Simon's SQL

SQL,DBA,tuning,Trouble Shooting,Performance

Meltdown and Spectre

Posted by Simon Cho on 01/10/2018

<Google Prject Zero>

It started from “Google Project Zero”.

https://googleprojectzero.blogspot.com/

Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01.

 

Here is the guide line for SQL Server and Windows Server.

SQL Server – https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server
Windows Server – https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

SQL Server Patch available for below version.

SQL 2012 and SQL 2014 should release soon.

SQL Server 2017 CU3*
SQL Server 2017 GDR
SQL Server 2016 SP1 CU7*
SQL Server 2016 SP1 GDR
SQL Server 2016 RTM CU
SQL Server 2016 RTM GDR
SQL Server 2008 SP4 (This is new version of SP4. Version number is slightly different.)
SQL Server 2008 R2 SP3(This is new version of SP3. Version number is slightly different.)

It seems like not that many articles reported SQL 2008 SP4 and SQL Server 2008 R2 SP3 with this patch.

 

<Here is the related blogs and articles>

https://www.brentozar.com/archive/2018/01/sql-server-patches-meltdown-spectre-attacks/

https://www.sqlskills.com/blogs/glenn/microsoft-sql-server-updates-for-meltdown-and-spectre-exploits/

 

Perfermance

https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/

 

ploited Vulnerability CVE Exploit
Name
Public Vulnerability Name Windows Changes Silicon Microcode Update ALSO Required on Host
Spectre 2017-5753 Variant 1 Bounds Check Bypass Compiler change; recompiled binaries now part of Windows Updates

Edge & IE11 hardened to prevent exploit from JavaScript

No
Spectre 2017-5715 Variant 2 Branch Target Injection Calling new CPU instructions to eliminate branch speculation in risky situations Yes
Meltdown 2017-5754 Variant 3 Rogue Data Cache Load Isolate kernel and user mode page tables No

In general, our experience is that Variant 1 and Variant 3 mitigations have minimal performance impact, while Variant 2 remediation, including OS and microcode, has a performance impact.

  • With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.
  • With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
  • With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
  • Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s