Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

[nicalandia]

Well, Well, Well look what we have here


"The new exploit impacts all Intel processors released in the last several years and specific Arm core processors. Intel processors affected include the most recent 12th Gen Core Alder Lake CPUs. Surprisingly, AMD chips have shown no effect from the vulnerability at this time. "

Spectre V2 vulnerability strikes again in Intel Alder Lake & Arm CPUs, AMD chips unharmed

Intel Alder Lake and Arm CPUs attacked by the reoccurrence of Spectre V2 in a brand new branch history interface attack yesterday.

wccftech.com

 

[amd6502]

Well, Well, Well look what we have here


"The new exploit impacts all Intel processors released in the last several years and specific Arm core processors. Intel processors affected include the most recent 12th Gen Core Alder Lake CPUs. Surprisingly, AMD chips have shown no effect from the vulnerability at this time. "

Spectre V2 vulnerability strikes again in Intel Alder Lake & Arm CPUs, AMD chips unharmed

Intel Alder Lake and Arm CPUs attacked by the reoccurrence of Spectre V2 in a brand new branch history interface attack yesterday.

wccftech.com

Yet another one, that affects many cores outside of x86. No idea on how this one works, but I think it would be useful for processors to have some MSR two bit integer flag to select how aggressive the speculative execution, with the lowest value being no speculative execution.

As far as x86 affected cores, on AMD's side, it affects zens and excavator, but apparently not piledriver (eg FX series), or even steamroller; olde K10 might be unaffected as well.

 

[Hitman928]

Yet another one, that affects many cores outside of x86. No idea on how this one works, but I think it would be useful for processors to have some MSR two bit integer flag to select how aggressive the speculative execution, with the lowest value being no speculative execution.

As far as x86 affected cores, on AMD's side, it affects zens and excavator, but apparently not piledriver (eg FX series), or even steamroller; olde K10 might be unaffected as well.

The article states that AMD CPUs are unaffected. Where are you seeing that Zen and Excavator are vulnerable to this?

 

[igor_kavinski]

The article states that AMD CPUs are unaffected.

Spectre is back from the dead (fudzilla.com)

Phoronix however said that the LFENCE-based mitigation is deemed no longer sufficient for mitigating Spectre V2 attacks. Now the Linux kernel will use return trampolines “retpolines” by default on all AMD processors.

“Various AMD CPUs have already defaulted to using Retpolines for Spectre V2 mitigations, while now it will be the default across the board for AMD processors,” the magazine wrote.

Vusec provided further insight into how the exploit can find its way through mitigations that are already in place.

While hardware mitigations prevent an attacker from injecting predictor entries for the kernel, they can still make use of a global history in order to select target entries to speculatively execute. “And the attacker can poison this history from Userland to force the kernel to mispredict to more “interesting” kernel targets that leak data,” the report added.

I think this is where he got this idea that AMD may also be vulnerable.

 

[Hitman928]

Spectre is back from the dead (fudzilla.com)



I think this is where he got this idea that AMD may also be vulnerable.

That's been known for a while and has applied since before this new vulnerability was known. Even in the fudzilla article it specifically mentions that AMD CPUs don't appear to be affected by BHI, so I don't see where the idea that AMD CPUs are affected is coming from.

 

[amd6502]

Spectre is back from the dead (fudzilla.com)



I think this is where he got this idea that AMD may also be vulnerable.

Yup, I lost the link but it could well be from Fudzilla which I like to follow (Nick has great humor).

So looking at the AMD running index of security advisories there are two entries, both CVE's of speculative execution vulverability: 1. poor LFENCE mitigation and 2. "may execute beyond unconditional direct branches":

1. https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036

2. https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026

So the first is a realization of a previous patch to mitivgate spectre v2-2 isn't adequate, and this affects Zens but not Bulldozer family.

The 2nd, is a new proof of concept vulnerability that affects Zens as well as excavator (the last generation of the BD family). It seems like it would be difficult to exploit---speculative branches that affect cache contents and can in theory result in data leakage.

 

[Hitman928]

Yup, I lost the link but it could well be from Fudzilla which I like to follow (Nick has great humor).

