AMD Confirms They are Affected by Spectre, too

[lexluthermiester]

Does anyone know if VIA CPU's are effected by Meltdown/Spectre?

Not by Meltdown(AFAIK), but yes on Spectre.

 

[notb]

I'm not really sure this premise rings true to me. Spectre affects darn near everyone. So it's a tie if AMD is immune to one thing (meltdown) but has the other (spectre) that everyone has?

That doesn't make any sense.

I meant: if AMD is really immune to Meltdown, it's a tie. If they are not (i.e. a similar method custom-made for AMD would succeed), they're losing to Intel on security front.
I'll repeat it once again: most media coverage (and comments on PC forums) are based on Project Zero's results. PZ created a method that was successful for Intel, i.e. it made it practically possible to leak data from the memory. This method was unsuccessful for AMD and ARM.
What happened next is very interesting. ARM confirmed that they succeeded with an attack, are affected and are working on a fix. AMD didn't. However, AMD's response evolved from being immune to:
"We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required."

A lot of people commenting on this are wrong saying that out-of-order execution doesn't work on AMD. It does. AMD says they have countermeasures that make it much harder to exploit.
Here's the original text from Project Zero. Check it out.
https://meltdownattack.com/meltdown.pdf
Here's the interesting chapter. I've underlined the fun part.
"6.4 Limitations on ARM and AMD
We also tried to reproduce the Meltdown bug on several ARM and AMD CPUs. However, we did not manage to successfully leak kernel memory with the attack described in Section 5, neither on ARM nor on AMD. The reasons for this can be manifold. First of all, our implementation might simply be too slow and a more optimized version might succeed. For instance, a more shallow out-of-order execution pipeline could tip the race condition towards against the data leakage. Similarly, if the processor lacks certain features, e.g., no re-order buffer, our current implementation might not be able to leak data. However, for both ARM and AMD, the toy example as described in Section 3 works reliably, indicating that out-of-order execution generally occurs and instructions past illegal memory accesses are also performed."

Can you link an example of what you consider "comprehensive research results" from another manufacturer to use as an example?

Of course.
By far the best place to start is here:
https://www.intel.com/content/www/u...side-channel-analysis-and-intel-products.html
There's really a lot of stuff here which shows that most of the industry is really serious about this matter.
Intel's original whitepaper (fairly short one, but mentioning most important facts).
https://newsroom.intel.com/wp-conte...is-of-Speculative-Execution-Side-Channels.pdf
Following that, Intel posted list of CPUs affected and benchmarks.
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
https://newsroom.intel.com/editoria...tial-performance-data-results-client-systems/

Next ARM site:
https://developer.arm.com/support/security-update
A lot of information, a beautiful, very detailed whitepaper, full list of CPUs affected and so on. Very nice stuff from the Brits - as usual.

By comparison, AMD's response is just a joke. There's nothing on the front page:
http://www.amd.com/en
The text we are discussing in this topic (https://www.amd.com/en/corporate/speculative-execution?sf178974629=1) is so shallow and pointless, that the reader won't even know what the threats are about. Even the CVE codes aren't mentioned!
I will be called an AMD hater again, but only thing I've been saying (since Zen launch) is that AMD is putting too much weight on gaming (and crypto mining lately...), so the whole product lineup and marketing around it started to look weird. They're sacrificing the rest of clients (including enterprise segment). A fast CPU is not enough!
The way they approached Spectre and Meltdown is another sign I'm right.

Look how outdated their EPYC website is.
http://www.amd.com/en/products/epyc
The latest news are from November. No mention of any Spectre problems.

 

[Vya Domus]

The public disclosure on January 3rd that multiple research teams had discovered security issues related to how modern microprocessors handle speculative execution has brought to the forefront the constant vigilance needed to protect and secure data. These threats seek to circumvent the microprocessor architecture controls that preserve secure data.

Out of order and speculative execution was a ticking bomb from the very beginning when it became a widespread capability of CPUs in the 90s. It's astonishing how little thought was put into this lingering issue from all these major CPU manufacturers.

 

[iO]

Meltdown also affects a lot of consoles!

Wat? Intels last console was the original XBOX... Maybe Spectre but that isnt really a security concern for users but for Sony or MS as it could potentially serve for a jailbreak.

AMD could be safe because they are now using Samsung's architecture

TIL Zen is actually based on Samsungs Exynos........

 

[notb]

Wat? Intels last console was the original XBOX...

Unbelievable. How many times does it have to be repeated that issue behind Meltdown is not Intel-exclusive?
ARM is also vulnerable (Nintendo Switch). Same is true (most likely / still somehow unofficially) for the IBM Power architecture (e.g. Xbox 360, Wii, PS3).

