Intel DOWNFALL: vulnerability affecting AVX2 / AVX-512 with big performance implications

Lounge EndeavourOS pub
1

Honka_old-128px-14

3 Likes
2
3

Iā€™m running a Skylake i7-6700k 4Ghz processor from 2015, at some point Iā€™d like to build one last rig next year before arthritis completely takes dexterity from my hands. Having switched to an 6700XT GPU, hereā€™s hoping AMD has something thatā€™s relatively resilient to modern vulnerabilities in the CPU space.

4

Honka_old-128px-4

1 Like
5

Honka_old-128px-17

6

Earlier in todayā€™s news: AMD ā€œINCEPTIONā€ CPU Vulnerability Disclosed :person_shrugging:

7

POC:

8

My CPU is old enough it doesnā€™t use AVX2 or AVX512 instructions. :sweat_smile:

9
1 Like
10

Things changed with this kernel ?

$ grep . -r /sys/devices/system/cpu/vulnerabilities/ 
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: always-on, RSB filling, PBRSB-eIBRS: Not affected
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/gather_data_sampling:Not affected
/sys/devices/system/cpu/vulnerabilities/retbleed:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow:Mitigation: safe RET, no microcode
/sys/devices/system/cpu/vulnerabilities/srbds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected

Linux eos 6.4.9-arch1-1 #1 SMP PREEMPT_DYNAMIC Tue, 08 Aug 2023 22:14:05 +0000 x86_64 GNU/Linux

commit acdc883eb61efbe01b954e782e1124790bd391a8
Author: Borislav Petkov (AMD) bp@alien8.de
Date: Wed Jun 28 11:02:39 2023 +0200

x86/srso: Add a Speculative RAS Overflow mitigation

Upstream commit: fb3bd914b3ec28f5fb697ac55c4846ac2d542855

Add a mitigation for the speculative return address stack overflow
vulnerability found on AMD processors.

The mitigation works by ensuring all RET instructions speculate to
a controlled location, similar to how speculation is controlled in the
retpoline sequence.  To accomplish this, the __x86_return_thunk forces
the CPU to mispredict every function return using a 'safe return'
sequence.

To ensure the safety of this mitigation, the kernel must ensure that the
safe return sequence is itself free from attacker interference.  In Zen3
and Zen4, this is accomplished by creating a BTB alias between the
untraining function srso_untrain_ret_alias() and the safe return
function srso_safe_ret_alias() which results in evicting a potentially
poisoned BTB entry and using that safe one for all function returns.

In older Zen1 and Zen2, this is accomplished using a reinterpretation
technique similar to Retbleed one: srso_untrain_ret() and
srso_safe_ret().

Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.9

It seems that they applied a patch to Inception vulnerability already ?