SWAPGS: Another Speculative Side Channel Vulnerability

[medi01]

Nice try.

Indeed:

Mitigations
As you know, for Spectre and Meltdown, there aren't too many mitigations that are built into hardware, and the industry still largely depends on software/firmware-level mitigations that negatively affect performance. Only the most recent processor models from AMD and Intel have hardware mitigations.

 

[jaggerwild]

Are you being facetious?

Did you not see the link, it goes to all AMD issue's........I'll post it again. AMD advertised there CPU overclocking but with the RGB Cooler there is no head room, unless you have subzero cooling you got took! Nune of that is a lie, post up your awesome overclocking?
https://www.amd.com/en/corporate/product-security

 

[R-T-B]

Indeed:

Did you miss Spectre too in that statement?

Both do indeed affect performance in mitigation. Unsure what you are taking issue with.

 

[medi01]

Did you miss Spectre too in that statement?

Are you pretending to be obtuse or is this for real?
The post clearly implies Meltdown affects AMD.

Spectre is to Meltdown, what scratching a car is to exploding a car.

 

[R-T-B]

Are you pretending to be obtuse or is this for real?
The post clearly implies Meltdown affects AMD.

It doesn't? I only read it as mentioning them due to being discovered in the same whitepaper.

Can a third party weigh in?

 

[Zareek]

Did you not see the link, it goes to all AMD issue's........I'll post it again. AMD advertised there CPU overclocking but with the RGB Cooler there is no head room, unless you have subzero cooling you got took! Nune of that is a lie, post up your awesome overclocking?
https://www.amd.com/en/corporate/product-security

I'm going to be nice because maybe you have been fed some very convincing false data by someone or someplace you really trust. The page you are linking says nothing about processors not hitting 4.6Mhz . I'm pretty sure AMD didn't release an x86 chip that ran at 4.6Mhz. AMD is however, selling the 3900X and it does boost to 4.6Ghz on a single core. As with all processors adequate cooling is required. Please link something legitimate if you've read otherwise.

The page you linked is a list of AMD's known and possible security issues. If you read it, the most recent entry states they do not believe the newest issue affects AMD processors in any way differently than Spectre did. AMD 3000 series has hardware Spectre mitigation built in, TPU states that here. We do know it affects all but the latest generations of Intel processors. Perhaps, if you think this is a black eye for AMD you should look at Intel's list of known security issues. Oh wait, they don't make it as easy to find a listing. That might be because it would be the size of the Library of Congress for just the past few years! If this is a black eye for AMD, it's a broken jaw for Intel. Then again since the security issues have piled up constantly for Intel since Spectre and Meltdown, at this point Intel wouldn't have a head left to hurt.

You might be just a bit confused about who is having security issues!

 

[Steevo]

It almost seems like some force is driving it.

After a year my CPU will need an upgrade just because it is patched like a stiff mummy and won't perform just because of these issues. Kinda win situation for manufacturers.

That force is greed, Intel designed chips with huge security holes to improve performance in order that their competition would be disadvantaged, while failing to disclose the security issues built into their logic hardware.


Imagine buying a sports car that calls the police if you operate it in the manner sold, except instead of police it unlocks its doors and starts for anyone, with your bank and other private data.

 

[R-T-B]

Oh wait, they don't make it as easy to find a listing.

They actually document their issues and fixes quite a bit better than AMD, in my experience.

That said it does not mean they have less issues. They do not, frankly. They have a lot on their security plate right now.

Intel designed chips with huge security holes to improve performance in order that their competition would be disadvantaged, while failing to disclose the security issues built into their logic hardware

I wish people would stop parroting that myth... The attacks are timing based, incredibly clever, and certainly not something Intel needed to "enhance performance."

Imagine buying a sports car that calls the police if you operate it in the manner sold, except instead of police it unlocks its doors and starts for anyone, with your bank and other private data.

Oh my god, that analogy is so... incorrect.

 

[Tomorrow]

They actually document their issues and fixes quite a bit better than AMD, in my experience.

Where? AMD link was posted earlier. Please post Intel's link if you say they document their issues better than AMD.

I wish people would stop parroting that myth... The attacks are timing based, incredibly clever, and certainly not something Intel needed to "enhance performance.

Yet they do lose performance every time one of these holes is patched. They may have not intentionally set out to disregard security to gain performance but they were negligent when designing their architectures and relying too heavily on speculative execution as a magic way to speed up operations.

 

[R-T-B]

Please post Intel's link if you say they document their issues better than AMD.

It's pretty well known in bios modding communities that they map their microcode to fixes. Good luck finding that with AMD.

If you want a rough similar page to what AMD provides, just google "intel processor security issues intel.com" and profit on the link straight from intel. I see no reason to hold hands.

Still, I will:

Newsroom Home

Intel Newsroom home page

newsroom.intel.com

https://newsroom.intel.com/microcode

they were negligent when designing their architectures and relying too heavily on speculative execution as a magic way to speed up operations.

Speculative execution is how all IPC increases are done today... so yeah. But there is no choice there. Literally the only chips that don't execute speculatively are ARM/MIPS or atom class cpus.

As for losing performance, that's what patching an on-silicon vulnerability does.

 

[Tomorrow]

Half a year out of date. Microcode PDF is more than a year old.

 

[medi01]

It doesn't? I only read it...

Yeah, if you "only read it" backwards, it doesn't.
Let us all read it backwards, shall we?

I wish people would stop parroting that myth... The attacks are timing based, incredibly clever, and...

The worst of them (Meltdown, among other things) only affects Intel.
And "fixing" that (not making assumptions about what will be where and when, because, wait for it, this increases IPC) also happens to hamper Intel's performance quite a bit.

What a coincidence.

That said it does not mean they have less issues.

This is like talking about someone arrested for murder and saying that "it doesn't mean ze has less issues" than someone arrested for a drunk brawl.

 

[R-T-B]

This is like talking about someone arrested for murder and saying...

Not really, no. That's insane hyperbole.

What a coincidence.

How any on-silicon software fix works, not a coincidence.

The worst of them (Meltdown, among other things) only affects Intel.

Intel is also by far the most researched, so yeah.

Yeah, if you "only read it" backwards, it doesn't.

I don't read backwards.