Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 78 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

nicalandia

Golden Member
Jan 10, 2019
1,190
1,290
106
Well, Well, Well look what we have here


"The new exploit impacts all Intel processors released in the last several years and specific Arm core processors. Intel processors affected include the most recent 12th Gen Core Alder Lake CPUs. Surprisingly, AMD chips have shown no effect from the vulnerability at this time. "

 
Last edited:

amd6502

Senior member
Apr 21, 2017
971
358
136
Well, Well, Well look what we have here


"The new exploit impacts all Intel processors released in the last several years and specific Arm core processors. Intel processors affected include the most recent 12th Gen Core Alder Lake CPUs. Surprisingly, AMD chips have shown no effect from the vulnerability at this time. "

Yet another one, that affects many cores outside of x86. No idea on how this one works, but I think it would be useful for processors to have some MSR two bit integer flag to select how aggressive the speculative execution, with the lowest value being no speculative execution.

As far as x86 affected cores, on AMD's side, it affects zens and excavator, but apparently not piledriver (eg FX series), or even steamroller; olde K10 might be unaffected as well.
 

Hitman928

Diamond Member
Apr 15, 2012
4,057
4,765
136
Yet another one, that affects many cores outside of x86. No idea on how this one works, but I think it would be useful for processors to have some MSR two bit integer flag to select how aggressive the speculative execution, with the lowest value being no speculative execution.

As far as x86 affected cores, on AMD's side, it affects zens and excavator, but apparently not piledriver (eg FX series), or even steamroller; olde K10 might be unaffected as well.
The article states that AMD CPUs are unaffected. Where are you seeing that Zen and Excavator are vulnerable to this?
 

igor_kavinski

Platinum Member
Jul 27, 2020
2,536
1,292
96
The article states that AMD CPUs are unaffected.
Spectre is back from the dead (fudzilla.com)

Phoronix however said that the LFENCE-based mitigation is deemed no longer sufficient for mitigating Spectre V2 attacks. Now the Linux kernel will use return trampolines “retpolines” by default on all AMD processors.

“Various AMD CPUs have already defaulted to using Retpolines for Spectre V2 mitigations, while now it will be the default across the board for AMD processors,” the magazine wrote.

Vusec provided further insight into how the exploit can find its way through mitigations that are already in place.

While hardware mitigations prevent an attacker from injecting predictor entries for the kernel, they can still make use of a global history in order to select target entries to speculatively execute. “And the attacker can poison this history from Userland to force the kernel to mispredict to more “interesting” kernel targets that leak data,” the report added.
I think this is where he got this idea that AMD may also be vulnerable.
 

Hitman928

Diamond Member
Apr 15, 2012
4,057
4,765
136
Spectre is back from the dead (fudzilla.com)



I think this is where he got this idea that AMD may also be vulnerable.
That's been known for a while and has applied since before this new vulnerability was known. Even in the fudzilla article it specifically mentions that AMD CPUs don't appear to be affected by BHI, so I don't see where the idea that AMD CPUs are affected is coming from.
 
Last edited:

amd6502

Senior member
Apr 21, 2017
971
358
136
Spectre is back from the dead (fudzilla.com)



I think this is where he got this idea that AMD may also be vulnerable.
Yup, I lost the link but it could well be from Fudzilla which I like to follow (Nick has great humor).

So looking at the AMD running index of security advisories there are two entries, both CVE's of speculative execution vulverability: 1. poor LFENCE mitigation and 2. "may execute beyond unconditional direct branches":

1. https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036

2. https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026

So the first is a realization of a previous patch to mitivgate spectre v2-2 isn't adequate, and this affects Zens but not Bulldozer family.

The 2nd, is a new proof of concept vulnerability that affects Zens as well as excavator (the last generation of the BD family). It seems like it would be difficult to exploit---speculative branches that affect cache contents and can in theory result in data leakage.
 
Last edited:

Hitman928

Diamond Member
Apr 15, 2012
4,057
4,765
136
Yup, I lost the link but it could well be from Fudzilla which I like to follow (Nick has great humor).

So looking at the AMD running index of security advisories there are two entries, both CVE's of speculative execution vulverability: 1. poor LFENCE mitigation and 2. "may execute beyond unconditional direct branches":

1. https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036

2. https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026

So the first is a realization of a previous patch to mitivgate spectre v2-2 isn't adequate, and this affects Zens but not Bulldozer family.

The 2nd, is a new proof of concept vulnerability that affects Zens as well as excavator (the last generation of the BD family).
Neither of these are BHI which was the topic of the post you were replying to. . .
 

amd6502

Senior member
Apr 21, 2017
971
358
136
Neither of these are BHI which was the topic of the post you were replying to. . .
Yes that's right. BHI = branch history injection.

The lfence mitigation is supposed to fix Branch Target Injction. That March AMD security advisory on lfence patch might've been in response to this study.
 

Hitman928

Diamond Member
Apr 15, 2012
4,057
4,765
136
Yes that's right. BHI = branch history injection.

The lfence mitigation is supposed to fix Branch Target Injction. That March AMD security advisory on lfence patch might've been in response to this study.
Yes, that is what it is in response to. AMD thanked them in their notes after updating their mitigation recommendations for that vulnerability.

Which brings us back to, AMD CPUs appear to not be affected by the newly discovered BHI, which @nicalandia posted about.
 

nicalandia

Golden Member
Jan 10, 2019
1,190
1,290
106

nicalandia

Golden Member
Jan 10, 2019
1,190
1,290
106
Is that on top of the other mitigations or assuming no other mitigations are in place I wonder?
On Top. It's like paying for Alder lake and getting a Haswell due to the performance hit(at least on some apps, most desktop users will not notice any difference, but at the Server Level they are just hammered), they say internet browsing is not affected, thanks God.


AMD for their part isn't believed to be affected by BHI and has still been making use of Retpolines on newer Zen processors. They did discover though their LFENCE/JMP-focused AMD Retpolines implementation to be racy and thus are now moving to use generic Retpolines instead.
 
Last edited:
  • Like
Reactions: moinmoin

igor_kavinski

Platinum Member
Jul 27, 2020
2,536
1,292
96
Intel keeps getting hammered by these vulnerability bombs in the exact workloads that their server CPUs need to perform well in to be competitive with AMD's server monsters. It's like Karma is being dished out to them for being so mean and dismissive to AMD all those years ago when they thought AMD was just an annoying fly buzzing around them and not letting them enjoy their ice cream.
 

ondma

Platinum Member
Mar 18, 2018
2,427
1,042
136
Intel keeps getting hammered by these vulnerability bombs in the exact workloads that their server CPUs need to perform well in to be competitive with AMD's server monsters. It's like Karma is being dished out to them for being so mean and dismissive to AMD all those years ago when they thought AMD was just an annoying fly buzzing around them and not letting them enjoy their ice cream.
Seems like everyone is for "competition" except when it is Intel becoming competitive.
 

DrMrLordX

Lifer
Apr 27, 2000
19,163
7,920
136
On Top. It's like paying for Alder lake and getting a Haswell due to the performance hit
To be fair, most Alder Lake users are just going to ignore the mitigations or turn them off (if they know how; eventually MS may patch this stuff in unless Intel convinces them to do otherwise). It's going to be more of an issue for enterprise/professional-level users where security protocol will require the mitigations eventually.

That being said, it is rather embarrassing for Intel that after all that hoopla that they built yet another performance-killing security vulnerability into their latest and greatest CPUs.

Seems like everyone is for "competition" except when it is Intel becoming competitive.
Plenty of people have an axe to grind with Intel's past behavior. Some grudges just don't die.
 
  • Like
Reactions: DarthKyrie

Markfw

CPU Moderator, VC&G Moderator, Elite Member
Super Moderator
May 16, 2002
22,801
11,213
136
Plenty of people have an axe to grind with Intel's past behavior. Some grudges just don't die.
The first vunerability (and I will get the wording wrong) They let some access cache before checking if they have the right, then AFTER they have all the data, they check the permission and deny. That's letting the cow out of the barn before you milk it, anybody can then get it.

