• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

AMD Confirms They are Affected by Spectre, too

Raevenlord

News Editor
Joined
Aug 12, 2016
Messages
3,755 (1.24/day)
Location
Portugal
System Name The Ryzening
Processor AMD Ryzen 9 5900X
Motherboard MSI X570 MAG TOMAHAWK
Cooling Lian Li Galahad 360mm AIO
Memory 32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s) Gigabyte RTX 3070 Ti
Storage Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s) Acer Nitro VG270UP (1440p 144 Hz IPS)
Case Lian Li O11DX Dynamic White
Audio Device(s) iFi Audio Zen DAC
Power Supply Seasonic Focus+ 750 W
Mouse Cooler Master Masterkeys Lite L
Keyboard Cooler Master Masterkeys Lite L
Software Windows 10 x64
The public disclosure on January 3rd that multiple research teams had discovered security issues related to how modern microprocessors handle speculative execution has brought to the forefront the constant vigilance needed to protect and secure data. These threats seek to circumvent the microprocessor architecture controls that preserve secure data.

At AMD, security is our top priority and we are continually working to ensure the safety of our users as new risks arise. As a part of that vigilance, I wanted to update the community on our actions to address the situation.





Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.
  • We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.
  • Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week. For the latest details, please see Microsoft's website.
  • Linux vendors are also rolling out patches across AMD products now.

GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.
  • While we believe that AMD's processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat. We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.
  • AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.
  • Linux vendors have begun to roll out OS patches for AMD systems, and we are working closely with Microsoft on the timing for distributing their patches. We are also engaging closely with the Linux community on development of "return trampoline" (Retpoline) software mitigations.

GPZ Variant 3 (Rogue Data Cache Load or Meltdown) is not applicable to AMD processors.
  • We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required.

There have also been questions about GPU architectures. AMD Radeon GPU architectures do not use speculative execution and thus are not susceptible to these threats.

We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop mitigation solutions to protect users from these latest security threats.

Mark Papermaster,
Senior Vice President and Chief Technology Officer


View at TechPowerUp Main Site
 
Joined
Feb 18, 2010
Messages
1,850 (0.34/day)
System Name Eldritch
Processor AMD Ryzen 5 5800X3D
Motherboard ASUS TUF X570 Pro Wifi
Cooling Satan's butthole after going to Taco Bell
Memory 64 GB G.Skill TridentZ
Video Card(s) Vega 56
Storage 6*8TB Western Digital Blues in RAID 6, 2*512 GB Samsung 960 Pros
Display(s) Acer CB281HK
Case Phanteks Enthoo Pro PH-ES614P_BK
Audio Device(s) ASUS Xonar DX
Power Supply EVGA Supernova 750 G2
Mouse Razer Viper 8K
Software Debian Bullseye
Is there anything on whether it's been fixed for the 12nm Ryzens yet?
 
Joined
Mar 10, 2010
Messages
11,878 (2.21/day)
Location
Manchester uk
System Name RyzenGtEvo/ Asus strix scar II
Processor Amd R5 5900X/ Intel 8750H
Motherboard Crosshair hero8 impact/Asus
Cooling 360EK extreme rad+ 360$EK slim all push, cpu ek suprim Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 16Gb in four sticks./16Gb/16GB
Video Card(s) Powercolour RX7900XT Reference/Rtx 2060
Storage Silicon power 2TB nvme/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd/1Tb nvme
Display(s) Samsung UAE28"850R 4k freesync.dell shiter
Case Lianli 011 dynamic/strix scar2
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi/Asus stock
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Aimo 120
VR HMD Oculus rift
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
Is there anything on whether it's been fixed for the 12nm Ryzens yet?
Too close to shipping I would imagine , but if they can patch zen now with a microcode update i think they'll have it day one for those, they would likely require a bios update for support anyway with any upgrader keeping an older motherboard so they'll then get it too, x490 motherboards will likely need a day one bios too if it's really that close to launching.
 
