On Thu, Apr 5, 2018 at 3:36 PM, Wols Lists <antli...@youngman.org.uk> wrote: > On 05/04/18 17:54, Rich Freeman wrote: >> I >> haven't checked recently but the last time I looked at it even my >> current Ryzen CPU doesn't have a microcode fix out yet for lfence. > > Is lfence a meltdown problem? Because afaik Ryzen doesn't need a fix for > meltdown, it's not vulnerable.
No, lfence is exclusively a fix for spectre. It has nothing to do with meltdown [1]. lfence itself has been around for a while, and works fine for its original purpose. It was intended to serialize reads from memory, so that any previous read operations were guaranteed to be complete before the lfence retires and execution moves on. However, lfence as it was originally defined does NOT prevent the CPU from fetching subsequent data into the cache, or to speculatively execute (but not retire) instructions. That is enough to allow for a spectre vulnerability. I believe the intent of these microcode changes is to basically overload some additional functionality on top of lfence that prevents some forms of speculative execution from continuing past it. However, I haven't really read much about the changes since the original publicity. At that time one concern I had was that it seemed like Intel and AMD were independently solving the problem, creating the potential that a code fix might work on one vendor's CPUs and not the other's. 1 - As a footnote, it makes sense that lfence couldn't do anything for Meltdown. Spectre is like most vulnerabilities in that it is a problem that must be present in the code that is being attacked. Meltdown is more of a hardware problem - you don't need any vulnerable code on a system to attack it. Now, meltdown does have a workaround that can be done at the kernel/hypervisor level. You can't fix meltdown simply by sticking instructions in the kernel's code path because when meltdown is exploited there isn't any kernel code running. With spectre the program being attacked IS the program that is running so it can control the instructions being run. -- Rich
