Wednesday, January 3rd 2018
AMD Struggles to Be Excluded from Unwarranted Intel VT Flaw Kernel Patches
Intel is secretly firefighting a major hardware security vulnerability affecting its entire x86 processor lineup. The hardware-level vulnerability allows unauthorized memory access between two virtual machines (VMs) running on a physical machine, due to Intel's flawed implementation of its hardware-level virtualization instruction sets. OS kernel-level software patches to mitigate this vulnerability, come at huge performance costs that strike at the very economics of choosing Intel processors in large-scale datacenters and cloud-computing providers, over processors from AMD. Ryzen, Opteron, and EPYC processors are inherently immune to this vulnerability, yet the kernel patches seem to impact performance of both AMD and Intel processors.
Close inspection of kernel patches reveal code that forces machines running all x86 processors, Intel or AMD, to be patched, regardless of the fact that AMD processors are immune. Older commits to the Linux kernel git, which should feature the line "if (c->x86_vendor != X86_VENDOR_AMD)" (condition that the processor should be flagged "X86_BUG_CPU_INSECURE" only if it's not an AMD processor), have been replaced with the line "/* Assume for now that ALL x86 CPUs are insecure */" with no further accepted commits in the past 10 days. This shows that AMD's requests are being turned down by Kernel developers. Their intentions are questionable in the wake of proof that AMD processors are immune, given that patched software inflicts performance penalties on both Intel and AMD processors creating a crony "level playing field," even if the latter doesn't warrant a patch. Ideally, AMD should push to be excluded from this patch, and offer to demonstrate the invulnerability of its processors to Intel's mess.
Source:
Phoronix Forums
Close inspection of kernel patches reveal code that forces machines running all x86 processors, Intel or AMD, to be patched, regardless of the fact that AMD processors are immune. Older commits to the Linux kernel git, which should feature the line "if (c->x86_vendor != X86_VENDOR_AMD)" (condition that the processor should be flagged "X86_BUG_CPU_INSECURE" only if it's not an AMD processor), have been replaced with the line "/* Assume for now that ALL x86 CPUs are insecure */" with no further accepted commits in the past 10 days. This shows that AMD's requests are being turned down by Kernel developers. Their intentions are questionable in the wake of proof that AMD processors are immune, given that patched software inflicts performance penalties on both Intel and AMD processors creating a crony "level playing field," even if the latter doesn't warrant a patch. Ideally, AMD should push to be excluded from this patch, and offer to demonstrate the invulnerability of its processors to Intel's mess.
142 Comments on AMD Struggles to Be Excluded from Unwarranted Intel VT Flaw Kernel Patches
Karma is biatch
What is memory leak
This really pisses me off. It looks like Intel have used their power and influence to corrupt the open source scene to put AMD at the same disadvantage as them and thus stifle competition. They always seem to get away with these tactics too. Remember when AMD was first with a 64-bit x86 CPU way back around 2005, but Microsoft mysteriously held back the release of 64-bit Windows XP until Intel was ready with their own 64-bit CPUs over a year later? This totally nullified AMD's big advantage, thus stifling competition. So out of order. :nutkick:
Well here's proof read'em and weep.
EDIT:
Btw, wasn't it released that this flaw doesn't affect 6th series and below? Or was that for some other flaw? But I think it was like this, because I know I was releaved when I heard my 5820K wasn't affected back then...
Intel needs to work on the IME / security / rough testing of their CPU's before actually releasing. But they are actually taking the risc that CPU's might leave the factory with critical bugs. This reminds me being on a shared (hosting) server, with SSH you could simply inspect the unix TMP map and grab data from various users on the same server, where normally you woud'nt had any acces to. Accessing one VM from another VM instance is pretty much bad.
www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2
In others, none but it will be quite severe
www.reddit com/r/hardware/comments/7nngqd/intel_bug_incoming/
There is evidence of a massive Intel CPU hardware bug (currently under embargo) that directly affects big cloud providers like Amazon and Google. The fix will introduce notable performance penalties on Intel machines (30-35%).
People have noticed a recent development in the Linux kernel: a rather massive, important redesign (page table isolation) is being introduced very fast for kernel standards... and being backported! The "official" reason is to incorporate a mitigation called KASLR... which most security experts consider almost useless. There's also some unusual, suspicious stuff going on: the documentation is missing, some of the comments are redacted (
According to one of the people working on it, PTI is only needed for Intel CPUs, AMD is not affected by whatever it protects against (lkml.org/lkml/2017/12/27/2). PTI affects a core low-level feature (virtual memory) and has severe performance penalties: 29% for an i7-6700 and 34% for an i7-3770S, according to Brad Spengler from grsecurity. PTI is simply not active for AMD CPUs. The kernel flag is named X86_BUG_CPU_INSECURE and its description is "CPU is insecure and needs kernel page table isolation".
Microsoft has been silently working on a similar feature since November:
People are speculating on a possible massive Intel CPU hardware bug that directly opens up serious vulnerabilities on big cloud providers which offer shared hosting (several VMs on a single host), for example by letting a VM read from or write to another one.
EDIT1: the examples of the i7 series, are just examples. This affects all Intel platforms as far as I can tell.
no matter how big intel influence, is suicidal to treat all x86 cpu's as flawed....
P.S.
amd only need to ask their lawyers to send out compensation request letters which have 8-10 digit numbers and for sure nobody will have the balls ($) to do what intel "recommend"
#intelapologiststrikesagain
www.techpowerup.com/forums/threads/intel-secretly-firefighting-a-major-cpu-bug-affecting-datacenters.240174/page-2