Wednesday, January 3rd 2018

AMD Struggles to Be Excluded from Unwarranted Intel VT Flaw Kernel Patches

Intel is secretly firefighting a major hardware security vulnerability affecting its entire x86 processor lineup. The hardware-level vulnerability allows unauthorized memory access between two virtual machines (VMs) running on a physical machine, due to Intel's flawed implementation of its hardware-level virtualization instruction sets. OS kernel-level software patches to mitigate this vulnerability, come at huge performance costs that strike at the very economics of choosing Intel processors in large-scale datacenters and cloud-computing providers, over processors from AMD. Ryzen, Opteron, and EPYC processors are inherently immune to this vulnerability, yet the kernel patches seem to impact performance of both AMD and Intel processors.

Close inspection of kernel patches reveal code that forces machines running all x86 processors, Intel or AMD, to be patched, regardless of the fact that AMD processors are immune. Older commits to the Linux kernel git, which should feature the line "if (c->x86_vendor != X86_VENDOR_AMD)" (condition that the processor should be flagged "X86_BUG_CPU_INSECURE" only if it's not an AMD processor), have been replaced with the line "/* Assume for now that ALL x86 CPUs are insecure */" with no further accepted commits in the past 10 days. This shows that AMD's requests are being turned down by Kernel developers. Their intentions are questionable in the wake of proof that AMD processors are immune, given that patched software inflicts performance penalties on both Intel and AMD processors creating a crony "level playing field," even if the latter doesn't warrant a patch. Ideally, AMD should push to be excluded from this patch, and offer to demonstrate the invulnerability of its processors to Intel's mess.
Source: Phoronix Forums
Add your own comment

142 Comments on AMD Struggles to Be Excluded from Unwarranted Intel VT Flaw Kernel Patches

#2
RejZoR
Heh, of course AMD is fighting it off. Why should they get a performance hit for properly doing their CPU's? Of course Intel will do everything to make that happen, so there won't be a massive up to 30% performance gap between their CPU's and AMD's. If they both get penalized, it'll look like nothing happened because the baseline will just be moved 30% lower for both. But if only Intel gets a 30% perfomance hit, that's quite signficant. People should keep an eye on this so the slowdown won't happen for both, but just for Intel. It's their cockup, they should be penalized for it, not AMD. If the issue was reverse, it would be natural to demand or expect the same from AMD. Only making them learn from expensive mistakes will ensure they make shit properly and avoid such awful mistakes...
Posted on Reply
#3
Hugh Mungus
"RejZoR said:
Heh, of course AMD is fighting it off. Why should they get a performance hit for properly doing their CPU's? Of course Intel will do everything to make that happen, so there won't be a massive up to 30% performance gap between their CPU's and AMD's. If they both get penalized, it'll look like nothing happened because the baseline will just be moved 30% lower for both. But if only Intel gets a 30% perfomance hit, that's quite signficant. People should keep an eye on this so the slowdown won't happen for both, but just for Intel. It's their cockup, they should be penalized for it, not AMD. If the issue was reverse, it would be natural to demand or expect the same from AMD. Only making them learn from expensive mistakes will ensure they make shit properly and avoid such awful mistakes...
I'll let Americans sue both Intel and Kernel makers.
Posted on Reply
#5
Jism
Owned. Some people are in panic here. Immediatly releasing a patch that simply kills off the competition.
Posted on Reply
#6
qubit
Overclocked quantum bit
"Their intentions are questionable in the wake of proof that AMD processors are immune, given that patched software inflicts performance penalties on both Intel and AMD processors creating a crony "level playing field," even if the latter doesn't warrant a patch. Ideally, AMD should push to be excluded from this patch, and offer to demonstrate the invulnerability of its processors to Intel's mess."

