Wednesday, January 3rd 2018

AMD Struggles to Be Excluded from Unwarranted Intel VT Flaw Kernel Patches

Intel is secretly firefighting a major hardware security vulnerability affecting its entire x86 processor lineup. The hardware-level vulnerability allows unauthorized memory access between two virtual machines (VMs) running on a physical machine, due to Intel's flawed implementation of its hardware-level virtualization instruction sets. OS kernel-level software patches to mitigate this vulnerability, come at huge performance costs that strike at the very economics of choosing Intel processors in large-scale datacenters and cloud-computing providers, over processors from AMD. Ryzen, Opteron, and EPYC processors are inherently immune to this vulnerability, yet the kernel patches seem to impact performance of both AMD and Intel processors.

Close inspection of kernel patches reveal code that forces machines running all x86 processors, Intel or AMD, to be patched, regardless of the fact that AMD processors are immune. Older commits to the Linux kernel git, which should feature the line "if (c->x86_vendor != X86_VENDOR_AMD)" (condition that the processor should be flagged "X86_BUG_CPU_INSECURE" only if it's not an AMD processor), have been replaced with the line "/* Assume for now that ALL x86 CPUs are insecure */" with no further accepted commits in the past 10 days. This shows that AMD's requests are being turned down by Kernel developers. Their intentions are questionable in the wake of proof that AMD processors are immune, given that patched software inflicts performance penalties on both Intel and AMD processors creating a crony "level playing field," even if the latter doesn't warrant a patch. Ideally, AMD should push to be excluded from this patch, and offer to demonstrate the invulnerability of its processors to Intel's mess.
Source: Phoronix Forums
Add your own comment

142 Comments on AMD Struggles to Be Excluded from Unwarranted Intel VT Flaw Kernel Patches

#1
jigar2speed
qubit said:
'tis nothing, don't make such a big deal out of it! This patch simply puts everyone on a level playing field to make things fair.

#intelapologiststrikesagain
LOL, nice one.
Posted on Reply
#2
notb
RejZoR said:
Any penalty sucks, even if just 5%. You bought the CPU based on reviews that said otherwise. And now it'll get gimped.
Here's the thing. Datacenters don't buy CPUs based on reviews. :)
In fact most PC owners don't look at reviews, nor would they understand them. Even many gamers don't.

Yes, this is an important issue, but many of you are overestimating it's importance for the whole market.
I mean: isn't the main argument of Intel critics that they only provide 5% with each generation? That it's nothing, marginal, irrelevant? That Kaby Lake is just a revamped Haswell or something?
So now we have a CPU design flaw that, on average, moves us a generation back. Why is it suddenly such a deal for the same people? :)

I like the +5% yearly, so I should be pissed off when it's taken away from me. And I might be, but I'm waiting for the patch. We'll see what it does to my PC. Possibly (hopefully) not much.

eidairaman1 said:
Well it is a serious flaw that Intel has @notb. What's the matter don't like the fact your precious intel has the issue and they are so corrupt to try and force a patch for ms to auto download on w10 systems?
Of course it's a serious flaw, But there is a difference between 5% and 30% - all I'm saying. If it's 5%, most people won't even notice.

BTW:
Bullseye on auto-update. I have nothing against it. Actually, since I moved to W10 on all my PCs, I stopped worrying about the updates, I stopped reading their descriptions and so on. It saves a lot of time. You're thinking less about technical issues and more about actual problems. It's like moving from C++ to C# (although C++ evolved anyway).

Think about how incoherent people are. Almost no one cares about how a new OS version differs from the previous one. Yet, so many people freak out about updates.
I know it slightly harms your ego, because you're "an enthusiast", you want to have control over your PC and so on. But productivity-wise, it really saves a lot of time. I'm trusting a 3rd party cleaning company with my suits, so why would I not trust Microsoft or Intel with my PC? :)
theoneandonlymrk said:
Is this just affecting the performance of vm's using the linux kernal??
No, it will affect all PCs. But the issue itself is more severe on servers. (security-wise).
But here's some consolation, in case you worry too much. Performance of your desktop is compromised by server-specific needs anyway. It's been like that since the architectures were unified. :)
Posted on Reply
#3
theoneandonlymrk
notb said:
Here's the thing. Datacenters don't buy CPUs based on reviews. :)
In fact most PC owners don't look at reviews, nor would they understand them. Even many gamers don't.

Yes, this is an important issue, but many of you are overestimating it's importance for the whole market.
I mean: isn't the main argument of Intel critics that they only provide 5% with each generation? That it's nothing, marginal, irrelevant? That Kaby Lake is just a revamped Haswell or something?
So now we have a CPU design flaw that, on average, moves us a generation back. Why is it suddenly such a deal for the same people? :)

I like the +5% yearly, so I should be pissed off when it's taken away from me. And I might be, but I'm waiting for the patch. We'll see what it does to my PC. Possibly (hopefully) not much.


