Announcement

**markg85** · 14 August 2023, 08:34 AM

I fail to see why this is a bug at all and why it should be fixed in CPU microcde?

Isn't a div by 0 a programming error that should make an app crash?
To that same extend, shouldn't this be an app-side fix, not a CPU-side one?

Lastly, by having it on the cpu-side, doesn't that mask the error on the app-side?

**jonix** · 14 August 2023, 08:51 AM

Originally posted by markg85 View Post

I fail to see why this is a bug at all and why it should be fixed in CPU microcde?

Isn't a div by 0 a programming error that should make an app crash?
To that same extend, shouldn't this be an app-side fix, not a CPU-side one?

Lastly, by having it on the cpu-side, doesn't that mask the error on the app-side?

From what I could grasp on the original article discussion, the bug happens when the attacker process do the divide by 0 operation. This makes it possible to read the result from the last proper executed division. So even if your code don't have any divide by 0 operations you can be a victim of this. That is why the kernel needs to add this dummy 0/1 division, that way the last "proper executed division" will always be 0 and the attacker won't have anything.

Lastly, if your code have a division by 0 you still going to receive an error from the hardware, these notifications mechanisms are still present and unmodified.

**user556** · 14 August 2023, 08:54 AM

Originally posted by markg85 View Post

Isn't a div by 0 a programming error that should make an app crash?

It looks like the way it works is the malware itself performs the integer divide by zero to collect some leftover prior result from outside its context. ie: the supposedly invalid result is pulling stale data from special registers instead of giving back a zero or something.

**EphemeralEft** · 14 August 2023, 09:58 AM

Get your shit together, CPU designers.

**Adarion** · 14 August 2023, 10:13 AM

Well, nice that there doesn't seem to be much overhead for the mitigation.
More puzzling: OMG,Michael has a new photo. How long is that new picture of him up?

**baka0815** · 14 August 2023, 11:31 AM

Originally posted by EphemeralEft View Post

Get your shit together, CPU designers.

Well, they got - at least in this case. The bug is not present in Zen 2 and later.

**coder** · 14 August 2023, 12:13 PM

Originally posted by EphemeralEft View Post

Get your shit together, CPU designers.

Don't hate the players, hate the game.

Maybe the problem isn't the implementation as much as it's the ISA. If you look at the immense complexity, concurrency, prediction, and speculation inside of modern CPU cores, why do we still insist on adhering to the conceit of a serial ISA? Maybe, if more of the complexity in the hardware were exposed to software, some of it could be moved into the software. Compilers already have crude models of CPUs schedulers and execution resources, so why not make it explicit?

Yes, shifting the hardware/software contract to one that's lower-level that would result in more software bugs, but at least we might get more security, performance, and efficiency by doing so.

**nickbailuc** · 14 August 2023, 01:00 PM

are the AMD Inception microcode benchmarks still in the works, or they happened already and I totally missed it?

**Michael** · 14 August 2023, 02:20 PM

Originally posted by nickbailuc View Post

are the AMD Inception microcode benchmarks still in the works, or they happened already and I totally missed it?

Today or tomorrow....

Announcement

Linux Reworks AMD Zen 1 Divide-By-Zero Mitigation After Original Fix Inadequate

Linux Reworks AMD Zen 1 Divide-By-Zero Mitigation After Original Fix Inadequate

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment