Announcement

**boxie** · 19 March 2020, 07:37 AM

This seems like a good option if a vuln is disclosed before an appropriate fix has been developed.

**tchiwam** · 19 March 2020, 08:07 AM

Hmmm... Why not prefetch the new context and save time ? Maybe mark a prefetch function in some code to help find the important data ?

**Danny3** · 19 March 2020, 08:17 AM

Oh come on, not another performance crippling change.
I'm tired of these "In the name of security..."
I bet there are 1000 more things we can do here, clear / erase every cache after each instruction, encrypt / decrypt, but come one not everyone has supercomputers or Threadrippers at home that can handle everything you throw at it.

In my opinion. do all the security enhancement you want, but stop enabling them by default !
Just leave the people who need NASA level security to enable them themselves.

**ermo** · 19 March 2020, 08:18 AM

What is the reason that not as many vulnerabilities targeting AMD have yet been published? Even thought I've only been buying AMD hardware for the past 5+ years, I have a hard time believing that AMD's products are just that much more fundamentally secure?

Is it simply a question of market share at this point, in the sense that it is more valuable to undertake vulnerability research on intel products?

**birdie** · 19 March 2020, 08:37 AM

Originally posted by ermo View Post

What is the reason that not as many vulnerabilities targeting AMD has yet been published? Even thought I've only been buying AMD hardware for the past 5+ years, I have a hard time believing that AMD's products are just that much more fundamentally secure?

Is it simply a question of market share at this point, in the sense that it is more valuable to undertake vulnerability research on intel products?

Intel sponsors the German university that has discovered most of the vulnerabilities - AMD kinda sorta doesn't sponsor anyone and these vulnerabilities are very hard to find.

Despite that I still believe AMD CPUs are inherently more secure since the most blatant vulnerability (meltdown/LVI) doesn't affect them in any shape of form. In the meantime all OoOE CPUs are affected by both Spectre (1/2) attacks but at least they are not that expensive to mitigate and they are less critical.

**willmore** · 19 March 2020, 09:22 AM

Why do I get the feeling that there's yet another horrible vulnerabilty that's known by a few insiders who are quickly working to patch it and that this is some of the early fruits of that effort?

**Emmanuel Deloget** · 19 March 2020, 09:47 AM

Originally posted by Danny3 View Post

Oh come on, not another performance crippling change.
I'm tired of these "In the name of security..."
I bet there are 1000 more things we can do here, clear / erase every cache after each instruction, encrypt / decrypt, but come one not everyone has supercomputers or Threadrippers at home that can handle everything you throw at it.

In my opinion. do all the security enhancement you want, but stop enabling them by default !
Just leave the people who need NASA level security to enable them themselves.

As I understand it, the final implementation (if it ever reach this stage) would require a specific process to call prctl() to set the bit that will force a L1D flush on context swtiches. So in this case it seems that you'll get what you want: the slowdown will only impact the applications that requires it (so it should be barely noticeable).

**skeevy420** · 19 March 2020, 09:48 AM

Originally posted by Danny3 View Post

Oh come on, not another performance crippling change.
I'm tired of these "In the name of security..."
I bet there are 1000 more things we can do here, clear / erase every cache after each instruction, encrypt / decrypt, but come one not everyone has supercomputers or Threadrippers at home that can handle everything you throw at it.

In my opinion. do all the security enhancement you want, but stop enabling them by default !
Just leave the people who need NASA level security to enable them themselves.

I'm gonna assume you meant NSA, not NASA

**Dr_ST** · 19 March 2020, 12:09 PM

Originally posted by ermo View Post

What is the reason that not as many vulnerabilities targeting AMD have yet been published? Even thought I've only been buying AMD hardware for the past 5+ years, I have a hard time believing that AMD's products are just that much more fundamentally secure?

Is it simply a question of market share at this point, in the sense that it is more valuable to undertake vulnerability research on intel products?

I'd say at a certain point Intel lagged in performance and started seeing market share diminution (AMD Athlon, and the 64-bits race), so they had to find "a way back". And BAM, "HyperThreading came"... This was just simple cheating from my Point Of View.

I'm a computing researcher (in biology) and for many years I'm told that in large computing centers they always disable HT (since 2007-8 or so) so my guess is that some of these vulnerabilites are known "for years", but know the public audience is wider, that's all.

Why AMD is less affected? by design, I'd say :-)

Announcement

Linux Developers Discuss Flushing L1 Cache On Context Switches In Light Of Vulnerabilities

Linux Developers Discuss Flushing L1 Cache On Context Switches In Light Of Vulnerabilities

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment