Wednesday, January 3rd 2018

AMD Struggles to Be Excluded from Unwarranted Intel VT Flaw Kernel Patches

Intel is secretly firefighting a major hardware security vulnerability affecting its entire x86 processor lineup. The hardware-level vulnerability allows unauthorized memory access between two virtual machines (VMs) running on a physical machine, due to Intel's flawed implementation of its hardware-level virtualization instruction sets. OS kernel-level software patches to mitigate this vulnerability, come at huge performance costs that strike at the very economics of choosing Intel processors in large-scale datacenters and cloud-computing providers, over processors from AMD. Ryzen, Opteron, and EPYC processors are inherently immune to this vulnerability, yet the kernel patches seem to impact performance of both AMD and Intel processors.

Close inspection of kernel patches reveal code that forces machines running all x86 processors, Intel or AMD, to be patched, regardless of the fact that AMD processors are immune. Older commits to the Linux kernel git, which should feature the line "if (c->x86_vendor != X86_VENDOR_AMD)" (condition that the processor should be flagged "X86_BUG_CPU_INSECURE" only if it's not an AMD processor), have been replaced with the line "/* Assume for now that ALL x86 CPUs are insecure */" with no further accepted commits in the past 10 days. This shows that AMD's requests are being turned down by Kernel developers. Their intentions are questionable in the wake of proof that AMD processors are immune, given that patched software inflicts performance penalties on both Intel and AMD processors creating a crony "level playing field," even if the latter doesn't warrant a patch. Ideally, AMD should push to be excluded from this patch, and offer to demonstrate the invulnerability of its processors to Intel's mess.
Source: Phoronix Forums
Add your own comment

142 Comments on AMD Struggles to Be Excluded from Unwarranted Intel VT Flaw Kernel Patches

#126
Sasqui
I seriously doubt that the hit to AMD was intended, but who knows? The law of unintended consequences?

My question is this: Who here is affected by this kernel patch? For example, I've got Win 7 running on an i7-4790k, does it hit me? And how could you go about measuring the performance hit?
Posted on Reply
#127
EarthDog
Only time will tell... there are the 5-50% rumors out there.. I have heard of an academic workaround less than 1% and 30% for synthetic syscall loops too... who knows until its actually out there and tested.
Posted on Reply
#128
hellrazor
"HTC said:
How does one go about using it?

Though i'm now more familiar with Linux, this sort of thing is still out of my reach.
You can edit the kernel boot arguments by pressing 'e' when grub loads. I'm not sure if it'll be permanent that way, but if it isn't you can also edit /boot/grub/grub.cfg and put it in the arguments in each menuentry (in the line that looks something like linux /boot/vmlinuz-4.14.0-2-amd64 root=UUID=14c5fd8d-f9b1-4cf0-977c-da9a33337d15 ro quiet).

Also, it's pti=off now (for some reason).
Posted on Reply
#130
EarthDog
That link to barrons... I cannot see the article through the advertisement and not able to close it... lol wtf...lol
Posted on Reply
#132
Sasqui
"EarthDog said:
That link to barrons... I cannot see the article through the advertisement and not able to close it... lol wtf...lol
Yea, sorry - goto @xorbe 's link ;)
Posted on Reply
#133
Steevo
It's only a problem till someone reads something they shouldn't, like your password, cc info, user id, bitcoin wallet, social security info, and other stuff just by leasing multiple servers from any number of large companies using Intel CPUs.

This effects Intel and many ARM CPUs and only those.
Posted on Reply
#134
theoneandonlymrk
"notb said:
Well yes. This was a deal - Intel partly outsourced production to AMD. But it wasn't the first licensing deal they had. And in 70s AMD was just cloning Intel's stuff.
This is just a reminder that the status quo we have today, with 2 companies with their own products, is a fairly new one.
So the short answer for
"Can you imagine how much better and cheaper these products would be if both companies had been equal competitors all this time?"
is: there would most likely be no AMD today. :)

Some?!
Losing fabs and money was one of their decisions. They wanted to be like Apple - just designing stuff, innovating.
But earlier they had the manufacturing, they had the tech, they had a client base. They had everything.

15 years ago I just loved AMD. Everyone did. We were not fanboys in modern meaning (as in: blind Intel haters), but we believed in this company.
When they bought ATI, people were like "WOW - they'll make a closed PC ecosystem! Or a console!". This was an amazing idea! But nothing like that happened.