Joined
Jan 25, 2014
Messages
2,092 (0.53/day)
System Name Ryzen 2023
Processor AMD Ryzen 7 7700
Motherboard Asrock B650E Steel Legend Wifi
Cooling Noctua NH-D15
Memory G Skill Flare X5 2x16gb cl32@6000 MHz
Video Card(s) Sapphire Radeon RX 6950 XT Nitro + gaming Oc
Storage WESTERN DIGITAL 1TB 64MB 7k SATA600 Blue WD10EZEX, WD Black SN850X 1Tb nvme
Display(s) LG 27GP850P-B
Case Corsair 5000D airflow tempered glass
Power Supply Seasonic Prime GX-850W
Mouse A4Tech V7M bloody
Keyboard Genius KB-G255
Software Windows 10 64bit
I think I have been affected. Someone used this exploit and hacked my PC and is viewing porn from my PC.
On a serious note. I hope they fix it by ryzen 2 comes out. The exploit not the porn.
 
Joined
Sep 17, 2014
Messages
22,442 (6.03/day)
Location
The Washing Machine
Processor 7800X3D
Motherboard MSI MAG Mortar b650m wifi
Cooling Thermalright Peerless Assassin
Memory 32GB Corsair Vengeance 30CL6000
Video Card(s) ASRock RX7900XT Phantom Gaming
Storage Lexar NM790 4TB + Samsung 850 EVO 1TB + Samsung 980 1TB + Crucial BX100 250GB
Display(s) Gigabyte G34QWC (3440x1440)
Case Lian Li A3 mATX White
Audio Device(s) Harman Kardon AVR137 + 2.1
Power Supply EVGA Supernova G2 750W
Mouse Steelseries Aerox 5
Keyboard Lenovo Thinkpad Trackpoint II
Software W11 IoT Enterprise LTSC
Benchmark Scores Over 9000
Great, clear communication. No details, but I still like it.
 
Joined
May 7, 2009
Messages
5,392 (0.95/day)
Location
Carrollton, GA
System Name ODIN
Processor AMD Ryzen 7 5800X
Motherboard Gigabyte B550 Aorus Elite AX V2
Cooling Dark Rock 4
Memory G Skill RipjawsV F4 3600 Mhz C16
Video Card(s) MSI GeForce RTX 3080 Ventus 3X OC LHR
Storage Crucial 2 TB M.2 SSD :: WD Blue M.2 1TB SSD :: 1 TB WD Black VelociRaptor
Display(s) Dell S2716DG 27" 144 Hz G-SYNC
Case Fractal Meshify C
Audio Device(s) Onboard Audio
Power Supply Antec HCP 850 80+ Gold
Mouse Corsair M65
Keyboard Corsair K70 RGB Lux
Software Windows 10 Pro 64-bit
Benchmark Scores I don't benchmark.
This looks like repeat information all over again, but clear breakdown is still useful with all the incorrect, incomplete, and out right wrong information that is still circulating.
 
Joined
Jul 29, 2014
Messages
484 (0.13/day)
Location
Fort Sill, OK
Processor Intel 7700K 5.1Ghz (Intel advised me not to OC this CPU)
Motherboard Asus Maximus IX Code
Cooling Corsair Hydro H115i Platinum
Memory 48GB G.Skill TridentZ DDR4 3200 Dual Channel (2x16 & 2x8)
Video Card(s) nVIDIA Titan XP (Overclocks like a champ but stock performance is enough)
Storage Intel 760p 2280 2TB
Display(s) MSI Optix MPG27CQ Black 27" 1ms 144hz
Case Thermaltake View 71
Power Supply EVGA SuperNova 1000 Platinum2
Mouse Corsair M65 Pro (not recommded, I am on my second mouse with same defect)
Software Windows 10 Enterprise 1803
Benchmark Scores Yes I am Intel fanboy that is my benchmark score.
If you are building a new PC, better let the dust settle down before you spend on CPU/MB. AMD CPU's are not affected by Meltdown while Spectre can be patched.
 
Joined
Aug 20, 2007
Messages
21,467 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
So it's just Spectre, not Meltdown, in which case it's patchable through software?

Spectre both variants. Will require a microcode fix for complete coverage.
 
