Ghosts Of Spectres Past Return To Haunt AMD And Intel
Intel Discovered A Flaw In Their Mitigations, And In AMD’s As Well
If you had hoped that the Spectre flaw had finally been exorcised and sent back to the grave then we have some bad news for you. Recently Intel’s security team, which goes by the name STORM, discovered a flaw in the patch for Spectre V2 which allows a Branch History Injection attack to succeed. STORM needed to find a new solution which balances both the performance impact of a new patch as well as it’s effectiveness and one of their customers suggested making use of AMD’s LFENCE/JMP technique.
Intel looked into it and discovered that AMD’s solution was also vulnerable to specific variants of the Spectre vulnerability, and so it was back to the drawing board for the team but not before they dropped AMD a note letting them know about the problem they found. The flaws in both patches have been resolved and are available to apply to your systems, but as per the previous patches the increased security comes at a price.
Phoronix’s testing on Linux kernel 5.17 showed that AMD processors could expect to see some performance impacts on Vermeer chips in specific workloads, but certainly not in general usage. Interestingly their EPYC chips did not see any significant changes in performance, indeed in one benchmark there was a performance increase. Intel’s mitigations are more costly in terms of performance, but again apart from some specific benchmarks you will not see much performance impact on your system.
Intel's security team, STORM, found the issue with AMD's mitigation. In response, AMD has issued a security bulletin and updated its guidance to recommend using an alternative method to mitigate the Spectre vulnerabilities, thus repairing the issue anew....