For Now At Least AMD CPUs Are Also Reported As "Insecure"
Right now with the big mysterious security vulnerability causing the rush of the x86 Page Table Isolation work that landed in the Linux kernel days ago, it's believed to be a problem only affecting Intel CPUs. But at least for now the mainline kernel is still treating AMD CPUs as "insecure" and is too taking a performance hit.
Besides my initial benchmarks of the performance impact as a result of this x86 workaround in the Linux 4.15 kernel, I've been working on various other tests since yesterday and one of them was just seeing what happens on AMD hardware.
Back on 26 December is when Tom Lendacky of AMD posted a patch to confirm this PTI problem shouldn't affect the company's processors -- at least with what information is currently known. Lendacky wrote, "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault."
But over one week later, that patch has yet to be merged to the mainline kernel. When booting the Linux 4.15 kernel on an AMD EPYC box, indeed, for now the AMD CPU is still treated with a bug of "insecure_cpu."
An immediate workaround at least until the AMD patch lands where PTI isn't applied to AMD CPUs is by booting the kernel with the nopti kernel command-line parameter. This can also be applied to Intel systems too on a patched kernel if wanting to regain the performance and are not too concerned about this vulnerability.
In affected benchmarks (those making use of a lot of system calls, context switches, etc), indeed AMD EPYC faces a performance penalty similar to Intel. I'll have more test data to share on Wednesday. Hopefully more details on the underlying vulnerability come to light soon to really know if AMD CPUs have any chance of being affected and other details.
Update: Linux Will End Up Disabling x86 PTI For AMD Processors