “that incorporate a larger number of user/kernel privilege changes and spend a significant amount of time in privileged mode”, according to Intel.

The results found that:

  • Benchmarks to simulate common enterprise and cloud workloads saw up to two percent performance impact. Intel simulated these workloads using industry-standard measures of integer and floating point throughput, Linpack, STREAM, server-side Java and energy efficiency benchmarks.
  • An online transaction processing (OLTP) benchmark simulating modeling a brokerage firm’s customer-broker-stock exchange showed a four percent impact.
  • Storage benchmarks varied widely.
    • In FlexibleIO, a benchmark simulating different types of I/O loads, stressing the CPU with an 100 percent write led to an 18 percent decrease in throughput performance. However, a 70/30 percent read/write model saw a 2 percent decrease in throughput performance, with no throughput impact for 100 percent read.
    • There was also a wide range of impacts when Intel ran Storage Performance Development Kit (SPDK) tests, which provide a set of tools and libraries for writing high performance, scalable, user-mode storage applications. Using SPDK iSCSI, Intel found as much as a 25 percent impact while using only a single core. However, using SPDK vHost, had no impact.

The full results are outlined in the table below.

Google has produced its own Retpoline update to guard against Spectre branch target injection exploits and Shenoy said Google’s update “could yield less impact”.

Also see