AMD Did NOT Disable Branch Prediction With A Zen Microcode Update

Written by Michael Larabel in AMD on 6 January 2018 at 07:02 AM EST. 27 Comments
AMD
With the plethora of software security updates coming out over the past few days in the wake of the Meltdown and Spectre disclosure, released by SUSE was a Family 17h "Zen" CPU microcode update that we have yet to see elsewhere... It claims to disables branch prediction, but I've confirmed with AMD that is not actually the case.

AMD did post a processor security notice where they noted their hardware was not vulnerable to variant threee / rogue data cache load, for the "branch target injection" variant that there was "near zero risk" for exploiting, and with the bounds check bypass it would be resolved by software/OS updates.

Along with the Linux kernel patches for enabling KPTI (Page Table Isolation), SUSE issued a security bulletin where they added an AMD microcode update. The bulletin mentions, "This new firmware disables branch prediction on AMD family 17h processor to mitigate a attack on the branch predictor that could lead to information disclosure from e.g. kernel memory." The AMD change-log does note this AMD microcode update is indeed for CVE-2017-5715, a.k.a. SPECTRE.

But surprisingly I have yet to see any other Linux distribution vendors promoting this new microcode_amd_fam17h.bin microcode file for disabling branch prediction on these latest AMD Ryzen/Threadripper/EPYC processors. This new Family 17h microcode file also hasn't been added as of writing to the linux-firmware.git tree.

I reached out to AMD and on Friday heard back. They wrote in an email to Phoronix that this Zen/17h microcode update does not disable branch prediction. They'll be working with SUSE to re-clarify this microcode update description... But as far as what this microcode update does in the wake of SPECTRE they have yet to clarify or why this microcode binary has yet to make it to other Linux distributions. If/when I hear anything more, I'll certainly post about it but doesn't appear to be anything as dramatic as disabling branch prediction, which could have slaughtered their CPU performance.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week