10 years later people still highlight the advantage AMD has - making both high-end CPUs and GPUs - but these are just parts. You make a CPU and a GPU and you can sell them for $100 each. But if you add a cheap mobo and a plastic case, you can charge $400 for the whole set.
People also like to say that AMD makes chips for most consoles. But if they decided to make their own console in 2007, they would most likely take the second place behind Sony PS (while still making GPUs for them as well :)).
AMDs total revenue (so GPU+CPU) for 2016 was 4.3 bln USD. Cute.
PlayStation revenue was 14.7 bln USD.
XBOX revenue is not official, but should be around 5-6 bln USD.

So effectively, in the end, the best move they did (buying ATI) became their worse one.

AMD was not the underdog to Intel. Intel basically owned them and supported their development. But they let them lose and suddenly it was too late. AMD learned a lot, quickly became the second-largest CPU manufacturer and now regulators won't agree on a takeover (just the GPU part is another story :)).
Think about it next time you'll have the idea that government is on Intel's side and is slowing AMD down. :p
As fine an example of Your type of post as could be made in an odd thread for it , i thank you for the chuckles ,is that All fact or your opinion? No dont reply im not interested at all in this off topic stuff and cannot be bothered writing an essay.
Posted on Reply
#137
EarthDog
I thought they know what that issue was already?
Posted on Reply
#138
R0H1T
"EarthDog said:
I thought they know what that issue was already?
Was it?

Like I speculated earlier, this was known well before the KAISER (now kpti) patch & might possibly have been exploited in the wild. The BK Intel share selloff seems even more dubious now!
Posted on Reply
#139
evernessince
"Assimilator said:
OMG IT'S A CONSPIRACY!!!!!!11111111oneoneone

No, it's not. There is no guarantee that AMD CPUs are immune to this flaw, other than a claim from an AMD employee. That points to one of two scenarios:

a) Linux kernel devs have done their own testing and determined that AMD CPUs are, in fact, vulnerable (perhaps not in the same way as Intel's)
b) Linux kernel devs are simply being paranoid/prudent considering the severity of this issue, and will disable PTI for AMD CPUs in a subsequent release once they're certain AMD's chips are not vulnerable

There are literally zero valid reasons for anyone doing Linux kernel development to penalise AMD/prefer Intel; it would destroy their reputation. Similarly, if Intel was leaning on the kernel devs to do this, it would hurt their reputation.



Seriously? Where is your goddamn proof? You're shitposting in this thread like it's going out of style, claiming everyone and their mother are Intel fanboys, yet it's you who's throwing unverified accusations around like confetti.

Adults are talking. Sit down, and be quiet.
Dude, go troll somewhere else. There's a reason you left out the link to the Linux devs testing results, it's because they tested old AF AMD A8 APUs. They did not test Ryzen. Hell even the older AMD A8 APU was only vulnerable to one while all Intel processors are vulnerable to all 3.
Posted on Reply
#140
xorbe
I think you've misread what Assimilator wrote. He presented 2 possibilities, and was basically on point for what was known at the time.
Posted on Reply
#141
Assimilator
Okay, so the issue is actually that there are 2 separate issues: Meltdown, which is relatively trivial to exploit and only affects Intel CPUs due to a hardware flaw; and Spectre, which affects all CPUs, although being far more difficult to exploit. Presumably they got conflated somewhere along the line while the KAISER patches were being merged into the Linux kernel, leading to the Meltdown fix being applied to all x86 CPUs, but an additional kernel patch has now been accepted that disables PTI for AMD.

Intel's response to this is... well, bad. Terrible. S**tty. A lot of marketing handwaving and deflection, of the exact type I hate most, that uses a lot of words to say nothing, and certainly doesn't take responsibility. Given the seriousness of the issue, the fact that it can only be averted by a performance-crippling software patch or a (potentially performance-crippling) hardware redesign, they're looking down the barrel - but that doesn't excuse the fact that they aren't being mature about this.

What is most interesting to me is that according to the research, the Meltdown vulnerability has existed undetected for quite literally decades. I wonder how many three-letter government agencies have been exploiting it for all that time? And putting my conspiracy theorist hat on - I wonder if this is a backdoor that was purposefully built into Intel CPUs at the request of government agencies, similar to how various encryption algorithms were weakened/backdoored at the request of those same agencies?

Damn, this is biiig, and Intel's gonna bleed a lot before it's all over.
Posted on Reply
Add your own comment