AMD claims their processors aren't affected at all by any of the 3 variants of Foreshadow (https://www.amd.com/en/corporate/security-updates) therefore SMT is safe to leave enabled. On the other hand, on Intel the only fully comprehensive workaround is to completely disable SMT, so given that disabling SMT almost halves the performance on some workloads,¹ AMD is bound to have a huge performance advantage over Intel, on these particular workloads.
¹ For example in SPECvirt_sc2013 the patch reduces performance by 31% (https://www.servethehome.com/wp-content/uploads/2018/08/Inte...) 31% is unheard of for a security patch! It's a difficult security-speed tradeoff that businesses must carefully consider.
Should truth-in-advertising laws require OEMs to stop advertising hyper-threading, e.g. 4C/8T on new hardware, if the advertised feature is not fit for purpose?
Give intel some time to cope with this newest set of vulns, see if they can find a way to re-enable hyper threading safely, and if they can't and are still advertising hyper threading, then start going after them.
I believe it may be because the email only mentioned Intel explicitly and had a "I won't be buying Intel in future" (paraphrased) comment. However, I personally wouldn't assume that AMDs HT implementation doesn't have similar issues.
> However, I personally wouldn't assume that AMDs HT implementation doesn't have similar issues.
It does not. The fundamental difference between AMD and Intel CPUs in all these faults is that AMD does all permissions checks eagerly before returning results from memory, while when speculating, Intel defers them until speculation is resolved.
This does not mean that AMD escaped all of it, because some of the attacks (eg, spectre variant 1) do not cross a protection boundary that permissions checks would catch.
Due to architectural differences, AMD CPUs are immune or nearly immune to some of the speculative execution attacks (though not all of them). For example, AMDs branch predictor uses the full address and so is not vulnerable to branch predictor poisoning in the same way as Intel.
The major win (whether AMD intended it or not) is that AMD cpus don't speculate loads until page permissions have been verified. Intel fires off the speculation immediately. That is one of the primary side channels underlying many of the attacks.
Intel has been actively muddying the waters with FUD to get people to think AMD is just as vulnerable. Please don’t buy into that. Intel is far more exposed. The subsequent slowdowns are more severe.
AMD claims their processors aren't affected at all by any of the 3 variants of Foreshadow (https://www.amd.com/en/corporate/security-updates) therefore SMT is safe to leave enabled. On the other hand, on Intel the only fully comprehensive workaround is to completely disable SMT, so given that disabling SMT almost halves the performance on some workloads,¹ AMD is bound to have a huge performance advantage over Intel, on these particular workloads.
¹ For example in SPECvirt_sc2013 the patch reduces performance by 31% (https://www.servethehome.com/wp-content/uploads/2018/08/Inte...) 31% is unheard of for a security patch! It's a difficult security-speed tradeoff that businesses must carefully consider.
Should truth-in-advertising laws require OEMs to stop advertising hyper-threading, e.g. 4C/8T on new hardware, if the advertised feature is not fit for purpose?
My personal opinion is "not yet".
Give intel some time to cope with this newest set of vulns, see if they can find a way to re-enable hyper threading safely, and if they can't and are still advertising hyper threading, then start going after them.
I believe it may be because the email only mentioned Intel explicitly and had a "I won't be buying Intel in future" (paraphrased) comment. However, I personally wouldn't assume that AMDs HT implementation doesn't have similar issues.
> However, I personally wouldn't assume that AMDs HT implementation doesn't have similar issues.
It does not. The fundamental difference between AMD and Intel CPUs in all these faults is that AMD does all permissions checks eagerly before returning results from memory, while when speculating, Intel defers them until speculation is resolved.
This does not mean that AMD escaped all of it, because some of the attacks (eg, spectre variant 1) do not cross a protection boundary that permissions checks would catch.
HT is also disabled on AMD, for both CMT (FPU-shared) & SMT implementations.
https://marc.info/?l=openbsd-cvs&m=152954666609919&w=2
While no AMD issues are known at present. OpenBSD will have it disabled by default. How about other operating systems, I wonder?
Possibly, but it's not uncommon to refer to x86 and x64 machines as intel architecture machines or as intel machines.
Due to architectural differences, AMD CPUs are immune or nearly immune to some of the speculative execution attacks (though not all of them). For example, AMDs branch predictor uses the full address and so is not vulnerable to branch predictor poisoning in the same way as Intel.
The major win (whether AMD intended it or not) is that AMD cpus don't speculate loads until page permissions have been verified. Intel fires off the speculation immediately. That is one of the primary side channels underlying many of the attacks.
Intel has been actively muddying the waters with FUD to get people to think AMD is just as vulnerable. Please don’t buy into that. Intel is far more exposed. The subsequent slowdowns are more severe.
2 replies →