Friday, January 12th 2018

AMD Confirms They are Affected by Spectre, too

The public disclosure on January 3rd that multiple research teams had discovered security issues related to how modern microprocessors handle speculative execution has brought to the forefront the constant vigilance needed to protect and secure data. These threats seek to circumvent the microprocessor architecture controls that preserve secure data.

At AMD, security is our top priority and we are continually working to ensure the safety of our users as new risks arise. As a part of that vigilance, I wanted to update the community on our actions to address the situation.
Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.
  • We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.
  • Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week. For the latest details, please see Microsoft's website.
  • Linux vendors are also rolling out patches across AMD products now.
GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.
  • While we believe that AMD's processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat. We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.
  • AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.
  • Linux vendors have begun to roll out OS patches for AMD systems, and we are working closely with Microsoft on the timing for distributing their patches. We are also engaging closely with the Linux community on development of "return trampoline" (Retpoline) software mitigations.
GPZ Variant 3 (Rogue Data Cache Load or Meltdown) is not applicable to AMD processors.
  • We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required.
There have also been questions about GPU architectures. AMD Radeon GPU architectures do not use speculative execution and thus are not susceptible to these threats.

We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop mitigation solutions to protect users from these latest security threats.

Mark Papermaster,
Senior Vice President and Chief Technology Officer
Add your own comment

44 Comments on AMD Confirms They are Affected by Spectre, too

#1
hellrazor
Is there anything on whether it's been fixed for the 12nm Ryzens yet?
Posted on Reply
#2
theoneandonlymrk
hellrazor said:
Is there anything on whether it's been fixed for the 12nm Ryzens yet?
Too close to shipping I would imagine , but if they can patch zen now with a microcode update i think they'll have it day one for those, they would likely require a bios update for support anyway with any upgrader keeping an older motherboard so they'll then get it too, x490 motherboards will likely need a day one bios too if it's really that close to launching.
Posted on Reply
#3
Devon68
I think I have been affected. Someone used this exploit and hacked my PC and is viewing porn from my PC.
On a serious note. I hope they fix it by ryzen 2 comes out. The exploit not the porn.
Posted on Reply
#4
PowerPC
So it's just Spectre, not Meltdown, in which case it's patchable through software?
Posted on Reply
#5
Vayra86
Great, clear communication. No details, but I still like it.
Posted on Reply
#6
TheLaughingMan
This looks like repeat information all over again, but clear breakdown is still useful with all the incorrect, incomplete, and out right wrong information that is still circulating.
Posted on Reply
#7
mcraygsx
If you are building a new PC, better let the dust settle down before you spend on CPU/MB. AMD CPU's are not affected by Meltdown while Spectre can be patched.
Posted on Reply
#8
R-T-B
PowerPC said:
So it's just Spectre, not Meltdown, in which case it's patchable through software?
Spectre both variants. Will require a microcode fix for complete coverage.
Posted on Reply
#9
Imsochobo
R-T-B said:
Spectre both variants. Will require a microcode fix for complete coverage.
They're not sure, but in theory it's a maybe.
no paper, no proof exist but they don't take any chances.

This is so far, we'll see as stuff gets out if AMD is completely transparent about this but it matches findings by third party so far
Posted on Reply
#10
R-T-B
Imsochobo said:
They're not sure, but in theory it's a maybe.
no paper, no proof exist but they don't take any chances.

