AMD Zen 3 CPUs Vulnerable To Spectre-like Attacks via PSF Feature (therecord.media) 52
US chipmaker AMD advised customers last week to disable a new performance feature if they plan to use CPUs for sensitive operations, as this feature is vulnerable to Spectre-like side-channel attacks. From a report: Called Predictive Store Forwarding (PSF), this feature was added to AMD CPUs part of the company's Zen 3 core architecture, a processor series dedicated to gaming and high-performance computing, which launched in November 2020. The feature implements a technique called speculative execution, which works by running multiple alternative CPU operations in advance to make results available faster, and then discarding "predicted" data once deemed unneeded.
Was wondering how long it would take (Score:5, Funny)
Re: (Score:3)
Well Intel still defines the standards and AMD *has* to be application-compatible after all...
Re: (Score:1)
Sure.
What's ARM's market penetration for PC application?
Oh yeah...
Was wondering how long it would take-ME (Score:2)
Does that mean Slashdot has forgiven AMD for PSP then?
Re: (Score:2)
Re: (Score:2)
There would need to be a LOT more AMD only vulnerabilities for Intel to catch up. Like three times as many.
Re: (Score:2)
Yes Really. (Score:2)
And before someone cries that there is something out in the wild, well that's cool, but I don't go running random junk from the internet. Web browsers have scripts off by default, mail doesn't load anything except the mail, etc.
Re: (Score:2)
Exactly this.
As an analogy, I ride my cheaper bike to town, not my more expensive one. I lock it with something that fits in my jacket pocket. I don't insist on a 10kg super Kryptonite lock for my bike -- rather I use a less valuable bike.
Performance vs security tradeoff (Score:5, Interesting)
For most of my machines I'd rather have the vulnerabilities and better performance, and keep a spare laptop for secure stuff (and secure stuff only).
Re:Performance vs security tradeoff (Score:5, Insightful)
This! I also have a front door and a window made of glass, vulnerable to a brick. But I prefer light in my room and the ability to leave the house quickly and easily rather than need to open a bank vault in a cement bunker.
Even with this analogy people somehow seem to think that their PCs are storing national security relevant data, rather than games, and porn.
Re: (Score:3)
This is why 'spare laptop for secure stuff (and only secure stuff)'. You do not do security sensitive stuff on the same machine you play games on or browse porn on. For secure web stuff a cheap second hand laptop from eBay will do, and then restrict what you do on it to only the essentials, and keep security sensitive stuff off _all_ your other devices. For a games PC, I'm happy with the risk of spectre and friends for an extra few % performance; on a security sensitive device I'm happy to take a performanc
Re: (Score:3)
then I'm certain you have no issues handing your unlocked smartphone to a group of hackers?
Yep go your hardest. I don't even have a lock code on my phone. Important things are locked individually.
People do everything from playing with virtual houses to buying actual houses online these days
Indeed. But Spectre isn't a keylogger. It's not a resident trojan that sits and waits. It's a method of extracting data, a computationally expensive one which would be quite obvious when running all the time. So multiple the insanely small chance that someone is going to attack you with insanely complicated exploit by the time at risk (not sure about you but I only buy houses every couple of years, and e
Performance vs PERFORMANCE tradeoff (Score:2)
But...but...it's compromising porn.
Re: (Score:2)
when any machine can be valuable as a zombie, there is no practical purpose to reserving some mythical hardened computer for secure stuff while allowing the remainder of your equipment to be wide open. It all has to be secure and connected, or completely isolated and disconnected. There is not much room for compromise between those two extremes.
Re: (Score:2)
Vulnerable to spectre is not equivalent to wide open. There is quite a spectrum in terms of security and performance, just as there is a spectrum of possibilities for securing e.g. a house. So yes, there is a great deal of room for compromise -- it is about making system compromise not worth the effort for an attacker in terms of what they gain. Make it possible to mitigate these attacks at a cost of performance, and then leave the option open. But don't make such mitigations mandatory. Spectre and friends
Re: (Score:2)
Keep in mind that this is new to Zen 3.
Re: (Score:2)
I'll take the option where a hacker may steal all my gold in Diablo 2, thank you very much.
Keep it simple for reliability/predictability (Score:1)
For some applications, using long-proven, long-studied hardware or at least something based on "old, simpler" designs is far better than using high-performance hardware.
Ditto for software and, for that matter, "well-established standard business practices" and other "human element required" ways of doing things.
In short: Reliability and predictability in the face of unknowns - whether malicious attacks, a user being sloppy, or just cosmic rays - can be much more important than raw performance in some situa
Re: (Score:2)
Re: (Score:1)
This is an Intel hit job (Score:2)
Re: (Score:2)
Pretty obvious one at that. This is mitigated in hardware for cases most care about.
"US chipmaker AMD advised customers last week to disable a new performance feature if they plan to use CPUs for sensitive operations"
Hit job?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
> If you are the only client accessing the cpu,
We can all dream, can't we?
Re: This is an Intel hit job (Score:2)
Yeah, hate to tell you, but there are thoisands of people accessing your CPU: Everyone who contributed to any code you run on your system.
At least Android shields different app creators from each other by giving each app a different user.
I don't get why this is not the standard for Linux-based PCs... Why are we still acting like it's a mainframe, and a user's files would be less important and less worthy of protection than the OS?
'Implements speculative execution' (Score:2)
Performance, security, reliability - pick two.
Re: (Score:2)
Can I pick Performance twice? I'm trying to run Crysis, here!
Re: (Score:2)
Well, at least they are honest (Score:2)
Not like Intel that dragged their heels and kept lying about the size of the issue.
You can't get one, anyway (Score:1)
No worries (Score:2)
Intel did the same thing. Apparently, for years they were warned about speculative execution, but they pushed ahead, giving themselves a 10%-15% performance benefit.
And as soon as they deployed the SPECTRE fixes, what happened? You guessed right, they lost all that performance advantage, and some:
https://www.reddit.com/r/build... [reddit.com]
And what do they recommend (roguhyl): "our customers should decide whether to deploy the fixes or not"
Et, tu AMD?
Scary Spectre and Meltdown exploits - oh wait..nvm (Score:2)
Re: Scary Spectre and Meltdown exploits - oh wait. (Score:2)
"Yeah, that one-click browser-based exploit I tried when thos was new was totally not real. Nonono. It all isn't real. Because I can't handle it! Waaaah! *hides in plastic bubble in bunker basement*"
Re: (Score:2)
AMD whitepaper (Score:4, Informative)
Is this some sort of Surveillance Requirement ... (Score:2)
.. that has been NSL'd into being?
We need faster memory! (Score:2)
Lots of it.
Ideally built right into the CPU.
Then we can access it at full speed,
and do not need to twiddle our thumbs, speculating about what might come.
I can't believe SRAM is still supposed to be that expensive. AFAIK it's six transistors per bit.
If there is one thinf we should be focusing on, it's going back to a form of core memory that runs as fast as the CPU can handle.
Re: (Score:2)
How (Score:2)
Just like Spectre everyone says"disable this CPU feature" and nobody parts HOW to do that. Thanks internet