To be clear, there's two separate flaws; Meltdown only affects Intel CPUs, and requires a performance-draining patch (which will also be applied to the non-affected AMD chips, because "glory to Intel!" (no, really!))
You're so very wrong sometimes. All we know is that AMD has said that their chips aren't affected by Meltdown and that the Linux Kernel devs have decided to err on the side of caution and not accept a patch that would disable the Meltdown fix on AMD processors at this time. This isn't about "glory to intel", this is about not trusting a company blindly when they say something.
We'll see. (I heard that line, not sure if I buy it. While initially true perhaps, my prediction is Intel will be pushing
very hard to leave AMD in the same basket as them until they have refreshed the market with their own CPUs again).
Let me re-read the article and see if I can find the part where AMD not being affected is pointed out (made me pretty sure there's no way around it).
Edit: also, see the
Linus comments at the end of this article.
Edit2: alright, in addition to Linus complaints, here's the AMD response in the article. This should be easy: if we know or can test for the the veracity of the claim by AMD about how their processors work, then AMD systems should not be patched. If we don't know, err on the side of caution. The claim:
However, it may be that the vulnerability in Intel's chips is worse than the above mitigation bypass. In an email to the Linux kernel mailing list over Christmas, AMD said it is not affected. The wording of that message, though, rather gives the game away as to what the underlying cockup is:
AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.
So what you're saying is, we don't know if that statement is true, and we cant verify its accuracy in any reasonable time to not patch AMD systems as well? Also, Linus Torvalds is a pretty smart guy. Why is he upset? I kind of gathered the patch isn't being made easy to disable on AMD systems or something:
From Linus Torvalds <>
Date Wed, 3 Jan 2018 15:51:35 -0800
Subject Re: Avoid speculative indirect calls in kernel
On Wed, Jan 3, 2018 at 3:09 PM, Andi Kleen wrote:
> This is a fix for Variant 2 in https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
> Any speculative indirect calls in the kernel can be tricked to execute any kernel code, which may allow side channel attacks that can leak arbitrary kernel data.
Why is this all done without any configuration options?
A *competent* CPU engineer would fix this by making sure speculation doesn't happen across protection domains. Maybe even a L1 I$ that is keyed by CPL.
I think somebody inside of Intel needs to really take a long hard look at their CPU's, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed.
.. and that really means that all these mitigation patches should be written with "not all CPU's are crap" in mind.
Or is Intel basically saying "we are committed to selling you **** forever and ever, and never fixing anything"?
Because if that's the case, maybe we should start looking towards the ARM64 people more.
Please talk to management. Because I really see exactly two possibibilities:
Intel never intends to fix anything
OR
these workarounds should have a way to disable them.
Which of the two is it?
Linus