Announcement

Collapse
No announcement yet.

For Now At Least AMD CPUs Are Also Reported As "Insecure"

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • For Now At Least AMD CPUs Are Also Reported As "Insecure"

    Phoronix: For Now At Least AMD CPUs Are Also Reported As "Insecure"

    Right now with the big mysterious security vulnerability causing the rush of the x86 Page Table Isolation work that landed in the Linux kernel days ago, it's believed to be a problem only affecting Intel CPUs. But at least for now the mainline kernel is still treating AMD CPUs as "insecure" and is too taking a performance hit...

    http://www.phoronix.com/scan.php?pag...inux-4.15-Test

  • #2
    Apparently this patch from Dec says otherwise. https://lkml.org/lkml/2017/12/27/2

    Comment


    • #3
      I wonder why the AMD patch hasn't been accepted yet.

      I hope it gets in before 4.15 is released.

      Comment


      • #4
        That patch is mentioned in the article, but curiously still not merged..

        Comment


        • #5
          Originally posted by phoronix View Post
          for now the AMD CPU is still treated with a bug of "insecure_cpu."
          It should be cpu_insecure.

          Comment


          • #6
            Originally posted by c2h5oh View Post
            That patch is mentioned in the article, but curiously still not merged..
            Probably because it's not a proper patch. You should never assume CPU features based on a vendor sting. However, a proper patch should happen before 4.15 is out.

            Comment


            • #7
              Not only 4.15, but as i see even stable (and next longterm) 4.14.11 kernel now include that flag all x86 cpu_insecure
              Last edited by dungeon; 01-02-2018, 11:09 PM.

              Comment


              • #8
                Originally posted by eydee View Post

                Probably because it's not a proper patch. You should never assume CPU features based on a vendor sting. However, a proper patch should happen before 4.15 is out.
                What would the proper method be?

                If no previous AMD CPU is vulnerable, then checking for AMD seems logical, provided AMD has no plans of releasing a vulnerable CPU in the future.

                I guess the alternative would be to explicitly check for literally every AMD CPU ID.

                Comment


                • #9
                  Originally posted by eydee View Post

                  Probably because it's not a proper patch. You should never assume CPU features based on a vendor sting. However, a proper patch should happen before 4.15 is out.
                  I think one should assume AMD knows its architecture better than the Linux Kernel developers outside of AMD's own and that the flaw is an Intel problem. Intel doesn't want that to be so because it will bury them in all sorts of legal crap, on top of lost contracts for new hardware purchases.

                  Comment


                  • #10
                    I don't understand how anyone can claim that AMD's cpu's are unaffected:

                    https://twitter.com/grsecurity/statu...39275460702208

                    Comment

                    Working...
                    X