Joined
Feb 19, 2009
Messages
1,162 (0.20/day)
Location
I live in Norway
Processor R9 5800x3d | R7 3900X | 4800H | 2x Xeon gold 6142
Motherboard Asrock X570M | AB350M Pro 4 | Asus Tuf A15
Cooling Air | Air | duh laptop
Memory 64gb G.skill SniperX @3600 CL16 | 128gb | 32GB | 192gb
Video Card(s) RTX 4080 |Quadro P5000 | RTX2060M
Storage Many drives
Display(s) AW3423dwf.
Case Jonsbo D41
Power Supply Corsair RM850x
Mouse g502 Lightspeed
Keyboard G913 tkl
Software win11, proxmox
Spectre both variants. Will require a microcode fix for complete coverage.

They're not sure, but in theory it's a maybe.
no paper, no proof exist but they don't take any chances.

This is so far, we'll see as stuff gets out if AMD is completely transparent about this but it matches findings by third party so far
 
Joined
Aug 20, 2007
Messages
21,467 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
They're not sure, but in theory it's a maybe.
no paper, no proof exist but they don't take any chances.

This is so far, we'll see as stuff gets out if AMD is completely transparent about this but it matches findings by third party so far

AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.
 
Joined
Sep 17, 2014
Messages
22,442 (6.03/day)
Location
The Washing Machine
Processor 7800X3D
Motherboard MSI MAG Mortar b650m wifi
Cooling Thermalright Peerless Assassin
Memory 32GB Corsair Vengeance 30CL6000
Video Card(s) ASRock RX7900XT Phantom Gaming
Storage Lexar NM790 4TB + Samsung 850 EVO 1TB + Samsung 980 1TB + Crucial BX100 250GB
Display(s) Gigabyte G34QWC (3440x1440)
Case Lian Li A3 mATX White
Audio Device(s) Harman Kardon AVR137 + 2.1
Power Supply EVGA Supernova G2 750W
Mouse Steelseries Aerox 5
Keyboard Lenovo Thinkpad Trackpoint II
Software W11 IoT Enterprise LTSC
Benchmark Scores Over 9000
If you are building a new PC, better let the dust settle down before you spend on CPU/MB. AMD CPU's are not affected by Meltdown while Spectre can be patched.

Depends on your use case, it seems thus far. For gaming, I'd not bother too much. I didnt :)
 
Joined
Sep 11, 2015
Messages
624 (0.19/day)
Spectre both variants. Will require a microcode fix for complete coverage.
Then what's the deal with Spectre, if it can be patched with code? It's like any other vulnerability then. The big deal is Meltdown, not Spectre, which is the fault of the architecture. Most people are saying that AMD seems to be safe from that, so that still makes AMD the only big dog not affected by this. If all that's true, AMD is the only one to buy atm as far as I'm concerned.
 
Last edited:
Joined
Aug 20, 2007
Messages
21,467 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Then what's the deal with Spectre, if it can be patched with code? It's like any other vulnerability then. The big deal is Meltdown, not Spectre, which is the fault of the architecture. Most people are saying that AMD seems to be safe from that, so that still makes AMD the only big dog not affected by this. If all that's true, AMD is the only one to buy atm as far as I'm concerned.

They are both severe vulnerabilities, but meltdown is worse. Spectre however can't be exclusively patched in code, that is a myth.
 
Joined
Jul 5, 2013
Messages
27,781 (6.67/day)
The big deal is Meltdown, not Spectre, which is the fault of the architecture.
That is a misunderstanding. You actually have that backwards. Meltdown can/is/has been solved with a software patch. Spectre is a fundamental vulnerability(not bug, flaw or defect) in a way that ALL CPU's which have certain features(which includes every CPU made by any company since the 90's) are susceptible to.
If all that's true, AMD is the only one to buy atm as far as I'm concerned.
That is unwise advice based on a misunderstanding. Meltdown has yet to proven an Intel exclusive vulnerability as it is still being researched. Spectre affects all CPU's in common use today. So people, like they need to anyway, should be extra careful where they gone on the internet and should get in the habit of disconnecting from the internet when they are not using it. However, these problem are no reason to change one's mind as to the platform to use for a given task set.