This is so far, we'll see as stuff gets out if AMD is completely transparent about this but it matches findings by third party so far
AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.
Posted on Reply
#11
Vayra86
mcraygsx said:
If you are building a new PC, better let the dust settle down before you spend on CPU/MB. AMD CPU's are not affected by Meltdown while Spectre can be patched.
Depends on your use case, it seems thus far. For gaming, I'd not bother too much. I didnt :)
Posted on Reply
#13
PowerPC
R-T-B said:
Spectre both variants. Will require a microcode fix for complete coverage.
Then what's the deal with Spectre, if it can be patched with code? It's like any other vulnerability then. The big deal is Meltdown, not Spectre, which is the fault of the architecture. Most people are saying that AMD seems to be safe from that, so that still makes AMD the only big dog not affected by this. If all that's true, AMD is the only one to buy atm as far as I'm concerned.
Posted on Reply
#14
R-T-B
PowerPC said:
Then what's the deal with Spectre, if it can be patched with code? It's like any other vulnerability then. The big deal is Meltdown, not Spectre, which is the fault of the architecture. Most people are saying that AMD seems to be safe from that, so that still makes AMD the only big dog not affected by this. If all that's true, AMD is the only one to buy atm as far as I'm concerned.
They are both severe vulnerabilities, but meltdown is worse. Spectre however can't be exclusively patched in code, that is a myth.
Posted on Reply
#15
lexluthermiester
PowerPC said:
The big deal is Meltdown, not Spectre, which is the fault of the architecture.
That is a misunderstanding. You actually have that backwards. Meltdown can/is/has been solved with a software patch. Spectre is a fundamental vulnerability(not bug, flaw or defect) in a way that ALL CPU's which have certain features(which includes every CPU made by any company since the 90's) are susceptible to.
PowerPC said:
If all that's true, AMD is the only one to buy atm as far as I'm concerned.
That is unwise advice based on a misunderstanding. Meltdown has yet to proven an Intel exclusive vulnerability as it is still being researched. Spectre affects all CPU's in common use today. So people, like they need to anyway, should be extra careful where they gone on the internet and should get in the habit of disconnecting from the internet when they are not using it. However, these problem are no reason to change one's mind as to the platform to use for a given task set.

The general purchasing rules have not changed. If you want to game most of the time and money is no limitation, go Intel. If you do anything else, research concerning your particular needs about which platform will serve best is needed. If you need good performance on a budget, go AMD.
R-T-B said:
but meltdown is worse.
That is incorrect and a slight over-reaction. And you suggested this yourself;
R-T-B said:
Spectre however can't be exclusively patched in code
That is why Spectre is the worse problem. Some motherboard makers might not release bios patches for older equipment still in use, which is a potentially huge problem.

EDIT;
However, your general sentiment is correct. These problems are very serious if left unchecked.
The reality folks is this; If you want AMD, buy AMD. If you want Intel, buy Intel. If you want to get a nicer Android or Apple tablet or phone, then do so. These problems are bigger than usual, but they are none-the-less just but bumps in the road of technological progression. We create things that make life easier, more efficient or more fun and sometimes we find problems along the way that were not foreseen, or even foreseeable. We fix them, we move on.
EDIT2;
Grammar/spelling corrections. Good grief I need more sleep!
Posted on Reply
#16
eidairaman1
The Exiled Airman
lexluthermiester said:
That is a misunderstand. You actually have that backwards. Meltdown can/is/has been solve with a software patch. Spectre is a fundamental vulnerability(not bug, flaw or defect) in the way that ALL CPU's which have certain features(which includes every CPU made by any company since the 90's) are susceptible to.

That is unwise advice based on a misunderstanding. Meltdown has yet to proven an Intel exclusive vulnerability as it is still being researched. Spectre affects all CPU's in common use today. So people, like they need to anyway, should be extra careful where they gone on the internet and should get in the habit of disconnecting from the internet when they are not using it. However, these problem are no reason to change one's mind as to the platform to use for a given task set.

The general purchasing rules have not changed. If you want to game most of the time and money is no limitation, go Intel. If you do anything else, research concerning your particular needs about which platform will serve best is needed. If you need good performance on a budget, go AMD.

That is incorrect and a slight over-reaction. And you suggested this yourself;

That is why Spectre is the worse problem. Some motherboard makers might not release bios patches for older equipment still in use, which is a potentially huge problem.
Yup other than a forced upgrade
Posted on Reply
#17
R0H1T
Here's what Ars said ~
Now the bad news

The branch predictor version of Spectre, however, is a different story. Microsoft warns that protecting against this specific problem "has a performance impact," and, unlike the Meltdown fixes, this impact can be felt in a wider range of tasks.

There are a range of tools available to software and operating system developers. There are processor-level changes and a software-level change, and a mix of solutions may be needed. These new features also interact with other processor security features.

We have known since last week that Intel is going to release microcode updates that will change the processor behavior for this attack. With microcode updates, Intel has enabled three new features in its processors to control how branch prediction is handled. IBRS ("indirect branch restricted speculation") protects the kernel from branch prediction entries created by user mode applications; STIBP ("single thread indirect branch predictors") prevents one hyperthread on a core from using branch prediction entries created by the other thread on the core; IBPB ("indirect branch prediction barrier") provides a way to reset the branch predictor and clear its state.

AMD's response last week suggested that there was little need to do anything on systems using the company's processors. That turns out to be not quite true, and the company is said to be issuing microcode updates accordingly. On its current processors using its Zen core—Ryzen, Threadripper, and Epyc—new microcode provides equivalents to IPBP and STIBP. On prior generation processors using the Bulldozer family, microcode has added IBRS and IBPB.