Of course it's a serious flaw, But there is a difference between 5% and 30% - all I'm saying. If it's 5%, most people won't even notice.

BTW:
Bullseye on auto-update. I have nothing against it. Actually, since I moved to W10 on all my PCs, I stopped worrying about the updates, I stopped reading their descriptions and so on. It saves a lot of time. You're thinking less about technical issues and more about actual problems. It's like moving from C++ to C# (although C++ evolved anyway).

Think about how incoherent people are. Almost no one cares about how a new OS version differs from the previous one. Yet, so many people freak out about updates.
I know it slightly harms your ego, because you're "an enthusiast", you want to have control over your PC and so on. But productivity-wise, it really saves a lot of time. I'm trusting a 3rd party cleaning company with my suits, so why would I not trust Microsoft or Intel with my PC? :)

No, it will affect all PCs. But the issue itself is more severe on servers. (security-wise).
But here's some consolation, in case you worry too much. Performance of your desktop is compromised by server-specific needs anyway. It's been like that since the architectures were unified. :)
Im not worried i can refuse the patch but don't play down the fact intels CPU design this last few generations has been a shit storm of failure on the security front or the fact that it's underhanded bullshit to apply this fix unilaterally.
Posted on Reply
#4
RejZoR
Admins of data centers also know the performance metrics. Having a performance penalty of up to 30% on Intel CPU kinda screws things up pretty badly. Especially if you just spent few millions on brand new clusters where you were hoping for that extra gain and you basically end up on performance levels of your old clusters. That kinda sucks doesn't it?
Posted on Reply
#5
Jism
Exactly. You have to understand that within DC's there are clusters of Intel based CPU's running 24/7. A penalty of 5% up to 30% can run very large into numbers depending on type of workload. So yeah, intel is having a situation here.
Posted on Reply
#6
eidairaman1
The Exiled Airman
I smell class action for misrepresenting and allowing a flawed product line dating to 2007 till now to be pushed upon end users.
Posted on Reply
#7
notb
RejZoR said:
Admins of data centers also know the performance metrics.
But not from reviews. :-)
Performance is not the most important issue in datacenters. So yes, 5% is a bummer, but it's also not the end of the world. People will still buy Xeons. It's just that Intel may be forced to lower prices a bit to a more adequate level.
Having a performance penalty of up to 30% on Intel CPU kinda screws things up pretty badly. Especially if you just spent few millions on brand new clusters where you were hoping for that extra gain and you basically end up on performance levels of your old clusters. That kinda sucks doesn't it?
No one said it doesn't suck. And BTW: from what I've seen it's at least up to 50%. So if you want to use an extreme case, do it properly. :-)
Posted on Reply
#8
RejZoR
No, 25-30% is then a good average if 50% is an absolute extreme case...
Posted on Reply
#9
eidairaman1
The Exiled Airman
RejZoR said:
No, 25-30% is then a good average if 50% is an absolute extreme case...
Either way it is unacceptable
Posted on Reply
#10
Hugh Mungus
notb said:
But not from reviews. :)
Performance is not the most important issue in datacenters. So yes, 5% is a bummer, but it's also not the end of the world. People will still buy Xeons. It's just that Intel may be forced to lower prices a bit to a more adequate level.

No one said it doesn't suck. And BTW: from what I've seen it's at least up to 50%. So if you want to use an extreme case, do it properly. :)
Except datacenters get a 30% performance decrease! MAJOR companies suddenly will have 30% slower cloud servers!!!!! That's going to piss them off for sure!!!!
Posted on Reply
#11
notb
eidairaman1 said:
I smell class action for misrepresenting and allowing a flawed product line dating to 2007 till now to be pushed upon end users.
Class action seems groundless. It's a product fault, not misrepresenting, and Intel is going to fix it as much as it can.
But on the other hand, fixing this will generate some costs in large datacenters and this is something with a lawsuit potential - but only for companies that still use flawed CPUs, not all that had since 2007.
RejZoR said:
No, 25-30% is then a good average if 50% is an absolute extreme case...
That's some wicked math going on. How did you estimate this? :-D
Posted on Reply
#12
Hugh Mungus
notb said:
Class action seems groundless. It's a product fault, not misrepresenting, and Intel is going to fix it as much as it can.
But on the other hand, fixing this will generate some costs in large datacenters and this is something with a lawsuit potential - but only for companies that still use flawed CPUs, not all that had since 2007.

That's some wicked math going on. How did you estimate this? :-D
ALL the CPU's from Intel the last ten years have the flaw!!!! Some of the most powerful supercomputers can be slowed down by 30%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Posted on Reply
#13
RejZoR
notb said:
Class action seems groundless. It's a product fault, not misrepresenting, and Intel is going to fix it as much as it can.
But on the other hand, fixing this will generate some costs in large datacenters and this is something with a lawsuit potential - but only for companies that still use flawed CPUs, not all that had since 2007.

