An Initial Look At Spectre V4 "Speculative Store Bypass" With AMD On Linux

Written by Michael Larabel in Processors on 22 May 2018 at 06:05 PM EDT. Page 1 of 2. 27 Comments.

Yesterday the latest Spectre vulnerability was disclosed as Spectre Variant 4 also known as "Speculative Store Bypass" as well as the less talked about Spectre Variant 3A "Rogue System Register Read". Here are my initial tests of a patched Linux kernel on AMD hardware for Spectre V4.

Landing yesterday into Linux 4.17 Git was Speculative Store Bypass Disable (SSBD) as the Linux-based mitigation on Intel/AMD x86 CPUs. Since then has also been the POWER CPU SSBD implementation and pending patches for ARM64 CPUs.

When it comes to the Intel/AMD CPUs, that is squared away in Linux 4.17 although we expect the support will continue to be refined over the weeks/months ahead just as the earlier Spectre and Meltdown mitigation work continues to be improved upon, particularly for performance efficiencies. The initial x86 mitigation work has already premiered today in new 4.9/4.14/4.16 kernel point releases.

AMD CPU users booting to a new kernel via /sys/devices/system/cpu/vulnerabilities/spec_store_bypass will find that their mitigation support is enabled by default and working. If your kernel is built with the SECCOMP configuration option, it will report Speculative Store Bypass has been disabled via PRCTL and SECCOMP methods otherwise just PRCTL. This behavior can be controlled via the spec_store_bypass_disable= kernel parameter with valid options of on/off/auto/prctl/seccomp.

But for Intel users today if booting to a patched kernel you will find your system reporting it's still vulnerable to Spectre V4 and even with the spec_store_bypass_disable kernel option cannot be forced enabled: you first need an upgraded BIOS / CPU microcode. Intel is working on getting that out to motherboard vendors/partners for hitting end-users in the weeks ahead. I was hoping to get access to updates today, but unfortunately as of writing that didn't pan out yet so I don't have any Intel testing to share at this point.

For AMD CPU users wishing to learn more about the technical details on SSBD, AMD has published a PDF whitepaper going over all the fine technical information. Additionally, AMD CPUs are not believed to be applicable to the Spectre Variant 3A vulnerability.

AMD CPUs going back to Bulldozer are being provided with SSBD support. My initial testing today was done with different AMD Zen processors considering the short time for testing thus far.

Related Articles