Announcement

Collapse
No announcement yet.

Linux Fixes Botched SRSO Mitigation For AMD Zen 3 / Zen 4

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #1

    Linux Fixes Botched SRSO Mitigation For AMD Zen 3 / Zen 4

    Phoronix: Linux Fixes Botched SRSO Mitigation For AMD Zen 3 / Zen 4

    Disclosed last August was the AMD Inception vulnerability also known as SRSO for the Speculative Return Stack Overflow. The kernel-side patches for the AMD SRSO mitigation were quickly merged. Following that were more clean-ups and fixes to the SRSO mitigation code. It's been a quiet few months since while merged on Friday was fixing some of the mitigation code due to being ineffective...

    Linux Fixes Botched SRSO Mitigation For AMD Zen 3 / Zen 4 - Phoronix
    https://www.phoronix.com/news/AMD-SRSO-Inception-Fixes-2024
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
    • Likes 1
  • #2
    It's the first Zen vulnerability mitigation that I chose not to enable. It's extremely difficult/improbable to exploit even when you have rogue software running on your PC.
    • Likes 3

    Comment

    • #3
      It's amazing how badly designed the processors are to need such mitigations, and equally amazing is how no litigation has happened.

      Imagine buying a 500hp sports car, and after some time someone finds out that it won't work at that power level, and it is mitigated to 400hp by software update. This would be grounds for cancelling the purchase and return product for full refund.
      • Likes 9

      Comment

      • #4
        Originally posted by varikonniemi View Post
        It's amazing how badly designed the processors are to need such mitigations, and equally amazing is how no litigation has happened.

        Imagine buying a 500hp sports car, and after some time someone finds out that it won't work at that power level, and it is mitigated to 400hp by software update. This would be grounds for cancelling the purchase and return product for full refund.
        Where's your uArch which is not affected by anything? Because e.g. Spectre class vulnerabilities affect all the modern CPUs with speculative execution, i.e. pretty much all of them.

        The brightest minds design CPUs. And to top it off modern CPUs have been using AI for many years to run faster. It's extremely complicated stuff.
        • Likes 5

        Comment

        • #5
          Originally posted by varikonniemi View Post
          It's amazing how badly designed the processors are to need such mitigations, and equally amazing is how no litigation has happened.

          Imagine buying a 500hp sports car, and after some time someone finds out that it won't work at that power level, and it is mitigated to 400hp by software update. This would be grounds for cancelling the purchase and return product for full refund.
          Engines are primitive compared to CPUs.

          That's why vacuum cleaners, washing machines, cars usually don't experience such problems.

          However, in cars, it is alleged that due to design negligence or intentional savings, repair costs are high and faults arise that did not occur before.​
          • Likes 10

          Comment

          • #6
            The concept here is that you sell something with some specifications. If the sold product cannot perform as advertised, you are responsible.

            Saying "you don't need to apply mitigations and can remain performant" is like saying "you don't need to down tune your car to ensure the engine does not explode and burn all your clothes off"

            If a car explodes due to design fault and causes harm to user the manufacturer is responsible. If a processor leaks data through design fault, why is the manufacturer not responsible? We live in a morally relative society.
            Last edited by varikonniemi; 30 March 2024, 10:12 AM.
            • Likes 5

            Comment

            • #7
              Originally posted by varikonniemi View Post
              The concept here is that you sell something with some specifications. If the sold product cannot perform as advertised, you are responsible.

              Saying "you don't need to apply mitigations to remain performant" is like saying "you don't need to down tune your car to ensure the engine does not explode and burn all your clothes off"
              You have to prove in court there was a malicious intent of creating known to be vulnerable CPUs whose performance consecutively tanked due to mitigations.

              And then you have to prove companies somehow have benefited from that.

              Good luck with that.
              • Likes 3

              Comment

              • #8
                absolutely no such requirement exists. Car manufacturers pay compensation when their car causes harm to user. So why not CPU manufacturers?

                If a car suddenly explodes due to design fault and hurts you there will be compensations. If your cpu exposes your encryption key due to design fault and causes loss off trillions, why is the cpu manufacturer not responsible?
                Last edited by varikonniemi; 30 March 2024, 10:16 AM.
                • Likes 3

                Comment

                • #9
                  Originally posted by varikonniemi View Post
                  The concept here is that you sell something with some specifications. If the sold product cannot perform as advertised, you are responsible.

                  Saying "you don't need to apply mitigations to remain performant" is like saying "you don't need to down tune your car to ensure the engine does not explode and burn all your clothes off"

                  If a car explodes due to design fault and causes harm to user the manufacturer is responsible. If a processor leaks data through design fault, why is the manufacturer not responsible? We live in a morally relative society.
                  The specifications cover clock speeds, power levels, supported instructions, etc. The CPUs still do all the things the actual specifications cover. They don't promise a certain level of performance for each benchmark in the Phoronix test suite. Yes it sucks that mitigations impact performance. But CPUs are absurdly complex these days. Unless we want to give up huge amounts of performance in favor of simpler designs, new was to abuse the designs will be found and mitigations will be necessary.
                  • Likes 2

                  Comment

                  • #10
                    Originally posted by pWe00Iri3e7Z9lHOX2Qx View Post

                    The specifications cover clock speeds, power levels, supported instructions, etc. The CPUs still do all the things the actual specifications cover. They don't promise a certain level of performance for each benchmark in the Phoronix test suite. Yes it sucks that mitigations impact performance. But CPUs are absurdly complex these days. Unless we want to give up huge amounts of performance in favor of simpler designs, new was to abuse the designs will be found and mitigations will be necessary.
                    If a car suddenly explodes due to design fault and hurts you there will be compensations. If your cpu exposes your encryption key due to design fault and causes loss off trillions, why is the cpu manufacturer not responsible?
                    • Likes 1

                    Comment

                    Previous 1 2 template Next
                    Working...
                    X