So looking at the AMD running index of security advisories there are two entries, both CVE's of speculative execution vulverability: 1. poor LFENCE mitigation and 2. "may execute beyond unconditional direct branches":

1. https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036

2. https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026

So the first is a realization of a previous patch to mitivgate spectre v2-2 isn't adequate, and this affects Zens but not Bulldozer family.

The 2nd, is a new proof of concept vulnerability that affects Zens as well as excavator (the last generation of the BD family).

Neither of these are BHI which was the topic of the post you were replying to. . .

 

[amd6502]

Neither of these are BHI which was the topic of the post you were replying to. . .

Yes that's right. BHI = branch history injection.

The lfence mitigation is supposed to fix Branch Target Injction. That March AMD security advisory on lfence patch might've been in response to this study.

 

[Hitman928]

Yes that's right. BHI = branch history injection.

The lfence mitigation is supposed to fix Branch Target Injction. That March AMD security advisory on lfence patch might've been in response to this study.

Yes, that is what it is in response to. AMD thanked them in their notes after updating their mitigation recommendations for that vulnerability.

Which brings us back to, AMD CPUs appear to not be affected by the newly discovered BHI, which @nicalandia posted about.

 

[nicalandia]

Quite the performance hit.


"Branch History Injection (BHI), a new flavor of the Spectre-v2 vulnerability that affects both new and old Intel processors and specific Arm models, recently came to light. Linux publication Phoronix conducted testing that shows the new BHI mitigations could produce severe performance penalties up to 35%. "

https://www.tomshardware.com/news/intel-cpus-performance-hit-spectre-v2-migitations

 

[thecoolnessrune]

Is that on top of the other mitigations or assuming no other mitigations are in place I wonder?

 

[nicalandia]

Is that on top of the other mitigations or assuming no other mitigations are in place I wonder?

On Top. It's like paying for Alder lake and getting a Haswell due to the performance hit(at least on some apps, most desktop users will not notice any difference, but at the Server Level they are just hammered), they say internet browsing is not affected, thanks God.

In Light Of Spectre BHI, The Performance Impact For Retpolines On Modern Intel CPUs - Phoronix

www.phoronix.com

AMD for their part isn't believed to be affected by BHI and has still been making use of Retpolines on newer Zen processors. They did discover though their LFENCE/JMP-focused AMD Retpolines implementation to be racy and thus are now moving to use generic Retpolines instead.

 

[igor_kavinski]

Intel keeps getting hammered by these vulnerability bombs in the exact workloads that their server CPUs need to perform well in to be competitive with AMD's server monsters. It's like Karma is being dished out to them for being so mean and dismissive to AMD all those years ago when they thought AMD was just an annoying fly buzzing around them and not letting them enjoy their ice cream.

 

[nicalandia]

Thanks to Michael at Phoronix for his testing, it's really impressive

The Performance Impact Of AMD Changing Their Retpoline Method For Spectre V2 - Phoronix

www.phoronix.com

So only a few % impact on AMD and a Massive one for Intel. Let see how that plays out when Sapphire Rapids comes out

 

[ondma]

Intel keeps getting hammered by these vulnerability bombs in the exact workloads that their server CPUs need to perform well in to be competitive with AMD's server monsters. It's like Karma is being dished out to them for being so mean and dismissive to AMD all those years ago when they thought AMD was just an annoying fly buzzing around them and not letting them enjoy their ice cream.

Seems like everyone is for "competition" except when it is Intel becoming competitive.

 

[DrMrLordX]

On Top. It's like paying for Alder lake and getting a Haswell due to the performance hit

To be fair, most Alder Lake users are just going to ignore the mitigations or turn them off (if they know how; eventually MS may patch this stuff in unless Intel convinces them to do otherwise). It's going to be more of an issue for enterprise/professional-level users where security protocol will require the mitigations eventually.

That being said, it is rather embarrassing for Intel that after all that hoopla that they built yet another performance-killing security vulnerability into their latest and greatest CPUs.

Seems like everyone is for "competition" except when it is Intel becoming competitive.

Plenty of people have an axe to grind with Intel's past behavior. Some grudges just don't die.

 

[Markfw]

Plenty of people have an axe to grind with Intel's past behavior. Some grudges just don't die.