This really pisses me off. It looks like Intel have used their power and influence to corrupt the open source scene to put AMD at the same disadvantage as them and thus stifle competition. They always seem to get away with these tactics too. Remember when AMD was first with a 64-bit x86 CPU way back around 2005, but Microsoft mysteriously held back the release of 64-bit Windows XP until Intel was ready with their own 64-bit CPUs over a year later? This totally nullified AMD's big advantage, thus stifling competition. So out of order. :nutkick:
Posted on Reply
#7
ArbitraryAffection
Intel is a scummy corporation, force it on AMD too because of their mistake. Despite the fact that I likely will not use any workload affected (or at least I hope so) as a Ryzen owner I sincerely hope AMD doesn't get affected out of principle.
Posted on Reply
#8
notb
I don't see how this would work in a long term. Architecture split? Windows for Intel64 and AMD64? I doubt this is what AMD would want.
"RejZoR said:
Of course Intel will do everything to make that happen, so there won't be a massive up to 30% performance gap between their CPU's and AMD's. If they both get penalized, it'll look like nothing happened because the baseline will just be moved 30% lower for both.
The 30% figure is a pretty extreme case (a particular load), so it somehow evens out AMD's instruction set disadvantage. It's supposed to be more like 5% in general case - still a lot.
"eidairaman1 said:
Waiting for trolls to deflect and try minimizing the ARCHITECTURE FLAW in intel cpus
Oh man... you're just running around this forum, posting a link to this story in different threads - some inactive for more than a week. Talking about trolling...
Posted on Reply
#9
eidairaman1
The Exiled Airman
Well it is a serious flaw that Intel has @notb. What's the matter? You don't like the fact your precious intel has been exposed for the lies all these years? They tried hiding this serious security/performance flaw for 10+ years. They are so corrupt to try and force a patch for ms to auto download on w10 systems that they should be sued.

Well here's proof read'em and weep.
Posted on Reply
#10
RejZoR
Any penalty sucks, even if just 5%. You bought the CPU based on reviews that said otherwise. And now it'll get gimped.

EDIT:
Btw, wasn't it released that this flaw doesn't affect 6th series and below? Or was that for some other flaw? But I think it was like this, because I know I was releaved when I heard my 5820K wasn't affected back then...
Posted on Reply
#11
Jism
I am glad that i am sticking with W7, and when that expires, head over to Linux. Mature enough by now and alot you can do with Wine. All the goods without the privacy tampering, forced (driver) updates and what more. It sucks for Intel and proberly other vendors such as VIA as well that these processors get the same penalty due to a flaw in Intel CPU's. So they create a patch that they coud'nt come up with any better harming now other companies and CPU's.

Intel needs to work on the IME / security / rough testing of their CPU's before actually releasing. But they are actually taking the risc that CPU's might leave the factory with critical bugs. This reminds me being on a shared (hosting) server, with SSH you could simply inspect the unix TMP map and grab data from various users on the same server, where normally you woud'nt had any acces to. Accessing one VM from another VM instance is pretty much bad.
Posted on Reply
#12
Imsochobo
"notb said:
I don't see how this would work in a long term. Architecture split? Windows for Intel64 and AMD64? I doubt this is what AMD would want.

The 30% figure is a pretty extreme case (a particular load), so it somehow evens out AMD's instruction set disadvantage. It's supposed to be more like 5% in general case - still a lot.

Oh man... you're just running around this forum, posting a link to this story in different threads - some inactive for more than a week. Talking about trolling...
In some cases even more!
https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2

In others, none but it will be quite severe
Posted on Reply
#13
nem..
copi-pasta
https://www.reddit com/r/hardware/comments/7nngqd/intel_bug_incoming/
There is evidence of a massive Intel CPU hardware bug (currently under embargo) that directly affects big cloud providers like Amazon and Google. The fix will introduce notable performance penalties on Intel machines (30-35%).

People have noticed a recent development in the Linux kernel: a rather massive, important redesign (page table isolation) is being introduced very fast for kernel standards... and being backported! The "official" reason is to incorporate a mitigation called KASLR... which most security experts consider almost useless. There's also some unusual, suspicious stuff going on: the documentation is missing, some of the comments are redacted ([MEDIA=twitter]947147105684123649[/MEDIA]) and people with Intel, Amazon and Google emails are CC'd.

According to one of the people working on it, PTI is only needed for Intel CPUs, AMD is not affected by whatever it protects against (https://lkml.org/lkml/2017/12/27/2). PTI affects a core low-level feature (virtual memory) and has severe performance penalties: 29% for an i7-6700 and 34% for an i7-3770S, according to Brad Spengler from grsecurity. PTI is simply not active for AMD CPUs. The kernel flag is named X86_BUG_CPU_INSECURE and its description is "CPU is insecure and needs kernel page table isolation".

Microsoft has been silently working on a similar feature since November: [MEDIA=twitter]930412525111296000[/MEDIA]

People are speculating on a possible massive Intel CPU hardware bug that directly opens up serious vulnerabilities on big cloud providers which offer shared hosting (several VMs on a single host), for example by letting a VM read from or write to another one.

