5

I've been chewing on this for a week or so. Thought I'd ask if it could be validated. My thoughts are based on reading the Spectre whitepaper and research on the AMD K8 microarchitecture, and haven't been able to find any AMD K8 specific Spectre related info on the web. I'm also not a computer science dude... So here it goes:

AMD K8 processors are possibly not vulnerable to Spectre variant 1 (exploiting conditional branches) as although the processor does have an out-of-order execution paradigm, memory operations are executed in-order; memory access cannot be reordered. So if a memory read gets stuck, it would stall all subsequent memory reads or writes, thus eliminating the attack.

The AMD K8 processors are also possibly not vulnerable to Spectre variant 2 (exploiting indirect branches) as although the processor does have branch predictors, it doesn't have indirect branch predictors. Meaning, that the processor will just go to the same target/branch as it did the previous time. Therefore, the processor cannot be trained to make a misprediction nor mistrained, thus eliminating the attack.

Thanks to all the responses.

  • 1
    Did you run the spectre example code on AMD K8 machine? https://gist.github.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6 – hft Jan 25 '18 at 21:24
  • 2
    Thanks, I've been looking for a test like that. I've set up a Sempron Palermo rig with Manjaro Linux and kernel 3.16.53. I made a few corrections to the example code as mentioned by some other forum members so that it would run and compiled it as also mentioned. Lo and behold, the example code could not find the secret phrase!!! I hope other people can confirm this on K8 processors... –  Jan 26 '18 at 18:41
  • Cool. Nice work! – hft Jan 26 '18 at 20:09
  • Nope... forget it :(. Modified the code a bit so serialisation would occur with lfence. Vulnerable after all... –  Jan 27 '18 at 07:37
  • Good to know. If you get a change it would be nice if you could write up your solution as an answer to your own question. Could be useful for others and will earn you some more rep if others up-vote it. – hft Jan 29 '18 at 04:34

1 Answers1

1

You were right, and now there is some confirmation from AMD.

In this whitepaper that describes possible mitigation techniques, the AMD family 10h (= AMD K10), as well as the AMD family 0Fh (= AMD K8) are mentioned.

Tom K.
  • 7,913
  • 3
  • 30
  • 53