That's some wicked math going on. How did you estimate this? :-D
The most basic math? If 5% is lowest estimate and 50% the highest, where is the rough middle?
Posted on Reply
#14
eidairaman1
The Exiled Airman
notb said:
Class action seems groundless. It's a product fault, not misrepresenting, and Intel is going to fix it as much as it can.
But on the other hand, fixing this will generate some costs in large datacenters and this is something with a lawsuit potential - but only for companies that still use flawed CPUs, not all that had since 2007.

That's some wicked math going on. How did you estimate this? :-D
There is no fixing it without refabing the chips, otherwise it's a patch that drops performance 5-30% and they are trying to force it on all users when the flaw isn't in AMD parts. Stop trying to minimize and deflect the issue.

The Jig is up, just give up dude.
Posted on Reply
#15
HTC
hellrazor said:
Linux has a -nopti kernel boot option for us Linux+AMD users.
How does one go about using it?

Though i'm now more familiar with Linux, this sort of thing is still out of my reach.

theGryphon said:
For advanced Linux users, there is no concern, you can even compile your own kernel excluding your system from this patch. But most are not that advanced, so this is some serious BS if left like this. I'm hoping that this is a one-for-all emergency response that can be rectified once AMD processors are (hopefully) cleared after some investigation...
They better well be. When that happens, i'd demand a nice compensation, if i were in AMD's shoes!
Posted on Reply
#16
qubit
Overclocked quantum bit
I'm beginning to wonder if this serious enough to warrant a product recall and replacement with a later stepping that has this flaw fixed? Waddya think, @eidairaman1 ?

It will cost them millions of that's the case, lol.
Posted on Reply
#17
R0H1T
notb said:
Class action seems groundless. It's a product fault, not misrepresenting, and Intel is going to fix it as much as it can.
But on the other hand, fixing this will generate some costs in large datacenters and this is something with a lawsuit potential - but only for companies that still use flawed CPUs, not all that had since 2007.

That's some wicked math going on. How did you estimate this? :-D
Depends on how long they've known about this, or were informed about it. Like I said in the other thread, this flaw was possibly revelead back in 2016, so if somehow it went unpatched & Intel/MS/Linus just sat on it till they found the attack vector affecting systems in the wild & then issued this emergency patch, then they're all in trouble. More so the cloud vendors than Intel itself atm, of course someone like Google/FB/Amazon could just sue Intel if there's any litigation coming their way due to this, or even a performance impact due to that 5~30% (or more) drop in performance.

I'm more interested in how old(er) OS' can be affected by it, if so then Intel's really effed o_O
Posted on Reply
#18
notb
Hugh Mungus said:
ALL the CPU's from Intel the last ten years have the flaw!!!! Some of the most powerful supercomputers can be slowed down by 30%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
The number of "!" is growing quickly!

Since this is a security issue, most supercomputers will be perfectly safe. Admins will simply ignore this patch. Linux kernels in supercomputers are highly customized anyway.
This is an issue for datacenters.

What I meant is that you'd have to use a faulty CPU at the moment, not just have owned it in the past. So it's not about all CPUs made since 2007. You won't be able to sue Intel for a CPU that you've thrown away, because you haven't lost anything.

RejZoR said:
The most basic math? If 5% is lowest estimate and 50% the highest, where is the rough middle?
Please don't tempt me...
Posted on Reply
#19
dorsetknob
"YOUR RMA REQUEST IS CON-REFUSED"
notb said:
Class action seems groundless. It's a product fault,
sorry mate for someone thats a 2nd rate tr**l you seem to ignore 1st rate reason for a class action ie faulty product (with known but undisclosed till now fault)
Posted on Reply
#20
eidairaman1
The Exiled Airman
qubit said:
I'm beginning to wonder if this serious enough to warrant a product recall and replacement with a later stepping that has this flaw fixed? Waddya think, @eidairaman1 ?

It will cost them millions of that's the case, lol.
Intel has been trying to hide these flaws for 10+years now.

I think they should be required to replace all of those parts corps bought recently and pull all affected parts from markets till the flaws are eliminated, on top of that give discounts to users of oldest parts towards system upgrades to parts without flaws and close up all backdoors. Release said patch for intel only temporarily and not force it on everyone.

I think this is a part of the reason why Intel switched CEOs recently

dorsetknob said:
sorry mate for someone thats a 2nd rate tr**l you seem to ignore 1st rate reason for a class action ie faulty product (with known but undisclosed till now fault)
Yup
Posted on Reply
#21
RejZoR
Can't wait to see Intel releasing new generation and bragging about % performance differences to these flawed gen patched parts...
Posted on Reply
#22
eidairaman1
The Exiled Airman
RejZoR said:
Can't wait to see Intel releasing new generation and bragging about % performance differences to these flawed gen patched parts...
Yup with another socket change smh...
Posted on Reply
Add your own comment