The general purchasing rules have not changed. If you want to game most of the time and money is no limitation, go Intel. If you do anything else, research concerning your particular needs about which platform will serve best is needed. If you need good performance on a budget, go AMD.
but meltdown is worse.
That is incorrect and a slight over-reaction. And you suggested this yourself;
Spectre however can't be exclusively patched in code
That is why Spectre is the worse problem. Some motherboard makers might not release bios patches for older equipment still in use, which is a potentially huge problem.

EDIT;
However, your general sentiment is correct. These problems are very serious if left unchecked.
The reality folks is this; If you want AMD, buy AMD. If you want Intel, buy Intel. If you want to get a nicer Android or Apple tablet or phone, then do so. These problems are bigger than usual, but they are none-the-less just but bumps in the road of technological progression. We create things that make life easier, more efficient or more fun and sometimes we find problems along the way that were not foreseen, or even foreseeable. We fix them, we move on.
EDIT2;
Grammar/spelling corrections. Good grief I need more sleep!
 
Last edited:

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
42,170 (6.63/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
That is a misunderstand. You actually have that backwards. Meltdown can/is/has been solve with a software patch. Spectre is a fundamental vulnerability(not bug, flaw or defect) in the way that ALL CPU's which have certain features(which includes every CPU made by any company since the 90's) are susceptible to.

That is unwise advice based on a misunderstanding. Meltdown has yet to proven an Intel exclusive vulnerability as it is still being researched. Spectre affects all CPU's in common use today. So people, like they need to anyway, should be extra careful where they gone on the internet and should get in the habit of disconnecting from the internet when they are not using it. However, these problem are no reason to change one's mind as to the platform to use for a given task set.

The general purchasing rules have not changed. If you want to game most of the time and money is no limitation, go Intel. If you do anything else, research concerning your particular needs about which platform will serve best is needed. If you need good performance on a budget, go AMD.

That is incorrect and a slight over-reaction. And you suggested this yourself;

That is why Spectre is the worse problem. Some motherboard makers might not release bios patches for older equipment still in use, which is a potentially huge problem.

Yup other than a forced upgrade
 
Joined
Apr 12, 2013
Messages
7,529 (1.77/day)
Here's what Ars said ~
Now the bad news

The branch predictor version of Spectre, however, is a different story. Microsoft warns that protecting against this specific problem "has a performance impact," and, unlike the Meltdown fixes, this impact can be felt in a wider range of tasks.

There are a range of tools available to software and operating system developers. There are processor-level changes and a software-level change, and a mix of solutions may be needed. These new features also interact with other processor security features.

We have known since last week that Intel is going to release microcode updates that will change the processor behavior for this attack. With microcode updates, Intel has enabled three new features in its processors to control how branch prediction is handled. IBRS ("indirect branch restricted speculation") protects the kernel from branch prediction entries created by user mode applications; STIBP ("single thread indirect branch predictors") prevents one hyperthread on a core from using branch prediction entries created by the other thread on the core; IBPB ("indirect branch prediction barrier") provides a way to reset the branch predictor and clear its state.

AMD's response last week suggested that there was little need to do anything on systems using the company's processors. That turns out to be not quite true, and the company is said to be issuing microcode updates accordingly. On its current processors using its Zen core—Ryzen, Threadripper, and Epyc—new microcode provides equivalents to IPBP and STIBP. On prior generation processors using the Bulldozer family, microcode has added IBRS and IBPB.

Zen escapes (again)

Why no IBRS on Zen? AMD argues that Zen's new branch predictor isn't vulnerable to attack in the same way. Most branch predictors have their own special cache called a branch target buffer (BTB) that's used to record whether past branches were taken or not. BTBs on other chips (including older AMD parts, Intel chips, ARM's designs, and Apple's chips) don't record the precise addresses of each branch. Instead, just like the processor's cache, they have some mapping from memory addresses to slots in the BTB. Intel's Ivy Bridge and Haswell chips, for example, are measured at storing information about 4,096 branches, with each branch address mapping to one of four possible locations in the BTB.

This mapping means that a branch at one address can influence the behavior of a branch at a different address, just as long as that different address maps to the same set of four possible locations. In the Spectre attack, the BTB is primed by the attacker using addresses that correspond to (but do not exactly match with) a particular branch in the victim. When the victim then makes that branch, it uses the predictions set up by the attacker.

Zen's branch predictor, however, is a bit different. AMD says that its predictor always uses the full address of the branch; there's no flattening of multiple branch addresses onto one entry in the BTB. This means that the branch predictor can only be trained by using the victim's real branch address. This seems to be a product of good fortune; AMD switched to a different kind of branch predictor in Zen (like Samsung in its Exynos ARM processors, AMD is using simple neural network components called perceptrons), and the company happened to pick a design that was protected against this problem.

In conjunction with these hardware features, a software technique called "retpoline" has been devised. This uses the hardware "return" instruction to perform indirect branches, rather than a more traditional "jump" or "call" instruction. Return instructions aren't predicted using the branch predictor, so they aren't prone to influence in the same way. Instead, there are separate return buffers that are used to predict return instructions. Using retpoline thus turns a possibly predicted branch with a possibly poisoned prediction into an unpredicted return.

Using retpoline for sensitive branches doesn't work reliably on the latest (Broadwell or better) Intel processors, because those processors can, in fact, use the branch predictor instead of the return buffers. When returning from deep function nesting (function A calls function B calls function C calls function D...), the return buffers can be emptied. Broadwell-or-better don't give up in this scenario; they fall back on the BTB. This means that on Broadwell or better, even retpoline code can end up using the attacker-prepared BTB. Intel says that a microcode update will address this. Alternatively, there are ways to "refill" the return buffer.

Generally, operating systems can either turn on IBRS and use IBPB when switching between virtual machines or recompile everything with retpoline (and refill the buffer when necessary and hope that Intel produces a suitable microcode update). Because Microsoft can't depend on everything being rebuilt, Windows is using IBRS and IBPB when hardware permits; open source platforms are both investigating the use of retpoline and developing IBRS and IBPB solutions.

The broad pattern of performance overheads from these is similar to that for Meltdown: applications that don't use the kernel often don't see much difference, but applications that heavily depend on kernel functions show much higher overheads. Not only do they have to flush the TLB all the time, they're now also flushing the BTB, too. This is a big deal: Intel estimates that branches are predicted with an accuracy in the high 90s percent. Wiping out the BTB all the time is going to cut that prediction rate drastically.

The costs of IBRS and IBPB can be substantial, however. The TechSpot benchmarks referenced previously show results both with a system firmware (and microcode) update and without. The firmware update enables the kernel's IBRS and IBPB protection, allowing for a three-way comparison: Spectre + Meltdown protection, Meltdown protection only, and neither.

In regular desktop applications the overhead remained negligible, with games equally showing no meaningful difference in performance. But the storage benchmarks, which hammer the kernel with requests over and over, showed a substantial impact—sometimes as high as 40 percent.

The developers of DragonFly BSD are uncertain if the Spectre protection is even viable for their operating system. The performance decrease they're seeing from IBRS and IBPB protection are around 24 percent on Skylake systems and as much as 53 percent on Haswell.

RedHat reports that Meltdown and Spectre together have an impact of between negligible and 19 percent, again depending on the I/O load. Database workloads such as the TPC-C industry standard database benchmark and pgbench see performance decreases of between 8 and 19 percent. CPU-intensive workloads such as SPECcpu see only 2-5 percent decreases.
 
Joined
Aug 20, 2007
Messages
21,467 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
That is incorrect and a slight over-reaction. And you suggested this yourself;

It's not incorrect from a perspective of an unpatched user/victims level of exploitability. That's what I was going for, but I failed to clarify. Indeed, from a general "how bad" perspective I'd dare say spectre is the bad one.
 
Joined
Jul 5, 2013
Messages
27,781 (6.67/day)
It's not incorrect from a perspective of an unpatched user/victims level of exploitability.
Fair enough. That's a valid point.
Here's what Ars said ~
Excellent article which explains very well why these new vulnerabilities are both serious and completely unforeseeable. With Zen, AMD got lucky with part of the problem because of how they chose to implement certain forms of predictions.
 