EDIT1: the examples of the i7 series, are just examples. This affects all Intel platforms as far as I can tell.
Posted on Reply
#14
eidairaman1
The Exiled Airman
"Jism said:
I am glad that i am sticking with W7, and when that expires, head over to Linux. Mature enough by now and alot you can do with Wine. All the goods without the privacy tampering, forced (driver) updates and what more. It sucks for Intel and proberly other vendors such as VIA as well that these processors get the same penalty due to a flaw in Intel CPU's. So they create a patch that they coud'nt come up with any better harming now other companies and CPU's.

Intel needs to work on the IME / security / rough testing of their CPU's before actually releasing. But they are actually taking the risc that CPU's might leave the factory with critical bugs. This reminds me being on a shared (hosting) server, with SSH you could simply inspect the unix TMP map and grab data from various users on the same server, where normally you woud'nt had any acces to. Accessing one VM from another VM instance is pretty much bad.
If ms forces this on all users AMD needs to write their own that removes the patch from AMD systems completely
Posted on Reply
#15
Jism
I guess it's that critical that there is no time to exactly figure out what is going on and exactly write a intel patch only. Someone decided to fully disable some feature and push it out causing AMD cpu's to be penalised as well for it.
Posted on Reply
#16
eidairaman1
The Exiled Airman
"nem.. said:
some webs are talking about 35% i mean some extreme cases perhaps
Check your private messages by using the envelope icon

"Jism said:
I guess it's that critical that there is no time to exactly figure out what is going on and exactly write a intel patch only. Someone decided to fully disable some feature and push it out causing AMD cpu's to be penalised as well for it.
They did it to keep an anti competitive practice going, theyve been underhanded since super 7 days
Posted on Reply
#17
fullinfusion
Vanguard Beta Tester
"eidairaman1 said:
Waiting for trolls to deflect and try minimizing the ARCHITECTURE FLAW in intel cpus
I'm trying to rationalize something here... Why do these news feeds seem like 2-3 days old and just now showing up here? Am I going into the future or am I just nuts?? Or is the driver snoozing while supposed to be driving!
Posted on Reply
#18
eidairaman1
The Exiled Airman
"fullinfusion said:
I'm trying to rationalize something here... Why do these news feeds seem like 2-3 days old and just now showing up here? Am I going into the future or am I just nuts?? Or is the driver snoozing while supposed to be driving!
You are at home bro lol Im off. This is extremely current news
Posted on Reply
#19
hellrazor
Linux has a -nopti kernel boot option for us Linux+AMD users.
Posted on Reply
#20
laszlo
amd can sue developers who made the patches without taking in consideration the immunity of their cpu's to this vulnerability and win in court anytime...

no matter how big intel influence, is suicidal to treat all x86 cpu's as flawed....

P.S.
amd only need to ask their lawyers to send out compensation request letters which have 8-10 digit numbers and for sure nobody will have the balls ($) to do what intel "recommend"
Posted on Reply
#21
fullinfusion
Vanguard Beta Tester
"eidairaman1 said:
You are at home bro lol Im off. This is extremely current news
That I read about 2 days ago via not HERE.. I think I posted a month ago or so I don't get my news here anymore.. have a good night man
Posted on Reply
#22
theGryphon
For advanced Linux users, there is no concern, you can even compile your own kernel excluding your system from this patch. But most are not that advanced, so this is some serious BS if left like this. I'm hoping that this is a one-for-all emergency response that can be rectified once AMD processors are (hopefully) cleared after some investigation...
Posted on Reply
#23
qubit
Overclocked quantum bit
"eidairaman1 said:
Waiting for trolls to deflect and try minimizing the ARCHITECTURE FLAW in intel cpus
'tis nothing, don't make such a big deal out of it! This patch simply puts everyone on a level playing field to make things fair.

#intelapologiststrikesagain
Posted on Reply
#24
theoneandonlymrk
"theGryphon said:
For advanced Linux users, there is no concern, you can even compile your own kernel excluding your system from this patch. But most are not that advanced, so this is some serious BS if left like this. I'm hoping that this is a one-for-all emergency response that can be rectified once AMD processors are (hopefully) cleared after some investigation...
Is this just affecting the performance of vm's using the linux kernal??
Posted on Reply
Add your own comment