hellrazorIs there anything on whether it's been fixed for the 12nm Ryzens yet?

PowerPCSo it's just Spectre, not Meltdown, in which case it's patchable through software?

R-T-BSpectre both variants. Will require a microcode fix for complete coverage.

ImsochoboThey're not sure, but in theory it's a maybe.
no paper, no proof exist but they don't take any chances.

This is so far, we'll see as stuff gets out if AMD is completely transparent about this but it matches findings by third party so far

AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.

mcraygsxIf you are building a new PC, better let the dust settle down before you spend on CPU/MB. AMD CPU's are not affected by Meltdown while Spectre can be patched.

AMD Confirms They are Affected by Spectre

R-T-BSpectre both variants. Will require a microcode fix for complete coverage.

PowerPCThen what's the deal with Spectre, if it can be patched with code? It's like any other vulnerability then. The big deal is Meltdown, not Spectre, which is the fault of the architecture. Most people are saying that AMD seems to be safe from that, so that still makes AMD the only big dog not affected by this. If all that's true, AMD is the only one to buy atm as far as I'm concerned.

PowerPCThe big deal is Meltdown, not Spectre, which is the fault of the architecture.

PowerPCIf all that's true, AMD is the only one to buy atm as far as I'm concerned.

R-T-Bbut meltdown is worse.

R-T-BSpectre however can't be exclusively patched in code

lexluthermiesterThat is a misunderstand. You actually have that backwards. Meltdown can/is/has been solve with a software patch. Spectre is a fundamental vulnerability(not bug, flaw or defect) in the way that ALL CPU's which have certain features(which includes every CPU made by any company since the 90's) are susceptible to.

That is unwise advice based on a misunderstanding. Meltdown has yet to proven an Intel exclusive vulnerability as it is still being researched. Spectre affects all CPU's in common use today. So people, like they need to anyway, should be extra careful where they gone on the internet and should get in the habit of disconnecting from the internet when they are not using it. However, these problem are no reason to change one's mind as to the platform to use for a given task set.

The general purchasing rules have not changed. If you want to game most of the time and money is no limitation, go Intel. If you do anything else, research concerning your particular needs about which platform will serve best is needed. If you need good performance on a budget, go AMD.

That is incorrect and a slight over-reaction. And you suggested this yourself;

That is why Spectre is the worse problem. Some motherboard makers might not release bios patches for older equipment still in use, which is a potentially huge problem.

Now the bad news

The branch predictor version of Spectre, however, is a different story. Microsoft warns that protecting against this specific problem "has a performance impact," and, unlike the Meltdown fixes, this impact can be felt in a wider range of tasks.

There are a range of tools available to software and operating system developers. There are processor-level changes and a software-level change, and a mix of solutions may be needed. These new features also interact with other processor security features.

We have known since last week that Intel is going to release microcode updates that will change the processor behavior for this attack. With microcode updates, Intel has enabled three new features in its processors to control how branch prediction is handled. IBRS ("indirect branch restricted speculation") protects the kernel from branch prediction entries created by user mode applications; STIBP ("single thread indirect branch predictors") prevents one hyperthread on a core from using branch prediction entries created by the other thread on the core; IBPB ("indirect branch prediction barrier") provides a way to reset the branch predictor and clear its state.

AMD's response last week suggested that there was little need to do anything on systems using the company's processors. That turns out to be not quite true, and the company is said to be issuing microcode updates accordingly. On its current processors using its Zen core—Ryzen, Threadripper, and Epyc—new microcode provides equivalents to IPBP and STIBP. On prior generation processors using the Bulldozer family, microcode has added IBRS and IBPB.

Zen escapes (again)

Why no IBRS on Zen? AMD argues that Zen's new branch predictor isn't vulnerable to attack in the same way. Most branch predictors have their own special cache called a branch target buffer (BTB) that's used to record whether past branches were taken or not. BTBs on other chips (including older AMD parts, Intel chips, ARM's designs, and Apple's chips) don't record the precise addresses of each branch. Instead, just like the processor's cache, they have some mapping from memory addresses to slots in the BTB. Intel's Ivy Bridge and Haswell chips, for example, are measured at storing information about 4,096 branches, with each branch address mapping to one of four possible locations in the BTB.

This mapping means that a branch at one address can influence the behavior of a branch at a different address, just as long as that different address maps to the same set of four possible locations. In the Spectre attack, the BTB is primed by the attacker using addresses that correspond to (but do not exactly match with) a particular branch in the victim. When the victim then makes that branch, it uses the predictions set up by the attacker.

Zen's branch predictor, however, is a bit different. AMD says that its predictor always uses the full address of the branch; there's no flattening of multiple branch addresses onto one entry in the BTB. This means that the branch predictor can only be trained by using the victim's real branch address. This seems to be a product of good fortune; AMD switched to a different kind of branch predictor in Zen (like Samsung in its Exynos ARM processors, AMD is using simple neural network components called perceptrons), and the company happened to pick a design that was protected against this problem.

In conjunction with these hardware features, a software technique called "retpoline" has been devised. This uses the hardware "return" instruction to perform indirect branches, rather than a more traditional "jump" or "call" instruction. Return instructions aren't predicted using the branch predictor, so they aren't prone to influence in the same way. Instead, there are separate return buffers that are used to predict return instructions. Using retpoline thus turns a possibly predicted branch with a possibly poisoned prediction into an unpredicted return.

Using retpoline for sensitive branches doesn't work reliably on the latest (Broadwell or better) Intel processors, because those processors can, in fact, use the branch predictor instead of the return buffers. When returning from deep function nesting (function A calls function B calls function C calls function D...), the return buffers can be emptied. Broadwell-or-better don't give up in this scenario; they fall back on the BTB. This means that on Broadwell or better, even retpoline code can end up using the attacker-prepared BTB. Intel says that a microcode update will address this. Alternatively, there are ways to "refill" the return buffer.

Generally, operating systems can either turn on IBRS and use IBPB when switching between virtual machines or recompile everything with retpoline (and refill the buffer when necessary and hope that Intel produces a suitable microcode update). Because Microsoft can't depend on everything being rebuilt, Windows is using IBRS and IBPB when hardware permits; open source platforms are both investigating the use of retpoline and developing IBRS and IBPB solutions.

The broad pattern of performance overheads from these is similar to that for Meltdown: applications that don't use the kernel often don't see much difference, but applications that heavily depend on kernel functions show much higher overheads. Not only do they have to flush the TLB all the time, they're now also flushing the BTB, too. This is a big deal: Intel estimates that branches are predicted with an accuracy in the high 90s percent. Wiping out the BTB all the time is going to cut that prediction rate drastically.

The costs of IBRS and IBPB can be substantial, however. The TechSpot benchmarks referenced previously show results both with a system firmware (and microcode) update and without. The firmware update enables the kernel's IBRS and IBPB protection, allowing for a three-way comparison: Spectre + Meltdown protection, Meltdown protection only, and neither.

In regular desktop applications the overhead remained negligible, with games equally showing no meaningful difference in performance. But the storage benchmarks, which hammer the kernel with requests over and over, showed a substantial impact—sometimes as high as 40 percent.

The developers of DragonFly BSD are uncertain if the Spectre protection is even viable for their operating system. The performance decrease they're seeing from IBRS and IBPB protection are around 24 percent on Skylake systems and as much as 53 percent on Haswell.

RedHat reports that Meltdown and Spectre together have an impact of between negligible and 19 percent, again depending on the I/O load. Database workloads such as the TPC-C industry standard database benchmark and pgbench see performance decreases of between 8 and 19 percent. CPU-intensive workloads such as SPECcpu see only 2-5 percent decreases.

lexluthermiesterThat is incorrect and a slight over-reaction. And you suggested this yourself;

R-T-BIt's not incorrect from a perspective of an unpatched user/victims level of exploitability.

R0H1THere's what Ars said ~

First StrikeAs I have said, Spectre as a whole is a fundamental vulnerability of speculative execution.

PowerPCThen what's the deal with Spectre, if it can be patched with code? It's like any other vulnerability then. The big deal is Meltdown, not Spectre, which is the fault of the architecture. Most people are saying that AMD seems to be safe from that, so that still makes AMD the only big dog not affected by this.

AMD is the only one to buy atm as far as I'm concerned.

notbIf AMD is not affected by anything similar to Meltdown (which we don't know yet), it's a tie on security front.

notbAMD is the last large CPU designer that didn't provide comprehensive research results on the matter

biffzinkerDoes anyone know if VIA CPU's are effected by Meltdown/Spectre?