Zen escapes (again)

Why no IBRS on Zen? AMD argues that Zen's new branch predictor isn't vulnerable to attack in the same way. Most branch predictors have their own special cache called a branch target buffer (BTB) that's used to record whether past branches were taken or not. BTBs on other chips (including older AMD parts, Intel chips, ARM's designs, and Apple's chips) don't record the precise addresses of each branch. Instead, just like the processor's cache, they have some mapping from memory addresses to slots in the BTB. Intel's Ivy Bridge and Haswell chips, for example, are measured at storing information about 4,096 branches, with each branch address mapping to one of four possible locations in the BTB.

This mapping means that a branch at one address can influence the behavior of a branch at a different address, just as long as that different address maps to the same set of four possible locations. In the Spectre attack, the BTB is primed by the attacker using addresses that correspond to (but do not exactly match with) a particular branch in the victim. When the victim then makes that branch, it uses the predictions set up by the attacker.

Zen's branch predictor, however, is a bit different. AMD says that its predictor always uses the full address of the branch; there's no flattening of multiple branch addresses onto one entry in the BTB. This means that the branch predictor can only be trained by using the victim's real branch address. This seems to be a product of good fortune; AMD switched to a different kind of branch predictor in Zen (like Samsung in its Exynos ARM processors, AMD is using simple neural network components called perceptrons), and the company happened to pick a design that was protected against this problem.

In conjunction with these hardware features, a software technique called "retpoline" has been devised. This uses the hardware "return" instruction to perform indirect branches, rather than a more traditional "jump" or "call" instruction. Return instructions aren't predicted using the branch predictor, so they aren't prone to influence in the same way. Instead, there are separate return buffers that are used to predict return instructions. Using retpoline thus turns a possibly predicted branch with a possibly poisoned prediction into an unpredicted return.

Using retpoline for sensitive branches doesn't work reliably on the latest (Broadwell or better) Intel processors, because those processors can, in fact, use the branch predictor instead of the return buffers. When returning from deep function nesting (function A calls function B calls function C calls function D...), the return buffers can be emptied. Broadwell-or-better don't give up in this scenario; they fall back on the BTB. This means that on Broadwell or better, even retpoline code can end up using the attacker-prepared BTB. Intel says that a microcode update will address this. Alternatively, there are ways to "refill" the return buffer.

Generally, operating systems can either turn on IBRS and use IBPB when switching between virtual machines or recompile everything with retpoline (and refill the buffer when necessary and hope that Intel produces a suitable microcode update). Because Microsoft can't depend on everything being rebuilt, Windows is using IBRS and IBPB when hardware permits; open source platforms are both investigating the use of retpoline and developing IBRS and IBPB solutions.

The broad pattern of performance overheads from these is similar to that for Meltdown: applications that don't use the kernel often don't see much difference, but applications that heavily depend on kernel functions show much higher overheads. Not only do they have to flush the TLB all the time, they're now also flushing the BTB, too. This is a big deal: Intel estimates that branches are predicted with an accuracy in the high 90s percent. Wiping out the BTB all the time is going to cut that prediction rate drastically.

The costs of IBRS and IBPB can be substantial, however. The TechSpot benchmarks referenced previously show results both with a system firmware (and microcode) update and without. The firmware update enables the kernel's IBRS and IBPB protection, allowing for a three-way comparison: Spectre + Meltdown protection, Meltdown protection only, and neither.

In regular desktop applications the overhead remained negligible, with games equally showing no meaningful difference in performance. But the storage benchmarks, which hammer the kernel with requests over and over, showed a substantial impact—sometimes as high as 40 percent.

The developers of DragonFly BSD are uncertain if the Spectre protection is even viable for their operating system. The performance decrease they're seeing from IBRS and IBPB protection are around 24 percent on Skylake systems and as much as 53 percent on Haswell.