So they continue this crap, then they claim "AND is in the rear view mirror and will never see our headlight again". The whole thing with the high wattage on the 12900k is to claim "winner". They keep trying every dirty trick to get in the lead or stay in the lead. Not caring about the customer, just $$$$$
 
  • Like
Reactions: DarthKyrie

nicalandia

Golden Member
Jan 10, 2019
1,190
1,290
106
Seems like everyone is for "competition" except when it is Intel becoming competitive.
By cutting Corners? Is that how they become competitive again? Look Intel gets hammered by this new Spectre Variant 2, The Intel Team scrambles to see if AMD is also accepted. They find out that it may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. AMD Thanks them(The Intel Team) for their work, issues a better mitigation(Generic Retpolines), Phoronix test them and they are within a few percentage of the original. In the mean time Intel is affected by double digit % performance hit.
 
Nov 26, 2005
14,924
266
126
tl:dr. Just seen the Phoronix article this morning

Correct me if I'm wrong but someone said in another thread up to 54% I/O loss for desktop chips e.g. 5950x, What?
 

Hitman928

Diamond Member
Apr 15, 2012
4,057
4,765
136
tl:dr. Just seen the Phoronix article this morning

Correct me if I'm wrong but someone said in another thread up to 54% I/O loss for desktop chips e.g. 5950x, What?
The 5950x was 54% faster with the older mitigation in StressNG(context switching). This is a purely synthetic test which, I believe, basically just does a bunch of context switches in a row and times how long it takes the CPU to get through them. This is basically just to test context switching impact but is not really going to tell you much about real world performance impact as context switching is typically a small part of a CPUs computational flow.

The rest of the benchmarks, most of which are more real world, don't show near this dramatic of a difference. On average, it's a few percent slower. Specifically for IO, the test showed the 5950x was 5% faster with the older mitigation compared to the new one. The browser benchmarks were actually slightly faster with the new mitigation.
 
  • Like
Reactions: BTRY B 529th FA BN

Hitman928

Diamond Member
Apr 15, 2012
4,057
4,765
136
I wish Phoronix would have done an Intel vs AMD with Mitigations on for Spectre V2, They did two separate threads on it so I put together the information in common they have.

View attachment 58547
The Stress-NG tests you have here are not the same for AMD and Intel. The AMD test is context switching, the Intel test is socket activity. They are very different tests and shouldn't be used to compare impact between AMD and Intel. The context switching test wasn't run for Intel.
 

nicalandia

Golden Member
Jan 10, 2019
1,190
1,290
106
The Stress-NG tests you have here are not the same for AMD and Intel. The AMD test is context switching, the Intel test is socket activity. They are very different tests and shouldn't be used to compare impact between AMD and Intel. The context switching test wasn't run for Intel.
True, I wish there were Apples to Apples tests done.
 

igor_kavinski

Platinum Member
Jul 27, 2020
2,536
1,292
96
The 5950x was 54% faster with the older mitigation in StressNG(context switching). This is a purely synthetic test which, I believe, basically just does a bunch of context switches in a row and times how long it takes the CPU to get through them. This is basically just to test context switching impact but is not really going to tell you much about real world performance impact as context switching is typically a small part of a CPUs computational flow.
It might have a very bad impact on DB workloads inside a VM, since DB's seem to do quite a bit of context switches while performing I/O activities.
 

deasd

Senior member
Dec 31, 2013
343
247
116
WTF.... looking forward to the vulnerability mitigation on Windows.... looks like situation still favor AMD like years before?

Tom's has an explaination about Stress-NG(context switch) where zen3's perf being poorly hammered:

The Ryzen 9 5950X (Vermeer) suffered a 54% performance reduction with the Stress-NG (Context Switching) benchmark. Stress-NG is similar to Prime95 for Windows users, so it isn't the most relevant metric for measuring performance from a consumer workload standpoint. However, the Ryzen 9 5950X held up pretty well besides that specific benchmark. There was only a 5.3% and 5% drop in networking and storage performance, respectively. In comparison, the Core i9-12900K (Alder Lake) experienced performance hits of 26.7% and 14.5% in the networking and storage department.
 
  • Like
Reactions: BTRY B 529th FA BN
Thread starter Similar threads Forum Replies Date
G CPUs and Overclocking 38

ASK THE COMMUNITY