1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AMD Security Statement from CTO and SVP Mark Papermaster

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Jan 12, 2018.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    33,497
    Likes Received:
    2,427
    GPU:
    AMD | NVIDIA
  2. Embra

    Embra Master Guru

    Messages:
    666
    Likes Received:
    81
    GPU:
    Vega 64 Nitro+LE
    Thanks HH.
     
  3. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    3,231
    Likes Received:
    495
    GPU:
    HIS R9 290
    So basically just Variant 2 is noteworthy (but not necessarily crucial).

    At least a high-up representative from AMD finally gave a solid answer. I was getting a bit tired of all the pussyfooting AMD was doing for the past couple weeks.
     
    kruno likes this.
  4. nevcairiel

    nevcairiel Master Guru

    Messages:
    318
    Likes Received:
    72
    GPU:
    MSI 1080 Gaming X
    Didn't AMD basically start with "We're not affected" when the news first broke? Long way to go from "not" to two variants actually being applicable. Sure, Meltdown is Intel only, but Spectre might be as bad or possibly even worse in the long run.
     

  5. D3M1G0D

    D3M1G0D Maha Guru

    Messages:
    1,185
    Likes Received:
    563
    GPU:
    2 x GeForce 1080 Ti
    No, it isn't. Meltdown is by far the scariest CPU bug I have ever seen - Spectre comes nowhere close to it.
     
  6. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    3,231
    Likes Received:
    495
    GPU:
    HIS R9 290
    I don't recall AMD saying they weren't affected, though as I mentioned in my last post, they seemed to be intentionally vague about all of this. What I remember is they were being dismissive of its severity. To be fair, they weren't totally wrong in doing so - from what I heard, you need physical access to the system to exploit the bug (on AMD), in which case the user would have bigger things to worry about. At least in Linux, they seem to add patches that would exclude them in some of the recent kernel bug fixes. It's all a bit difficult to keep track of, but at least today we finally have a more clear answer.
     
  7. nevcairiel

    nevcairiel Master Guru

    Messages:
    318
    Likes Received:
    72
    GPU:
    MSI 1080 Gaming X
    Thats the "simple" view of it. Both achieve the same thing, leaking information. Meltdown is easier to exploit and more of a straight-forward bug in the CPUs in question. However, Spectre is not a "bug" as such, but a fundamental concept of any speculative execution on CPUs (so basically, any modern CPU across vendors and architectures) - which makes Spectre far more scary in the long run from the sheer scale of it. Its also much harder to fully mitigate (if even at all without fundamental hardware design changes). The fact alone that Spectre basically effects all modern CPUs, from x86 to ARM, POWER and who knows what else should scare you.
     
  8. D3M1G0D

    D3M1G0D Maha Guru

    Messages:
    1,185
    Likes Received:
    563
    GPU:
    2 x GeForce 1080 Ti
    I don't see much of a threat from Spectre. Unlike Meltdown, the ability to get useful, sensitive data is extremely rare, and there are ways to mitigate it through software and preemptive coding (speaking as a professional computer programmer, it won't take that much work to redesign for it). Combine that with OS patches and/or BIOS updates and I don't see it as a major threat.

    Like I said, Meltdown is the scariest bug I have ever seen, breaking down any and all security checks and able to read reams of sensitive data. Spectre is more pervasive but far less dangerous, and I won't lose any sleep over it.
     
  9. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    9,081
    Likes Received:
    1,329
    GPU:
    1080Ti @h2o
    Those security flaws wouldn't be scary at all if they were patched right away properly, not half heartedly and technically lacking like with AMD systems and their non-bootability issues, not producing random reboots in Haswell systems, and that's just what we know so far. We've yet to see any real exploit, and so far (if you don't consider the possible damage) all we've got from this is a slow down of systems and more borken patches / updates.
     
  10. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    3,231
    Likes Received:
    495
    GPU:
    HIS R9 290
    I'm not sure you fully understand this situation.

    Considering how long these issues were known, I agree it took a little too long to patch the problems. However, the issues with Haswells and outdated AMD CPUs is something I would rather blame on Microsoft. To my knowledge, other OSes aren't getting these issues.

    But more importantly, slow downs aren't a side effect of these patches - slow downs are the sacrifice of these patches. The performance loss was predicted before anyone even tested it. That's because the security risk itself was designed to improve performance. So, the only way to quickly and effectively protect users from this bug is to simply disable speculative execution, and therefore the losses associated with it.
     

  11. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    9,081
    Likes Received:
    1,329
    GPU:
    1080Ti @h2o
    Well, I am fairly aware that the issues here come from the way that Intel's chips "predict" usage in the first place, so thanks for your consideration. I've read the links posted here by others (you iirc too).
    Then again, deactivating those speculative executions does not make a system not boot or reboot unprovoced by the user.

    By the way, google has found a software resolution with marginal performance impact on their server systems while still keeping their systems secure.
    https://www.blog.google/topics/goog...ulnerabilities-without-impacting-performance/
     
  12. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    3,231
    Likes Received:
    495
    GPU:
    HIS R9 290
    Well, that's why disabling this feature results in performance losses. So far, most of the performance losses have been very minimal - seems to me that just tasks that are both heavy in I/O and CPU load take the hardest hits, but otherwise everything seems to be less than a 5% loss.
    That's true - it shouldn't do that. This is why it's specifically a MS issue, since Linux and FreeBSD (which, for the record, have independently made their own patches) are not known to have issues.
     
    fantaskarsef likes this.

Share This Page