RedHat reports that Meltdown and Spectre together have an impact of between negligible and 19 percent, again depending on the I/O load. Database workloads such as the TPC-C industry standard database benchmark and pgbench see performance decreases of between 8 and 19 percent. CPU-intensive workloads such as SPECcpu see only 2-5 percent decreases.
Posted on Reply
#18
R-T-B
lexluthermiester said:
That is incorrect and a slight over-reaction. And you suggested this yourself;
It's not incorrect from a perspective of an unpatched user/victims level of exploitability. That's what I was going for, but I failed to clarify. Indeed, from a general "how bad" perspective I'd dare say spectre is the bad one.
Posted on Reply
#19
lexluthermiester
R-T-B said:
It's not incorrect from a perspective of an unpatched user/victims level of exploitability.
Fair enough. That's a valid point.
R0H1T said:
Here's what Ars said ~
Excellent article which explains very well why these new vulnerabilities are both serious and completely unforeseeable. With Zen, AMD got lucky with part of the problem because of how they chose to implement certain forms of predictions.
Posted on Reply
#20
First Strike
Well, in this same case, you can't blame AMD too. As I have said, Spectre as a whole is a fundamental defect of speculative execution. No high performance CPU can be spared. I wouldn't be too suprised if Cannonlake (with Meltdown) and Pinnacle Ridge ship with those vulnerabilities. Icelake and Zen2 too, maybe. Unless some genius make some breakthroughs.

But ironically, AMD's statement proves only one thing: when you say there is "NEAR ZERO RISK", then there is. Have faith with Murphy.
Posted on Reply
#21
lexluthermiester
First Strike said:
As I have said, Spectre as a whole is a fundamental vulnerability of speculative execution.
Fixed.
Posted on Reply
#22
notb
PowerPC said:
Then what's the deal with Spectre, if it can be patched with code? It's like any other vulnerability then. The big deal is Meltdown, not Spectre, which is the fault of the architecture. Most people are saying that AMD seems to be safe from that, so that still makes AMD the only big dog not affected by this.
Actually Meltdown already got a quick fix - the one that takes away a lot of memory I/O potential. So from a performance stand point, it's now a question of optimizing and finding better workarounds - computers might regain some of the lost performance. As far as security goes, it's a closed case.

This makes Spectre the big deal, since it's still not fully fixed. A full solution will most likely need and OS update, a microcode fix and a BIOS upgrade. Now, OS update is fairly easy, since people tend to install them. Same goes for microcode, if it can be supplied by the OS. But BIOS is another thing, since most people won't know or care, so their PCs will remain vulnerable.

BTW: it's also slightly more complicated with Meltdown. Much like Spectre, it exploits a very popular feature that can be found in many CPUs. On this forum people concentrated on Intel - possibly since there are so many Intel haters. :) But Meltdown also affects some CPUs from ARM, IBM's Power Archicetecture (and System z) and PowerPC. So quite a lot of stuff.
Meltdown also affects a lot of consoles!

AMD could be safe because they are now using Samsung's architecture, which doesn't use this mechanism. But it uses different ones, that weren't in the scope of performed tests.
AMD is the only one to buy atm as far as I'm concerned.
If anything, it's exactly the opposite.
A) If AMD is not affected by anything similar to Meltdown (which we don't know yet), it's a tie on security front.
B) If AMD is affected by something similar, then it simply hasn't been found and fixed yet.
So if you assume P(B) = 0, then it's a tie on security front, so you still buy CPUs like before - based on other aspects.
But if P(B) > 0, then it's actually Intel who has the advantage.

In the end it seems obvious that security problems are be first found and (hopefully) fixed on the most popular products. Look at Google Project Zero: they tested some CPUs from Intel, ARM and AMD. They only found the Intel one to be affected. But ARM is also affected - they said it themselves, they've shown proof and a full list of affected chips. Project Zero simply didn't succeed in their attempt. And they didn't check IBM at all.

Truth be told: AMD is the last large CPU designer that didn't provide comprehensive research results on the matter - even for Spectre, which they confirmed to be affected to.
Posted on Reply
#23
biffzinker
Does anyone know if VIA CPU's are effected by Meltdown/Spectre?
Posted on Reply
#24
R-T-B
notb said:
If AMD is not affected by anything similar to Meltdown (which we don't know yet), it's a tie on security front.
I'm not really sure this premise rings true to me. Spectre affects darn near everyone. So it's a tie if AMD is immune to one thing (meltdown) but has the other (spectre) that everyone has?

That doesn't make any sense.

notb said:
AMD is the last large CPU designer that didn't provide comprehensive research results on the matter
Can you link an example of what you consider "comprehensive research results" from another manufacturer to use as an example?
Posted on Reply
#25
lexluthermiester
biffzinker said:
Does anyone know if VIA CPU's are effected by Meltdown/Spectre?
Not by Meltdown(AFAIK), but yes on Spectre.
Posted on Reply
Add your own comment