The first vunerability (and I will get the wording wrong) They let some access cache before checking if they have the right, then AFTER they have all the data, they check the permission and deny. That's letting the cow out of the barn before you milk it, anybody can then get it.

So they continue this crap, then they claim "AND is in the rear view mirror and will never see our headlight again". The whole thing with the high wattage on the 12900k is to claim "winner". They keep trying every dirty trick to get in the lead or stay in the lead. Not caring about the customer, just $$$$$

 

[nicalandia]

Seems like everyone is for "competition" except when it is Intel becoming competitive.

By cutting Corners? Is that how they become competitive again? Look Intel gets hammered by this new Spectre Variant 2, The Intel Team scrambles to see if AMD is also accepted. They find out that it may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. AMD Thanks them(The Intel Team) for their work, issues a better mitigation(Generic Retpolines), Phoronix test them and they are within a few percentage of the original. In the mean time Intel is affected by double digit % performance hit.

 

[BTRY B 529th FA BN]

tl:dr. Just seen the Phoronix article this morning

Correct me if I'm wrong but someone said in another thread up to 54% I/O loss for desktop chips e.g. 5950x, What?

 

[Hitman928]

tl:dr. Just seen the Phoronix article this morning

Correct me if I'm wrong but someone said in another thread up to 54% I/O loss for desktop chips e.g. 5950x, What?

The 5950x was 54% faster with the older mitigation in StressNG(context switching). This is a purely synthetic test which, I believe, basically just does a bunch of context switches in a row and times how long it takes the CPU to get through them. This is basically just to test context switching impact but is not really going to tell you much about real world performance impact as context switching is typically a small part of a CPUs computational flow.

The rest of the benchmarks, most of which are more real world, don't show near this dramatic of a difference. On average, it's a few percent slower. Specifically for IO, the test showed the 5950x was 5% faster with the older mitigation compared to the new one. The browser benchmarks were actually slightly faster with the new mitigation.

 

[nicalandia]

I wish Phoronix would have done an Intel vs AMD with Mitigations on for Spectre V2, They did two separate threads on it so I put together the information in common they have.

 

[Hitman928]

I wish Phoronix would have done an Intel vs AMD with Mitigations on for Spectre V2, They did two separate threads on it so I put together the information in common they have.

View attachment 58547

The Stress-NG tests you have here are not the same for AMD and Intel. The AMD test is context switching, the Intel test is socket activity. They are very different tests and shouldn't be used to compare impact between AMD and Intel. The context switching test wasn't run for Intel.

 

[nicalandia]

The Stress-NG tests you have here are not the same for AMD and Intel. The AMD test is context switching, the Intel test is socket activity. They are very different tests and shouldn't be used to compare impact between AMD and Intel. The context switching test wasn't run for Intel.

True, I wish there were Apples to Apples tests done.

 

[igor_kavinski]

The 5950x was 54% faster with the older mitigation in StressNG(context switching). This is a purely synthetic test which, I believe, basically just does a bunch of context switches in a row and times how long it takes the CPU to get through them. This is basically just to test context switching impact but is not really going to tell you much about real world performance impact as context switching is typically a small part of a CPUs computational flow.

It might have a very bad impact on DB workloads inside a VM, since DB's seem to do quite a bit of context switches while performing I/O activities.

 

[deasd]

WTF.... looking forward to the vulnerability mitigation on Windows.... looks like situation still favor AMD like years before?

Tom's has an explaination about Stress-NG(context switch) where zen3's perf being poorly hammered:

https://www.tomshardware.com/news/amd-cpus-see-less-than-10-performance-drop-from-revised-spectre-v2-mitigations

The Ryzen 9 5950X (Vermeer) suffered a 54% performance reduction with the Stress-NG (Context Switching) benchmark. Stress-NG is similar to Prime95 for Windows users, so it isn't the most relevant metric for measuring performance from a consumer workload standpoint. However, the Ryzen 9 5950X held up pretty well besides that specific benchmark. There was only a 5.3% and 5% drop in networking and storage performance, respectively. In comparison, the Core i9-12900K (Alder Lake) experienced performance hits of 26.7% and 14.5% in the networking and storage department.