Maybe Spectre but that isnt really a security concern for users but for Sony or MS as it could potentially serve for a jailbreak.

Isn't it? Are you aware how people use consoles nowadays? Web browsers? Credit card information?
Console is a slightly limited PC. It has the same security problems.
Pff... even most modern TVs offer a web browser (and use an ARM chip).

TIL Zen is actually based on Samsungs Exynos........

Yup. That's where power efficiency comes from... and the issues with high frequency... and potentially why they work best with Samsung RAM .

 

[iO]

Unbelievable. How many times does it have to be repeated that issue behind Meltdown is not Intel-exclusive?
ARM is also vulnerable (Nintendo Switch). Same is true (most likely / still somehow unofficially) for the IBM Power architecture (e.g. Xbox 360, Wii, PS3).

Isn't it? Are you aware how people use consoles nowadays? Web browsers? Credit card information?
Console is a slightly limited PC. It has the same security problems.
Pff... even most modern TVs offer a web browser (and use an ARM chip).

Yup. That's where power efficiency comes from... and the issues with high frequency... and potentially why they work best with Samsung RAM .

Well, OK, I thought it was Intel specific, turns out some ARM cores and Power7/8 are also Meltdown affected...

While I couldnt find something clear, most consoles seem to be Power5 or 6 based which isnt affected just like the current AMD consoles
And Nintendos Switch shouldnt be vulnerable too as its using a TX1. http://nvidia.custhelp.com/app/answers/detail/a_id/4616

Yup. That's where power efficiency comes from... and the issues with high frequency... and potentially why they work best with Samsung RAM .

Do you have some reliable sources about that? Sounds a lot like fiction...

 

[Vya Domus]

While I couldnt find something clear, most consoles seem to be Power5 or 6 based which isnt affected just like the current AMD consoles

PS3/X360 are PowerPC , PS3/XOne and so fourth are x86 and basically guaranteed to be affected by similar issues.

Design

• 32 KiB instruction + 32 KiB data L1 cache per core, L1 cache includes parity error detection
• 16-way, 1-2 MiB unified L2 cache shared by two or four cores, L2 cache is protected from errors by the use of error correcting code
• Out-of-order execution and speculative execution <-------
• Integrated memory controller
• Two-way integer execution
• Two-way 128-bit wide floating-point and packed integer execution
• Integer hardware divider
• Consumer processors support two DDR3L DIMMs in one channel at frequencies up to 1600 MHz[3]
• Server processors support two DDR3 DIMMS in one channel at frequencies up to 1600 MHz with ECC[4]
• As a SoC (not just an APU) it integrates Fusion controller hub
• Jaguar does not feature clustered multi-thread (CMT), meaning that execution resources are not shared between cores

And Nintendos Switch shouldnt be vulnerable too as its using a TX1.

The Switch uses A57 cores which are just as vulnerable as their other cores , at least according to ARM themselves.

 

[notb]

Do you have some reliable sources about that? Sounds a lot like fiction...

Nope. But do we have any reliable source on why Samsung B-die are so good with Ryzen?

 

[iO]

PS3/X360 are PowerPC , PS3/XOne and so fourth are x86 and basically guaranteed to be affected by similar issues.
...

Old gen consoles are based on older and (persumably not) vulnerable Power architectures. But ofc Spectre still affects all CPUs

The Switch uses A57 cores which are just as vulnerable as their other cores , at least according to ARM themselves.

Cant be that bad:

Variant 3a

For Cortex-A15, Cortex-A57, and Cortex-A72:

• In general, it is not believed that software mitigations for this issue are necessary. Please download the Cache Speculation Side-channels whitepaper for more details.

Nope. But do we have any reliable source on why Samsung B-die are so good with Ryzen?

Wow that is quite a stretch.

 

[notb]

Old gen consoles are based on older and (persumably not) vulnerable Power architectures. But ofc Spectre still affects all CPUs

I'd call Pegasus "old". PS3 is 1.5 generation old.

People tend to use consoles for a long time for multiple reasons. For example: unlike with PCs, you can't always use your games in the next one.
Also, many console gamers are not as hardcore as PC ones. Many of them casually play the same 5 games for a decade.

In 2016 PS3 and Xbox360 still had 10% of market share in console games revenue. I don't have any data for number of games sold or number of consoles in use. I think it's safe to assume that older games are cheaper and older console owners generally buy a lot less titles than those with latest models. Hence, the actual percentage of these 2 consoles in use should by much higher.

Wow that is quite a stretch.

Well... it's just a hypothesis without a proof. But there are signs. And it's not like I'm risking anything, while there is a nice prize possible: a huge "I told you so" on TPU.

Some time ago I got the feeling that Intel might want to buy AMD GPU part. They need it, they can afford it. some weird roadmap moves suggested a change of strategy. Sadly, Intel can't buy the CPU part (monopoly) and it's unlikely the CPU part itself would survive, since console sales are so important (and they need both CPU and GPU for that).
So this was just a guess - not really possible in AMD situation at that point.

Then we got some leaks about Intel CPU with AMD IGP. Then Koduri switched the companies right after Vega launch. Notice how quiet he is now - a guy that just few months ago was the most publicly active person in the industry. I never liked him - I don't care that much, but clearly he is busy right now. Then the Intel + Vega chip became a very lovely reality. (*)
In the meantime I've changed my opinion about AMD future from "selling Radeon" to "total collapse". And look... there's a potential buyer for the CPU part as well.
So if a 3-way deal was finalized, there would be no problem with anti-monopoly regulator. Intel Vega and Samsung Ryzen - in stores in 2019. :-D

 

[TheGuruStud]

I'm not really sure this premise rings true to me. Spectre affects darn near everyone. So it's a tie if AMD is immune to one thing (meltdown) but has the other (spectre) that everyone has?

That doesn't make any sense.



Can you link an example of what you consider "comprehensive research results" from another manufacturer to use as an example?

Intel shills are out in force, ignore them. They're all over the internet trying to equate intel and AMD on this (especially meltdown b/c they're panicing over the massive perf impact in datacenters).

Everything is fine, nothing to see here.

 

[ssdpro]

Gee, what a shock.

Exactly - after a week of AMD trolls pumping how great AMD handled this it just turns out they were lying. It was found out quicker than I thought though. Companies that look short term like that will always struggle. Intel took the lumps, the trolling, the dramatic articles and will continue on strong. Look at the last 3 months: AMD stock down 2 bucks from 14.26 to 12. Intel up from 39 to 43. Intel, full of greatness and full of faults, plays the long game.

 

[Vya Domus]

Oh boy , the cringe...

 

[R-T-B]

I meant: if AMD is really immune to Meltdown, it's a tie. If they are not (i.e. a similar method custom-made for AMD would succeed), they're losing to Intel on security front.

That's the premise I disagree with.

Thanks for the examples though, I appreciate it. I hadn't read those yet.

Nope. But do we have any reliable source on why Samsung B-die are so good with Ryzen?

Probably that's they've always been the best clocking ram for tight timings, and will accept damn near any timing the firmware configures.

Do you have some reliable sources about that? Sounds a lot like fiction...

Complete fiction. The only similarity I am aware of is in the branch predictor, where they both use perceptrons. This is like saying that an orange and a potato are the same because they are both things that grow.

 

[lexluthermiester]

It's astonishing how little thought was put into this lingering issue from all these major CPU manufacturers.

That is because no one expected or even envisioned that such mechanisms could ever be exploited in such ways. These vulnerabilities are very complicated, which is why there is so very much misunderstanding surrounding them.

Intel shills are out in force, ignore them. They're all over the internet trying to equate intel and AMD on this

Or, you are assuming that perhaps no one is being objective and looking at the facts of the research which are evolving as the research continues. No, it couldn't be that, could it?

Exactly - after a week of AMD trolls pumping how great AMD handled this it just turns out they were lying.

They didn't lie at all. They said almost nothing. That's not lying..

 

[Xuper]

I bet those are looking for another meltdown on AMD CPU.

 

[jigar2speed]

The main question is how much performance impact user should expect ?

 

[john_]

There is much confusion online about Spectre and Meltdown. With Spectre having two variants and AMD admitting that it's chips are affected from both, there are articles online where their authors confuse that "both variants of Spectre" with "both Spectre and Meltdown". I was looking at an article a few hours ago saying that AMD CPUs are affected from both Spectre and Meltdown. Many with limited or no knowledge about PCs will end up thinking that having an AMD CPU is in fact worst than having an Intel CPU, because Intel has already "fixed" the problem with patches.

 

[iO]

The main question is how much performance impact user should expect ?

Quite a bit in a worst case for a 2500k:


And up to 40% random 4k R/W performance for SSDs.
https://www.computerbase.de/2018-01...s-battlefront-2-1920-1080-intel-core-i5-2500k

 

[cyneater]

Quite a bit in a worst case for a 2500k:
View attachment 95937

And up to 40% random 4k R/W performance for SSDs.
https://www.computerbase.de/2018-01...s-battlefront-2-1920-1080-intel-core-i5-2500k

Anyone else thinking conspiracy....

So with CPU ram mother board and graphics cards prices being at a all time high.

Now this bug? ERROR comes out after someone knew for 10 years....

Now all we need is the malware / virus that attacks people.
Total screws windows 7 systems, older OS X
Have to have the latest Iphone / smart phones etc.
Pretty much makes so windows 10 and latest OS X are the only ways you will be safe....