For Now At Least AMD CPUs Are Also Reported As "Insecure"

Written by Michael Larabel in AMD on 2 January 2018 at 09:16 PM EST. 70 Comments
AMD
Right now with the big mysterious security vulnerability causing the rush of the x86 Page Table Isolation work that landed in the Linux kernel days ago, it's believed to be a problem only affecting Intel CPUs. But at least for now the mainline kernel is still treating AMD CPUs as "insecure" and is too taking a performance hit.

Besides my initial benchmarks of the performance impact as a result of this x86 workaround in the Linux 4.15 kernel, I've been working on various other tests since yesterday and one of them was just seeing what happens on AMD hardware.


Back on 26 December is when Tom Lendacky of AMD posted a patch to confirm this PTI problem shouldn't affect the company's processors -- at least with what information is currently known. Lendacky wrote, "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault."


But over one week later, that patch has yet to be merged to the mainline kernel. When booting the Linux 4.15 kernel on an AMD EPYC box, indeed, for now the AMD CPU is still treated with a bug of "insecure_cpu."

An immediate workaround at least until the AMD patch lands where PTI isn't applied to AMD CPUs is by booting the kernel with the nopti kernel command-line parameter. This can also be applied to Intel systems too on a patched kernel if wanting to regain the performance and are not too concerned about this vulnerability.

In affected benchmarks (those making use of a lot of system calls, context switches, etc), indeed AMD EPYC faces a performance penalty similar to Intel. I'll have more test data to share on Wednesday. Hopefully more details on the underlying vulnerability come to light soon to really know if AMD CPUs have any chance of being affected and other details.

Update: Linux Will End Up Disabling x86 PTI For AMD Processors
70 Comments
Related News
AMD Ready For Ryzen Linux Systems To Use AMD P-State Active Mode By Default
AMD Has Open-Source Ryzen AI Demo Code - But Only For Windows
Linux 6.5 Scheduler Patch Will To Help AMD Systems With Multiple LLCs Per Die
AMD Working On WiFi RFI Interference Mitigation For Linux
AMD Posts QDMA Linux Driver For Review
AMD EDAC Linux Driver Being Extended To Support Ryzen 7000 Series CPUs
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
System76 Virgo Aims To Be The Quietest Yet Most Performant Linux Laptop
XFS Metadata Corruption On Linux 6.3 Tracked Down To One Missing One-Line Patch
Red Hat To Stop Shipping LibreOffice In Future RHEL, Limiting Fedora LO Involvement
System76's Coreboot Open Firmware Manages To Disable Intel ME For Raptor Lake
Vulkan 1.3.251 Released With One New Extension Worked On By Valve, Nintendo & Others
Linux 6.4-rc4 Released As A "Fairly Normal" Release
NVIDIA R535 Linux Beta Brings New Vulkan Extensions, DMA-BUF v4 Wayland Protocol
Linux 6.3.5 Released With XFS Metadata Corruption Fix