Announcement

Collapse
No announcement yet.

For Now At Least AMD CPUs Are Also Reported As "Insecure"

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Spooktra Your link shows that AMD CPUs are negatively affected by the current kernel patch. This doesn't necessarily mean they are vulnerable to the underlying issue.

    Comment


    • #12
      To make the Linux kernel better, it should be not developed by intel. Intel kernel developers are interested only of latest intel hardware. Older intel hardware and other vendors hardware are buggy according to intel kernel developers.

      Comment


      • #13
        Originally posted by Spooktra View Post
        I don't understand how anyone can claim that AMD's cpu's are unaffected:

        https://twitter.com/grsecurity/statu...39275460702208
        They are not affected by the Intel bug.
        But they are affected because the PTI is applied anyway even if it should not be.
        The way that the PTI patch is applied is sloppy, instead of only affected families every x86 CPU is treated as buggy.

        Comment


        • #14
          Originally posted by Spooktra View Post
          I don't understand how anyone can claim that AMD's cpu's are unaffected:

          https://twitter.com/grsecurity/statu...39275460702208
          What do you mean? that they take a performance hit with the Page Table Isolation enabled? or that there is a security risk also with the AMD CPU? Because for the last then I believe the same twitter message have some comments that kind of dispute that.

          Kind regards
          B.

          Comment


          • #15
            Originally posted by Spooktra View Post
            I don't understand how anyone can claim that AMD's cpu's are unaffected:
            https://twitter.com/grsecurity/statu...39275460702208
            They are unaffected by the bug. They are obviously still affected by the kernel patch since it currently doesn't care if the CPU is Intel or AMD.

            Comment


            • #16
              Originally posted by Spooktra View Post
              I don't understand how anyone can claim that AMD's cpu's are unaffected:

              https://twitter.com/grsecurity/statu...39275460702208
              Of course the CPU performance will be affected when running a PATCHED kernel. But AMD CPUs (supposedly) do not require a patch so it's irrelevant.

              Comment


              • #17
                Originally posted by Spooktra View Post
                I don't understand how anyone can claim that AMD's cpu's are unaffected:

                https://twitter.com/grsecurity/statu...39275460702208
                Here is what original code says:

                x86/cpufeatures: Add X86_BUG_CPU_INSECURE Many x86 CPUs leak information to user space due to missing isolation of user space and kernel space page tables. There are many well documented ways to exploit that. The upcoming software migitation of isolating the user and kernel space page tables needs a misfeature flag so code can be made runtime conditional. Add the BUG bits which indicates that the CPU is affected and add a feature bit which indicates that the software migitation is enabled. Assume for now that _ALL_ x86 CPUs are affected by this. Exceptions can be made later.
                You see, it is maded on assumpation that _ALL_ x86 CPUs are affected But they aren't, so couple weeks later AMD employe said, we are not affected and posted exception patch:

                AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.
                https://lkml.org/lkml/2017/12/27/2

                Basically that is like you are trying to run protection code that is not needed for you... maybe better to explain this as for example - if you trying to use medicaments for AIDS even when you don't have AIDS It is simple as that, if you are not ill you shouldn't take medicine even if you can, because it will fix nothing for you, instead you can only be slower or to get diarrhea
                Last edited by dungeon; 01-03-2018, 04:32 AM.

                Comment


                • #18
                  Originally posted by c2h5oh View Post
                  That patch is mentioned in the article, but curiously still not merged..
                  (Tinfoil hat on.)

                  It has to be accepted by Intel (Intel has a big amount of people working as kernel developers and maintainers.)

                  They will not be able to avoid this, of course. They will have to accept the patch. They'll probably just bitch about it for a while first, probably saying it's not a proper patch. They might try to delay the patch just enough for benchmarkers all over the world to post the results first, so that Intel CPUs are suddenly not slower than AMD ones.

                  Comment


                  • #19
                    Originally posted by curfew View Post
                    Of course the CPU performance will be affected when running a PATCHED kernel. But AMD CPUs (supposedly) do not require a patch so it's irrelevant.
                    Well not really irrelevant since it's not unimaginable that the unnecessary patch might still end up on AMD systems. Given the different memory architecture of AMD CPUs it would be interesting to see if the penalty is less than with Intel, given that most AMD CPUs are NUMA.

                    Comment


                    • #20
                      Originally posted by Brutalix View Post

                      What do you mean? that they take a performance hit with the Page Table Isolation enabled? or that there is a security risk also with the AMD CPU? Because for the last then I believe the same twitter message have some comments that kind of dispute that.

                      Kind regards
                      B.
                      I'm talking about the 50% performance hit.

                      Comment

                      Working...
                      X