Joined
Jun 12, 2017
Messages
136 (0.05/day)
Well, in this same case, you can't blame AMD too. As I have said, Spectre as a whole is a fundamental defect of speculative execution. No high performance CPU can be spared. I wouldn't be too suprised if Cannonlake (with Meltdown) and Pinnacle Ridge ship with those vulnerabilities. Icelake and Zen2 too, maybe. Unless some genius make some breakthroughs.

But ironically, AMD's statement proves only one thing: when you say there is "NEAR ZERO RISK", then there is. Have faith with Murphy.
 
Joined
Jun 28, 2016
Messages
3,595 (1.17/day)
Then what's the deal with Spectre, if it can be patched with code? It's like any other vulnerability then. The big deal is Meltdown, not Spectre, which is the fault of the architecture. Most people are saying that AMD seems to be safe from that, so that still makes AMD the only big dog not affected by this.
Actually Meltdown already got a quick fix - the one that takes away a lot of memory I/O potential. So from a performance stand point, it's now a question of optimizing and finding better workarounds - computers might regain some of the lost performance. As far as security goes, it's a closed case.

This makes Spectre the big deal, since it's still not fully fixed. A full solution will most likely need and OS update, a microcode fix and a BIOS upgrade. Now, OS update is fairly easy, since people tend to install them. Same goes for microcode, if it can be supplied by the OS. But BIOS is another thing, since most people won't know or care, so their PCs will remain vulnerable.

BTW: it's also slightly more complicated with Meltdown. Much like Spectre, it exploits a very popular feature that can be found in many CPUs. On this forum people concentrated on Intel - possibly since there are so many Intel haters. :) But Meltdown also affects some CPUs from ARM, IBM's Power Archicetecture (and System z) and PowerPC. So quite a lot of stuff.
Meltdown also affects a lot of consoles!

AMD could be safe because they are now using Samsung's architecture, which doesn't use this mechanism. But it uses different ones, that weren't in the scope of performed tests.

AMD is the only one to buy atm as far as I'm concerned.
If anything, it's exactly the opposite.
A) If AMD is not affected by anything similar to Meltdown (which we don't know yet), it's a tie on security front.
B) If AMD is affected by something similar, then it simply hasn't been found and fixed yet.
So if you assume P(B) = 0, then it's a tie on security front, so you still buy CPUs like before - based on other aspects.
But if P(B) > 0, then it's actually Intel who has the advantage.

In the end it seems obvious that security problems are be first found and (hopefully) fixed on the most popular products. Look at Google Project Zero: they tested some CPUs from Intel, ARM and AMD. They only found the Intel one to be affected. But ARM is also affected - they said it themselves, they've shown proof and a full list of affected chips. Project Zero simply didn't succeed in their attempt. And they didn't check IBM at all.

Truth be told: AMD is the last large CPU designer that didn't provide comprehensive research results on the matter - even for Spectre, which they confirmed to be affected to.
 
Joined
Mar 23, 2016
Messages
4,841 (1.53/day)
Processor Core i7-13700
Motherboard MSI Z790 Gaming Plus WiFi
Cooling Cooler Master RGB something
Memory Corsair DDR5-6000 small OC to 6200
Video Card(s) XFX Speedster SWFT309 AMD Radeon RX 6700 XT CORE Gaming
Storage 970 EVO NVMe M.2 500GB,,WD850N 2TB
Display(s) Samsung 28” 4K monitor
Case Phantek Eclipse P400S
Audio Device(s) EVGA NU Audio
Power Supply EVGA 850 BQ
Mouse Logitech G502 Hero
Keyboard Logitech G G413 Silver
Software Windows 11 Professional v23H2
Does anyone know if VIA CPU's are effected by Meltdown/Spectre?
 
Joined
Aug 20, 2007
Messages
21,467 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
If AMD is not affected by anything similar to Meltdown (which we don't know yet), it's a tie on security front.

I'm not really sure this premise rings true to me. Spectre affects darn near everyone. So it's a tie if AMD is immune to one thing (meltdown) but has the other (spectre) that everyone has?

That doesn't make any sense.

AMD is the last large CPU designer that didn't provide comprehensive research results on the matter

Can you link an example of what you consider "comprehensive research results" from another manufacturer to use as an example?
 
Top