Intel is continuing to shore up its chips against the Meltdown and Spectre kernel-level flaws first disclosed in January. The company already patched most variants of the vulnerability, but its fix for the second variant was broken. Over the last few weeks, Intel has been finally covering up the variant 2 problem.
The company started with newer chip families and has now confirmed it has patched the Ivy Bridge and Sandy Bridge CPUs. Additionally, Intel has patched Haswell core chips that has not been covered in previous releases.
This means users running any generation of Intel CPU should now be protected. When the CPU problem was revealed by Google on Jan. 6, Intel acted quickly with a patch. However, one of the three Meltdown and Spectre variant patches resulted in problems for users.
The company’s patches to fix the problem caused rebooting problems across many older systems. Intel believed the patch bug affected only Broadwell and Haswell chips. However, internal testing later found the vulnerability also affects machines powered by Skylake and Kaby Lake chips. The company was forced to urge users to avoid the fix.
Not all chips are patched. The company says older Sandy Bridge CPUs still need a patch, chips with Westmere parts, Nehalem architecture, and other chips like Arrandale and Clarkdale. However, all of these are in a user minority, so 95% of all devices running Intel chips are now covered.
Performance Trade Off
The true impact made by the patches on performance is still not entirely known. That said, it seems the patches have not drained power as much as originally expected.
Meltdown and Spectre is a CPU flaw affects hundreds of millions of devices. Whenever a command is executed, the CPU gives system control to the kernel. The kernel then stays locked into the virtual memory address of all processes. This happens in order to make systems more efficient and deliver better performance.
The fix introduced to machines in the patch is called the Page Table Isolation (PTI) workaround. Intel uses PTI on its newer processors, which are optimized for the patch. However, in older processors it is predicted PTI will have a performance impact. It is unclear whether this will be noticeable on individual machines, but on complex computing like cloud datacenters it could be.