Patch Tuesday Delivers Spectre Updates for AMD CPUs
We’ve discussed Intel’s fixes for Meltdown and Spectre many times over the past few months. AMD’s overall exposure to these specific flaws is known to be lower, but the smaller CPU manufacturer has taken more time to deliver certain fixes than Intel has. Today, solutions for AMD CPUs are also starting to roll out, courtesy of Microsoft’s Patch Tuesday.
First, a bit of primer. Variant 1 and Variant 2 apply to Spectre; the Variant 3 attack is classified as Meltdown and did not impact AMD CPUs. AMD has previously distributed patches for Variant 1 via Microsoft, but Variant 2 required a heavier lift for both Intel and AMD.
The update, KB4093112, contains a number of security fixes. Here’s the section relevant to AMD.
Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) within some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context (See AMD Architecture Guidelines around Indirect Branch Control and AMD Security Updates for more details). Follow instructions outlined in KB4073119 for Windows Client (IT Pro) guidance to enable usage of IBPB within some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.
AMD’s recommended fix for Spectre Variant 2 is to use its Indirect Branch Prediction Barrier (IBPB), described as follows:
This is a write only MSR that both GP faults when software reads it or if software tries to write any of the bits in 63:1. When bit zero is written, the processor guarantees that older indirect branches cannot influence predictions of indirect branches in the future. This applies to jmp indirects, call indirects and returns. As this restricts the processor from using all previous indirect branch information, it is intended to only be used by software when switching from one user context to another user context that requires protection, or from one guest to another guest.
Tech Report has done some quick spot checks on the performance impact of enabling these features and concluded the hit is less than 3 percent. AMD chips seem to be less impacted overall than Intel cores, though recent Intel chips took a relatively small hit in most workloads. The Variant 2 patch is available for motherboards dating back as far as the original Bulldozer in 2011; AMD has not stated if it will provide fixes for Phenom II or earlier cores. Like Intel, the company may have run into problems with motherboard manufacturer support.
As with Intel, just the Microsoft patch won’t fix this problem. You’ll also need a new UEFI or BIOS from your motherboard vendor. Keep an eye out for these updates; they’ll need to be applied for the patch to function. And the fun may just be starting — Spectre wasn’t one attack, or even two attacks. It represents an entire class of new attacks, all of which target the specific behavior of microprocessors to trick them into performing operations they shouldn’t. We could be cleaning up this mess for years to come.
Continue reading
Intel Launches AMD Radeon-Powered CPUs
Intel's new Radeon+Kaby Lake hybrid CPUs are headed for store shelves. Here's how the SKUs break down and what you need to know.
RISC-V Tiptoes Towards Mainstream With SiFive Dev Board, High-Performance CPU
RISC V continues to make inroads across the market, this time with a cheaper and more fully-featured test motherboard.
VIA Technologies, Zhaoxin Strengthen x86 CPU Development Ties
VIA and Zhaoxin are deepening their strategic partnership with additional IP transfers, intended to accelerate long-term product development.
What Does It Mean for the PC Market If Apple Makes the Fastest CPU?
Apple's M1 SoC could have a profound impact on the PC market. After 25 years, x86 may no longer be the highest-performing CPU architecture you can practically buy.