Image Map Image Map
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: AMD K6 & Meltdown/Spectre vulnerabilities

  1. #1

    Default AMD K6 & Meltdown/Spectre vulnerabilities

    I am just curious about Meltdown and Spectre vulnerabilities in the AMD K6. This CPU uses Speculative and Out Of Order execution to enhance performance. I am going to do a build using an AMD K6-III+ processor. If I use Windows XP, is the system at risk? This may be a nonissue, given the CPUs age, but it is an interesting thing ponder.

  2. #2

    Default

    You are only at risk if you run a workload on the machine that is owned by a hostile user, who is trying to extra secrets using the timing attack demonstrated by Meltdown and Spectre.

    So in short, if you know what is running on the machine then I wouldn't be too concerned about it. Those processors are also primitive enough where I doubt they are affected even thought they are superscalar and they do instruction reordering. It's the level of speculative execution that matters and how that is implemented. Except for branch prediction I doubt there is too much speculative execution going on in a K6.

  3. #3

    Default

    It is not likely susceptible to Meltdown but most any Speculative processor is susceptible to Spectre, that has cache. Spectre does require help from some other code that runs at the privileged level to do the dirty work for you. Meltdown runs at the user level. If your using XP, will you be running code fetched from the web? There are a number of web applications that have this potential but most have been patched by people like MicroSoft and others like various virus protection programs. These need to have protected mode execution close to inputs where they can be taken advantage of. Spectre is not really a processor issue it is an application issue but uses the same sideband leak as Meltdown does.
    AMD's later processors we immune to Meltdown because they detect the fetch from privileged memory before there is a cache fetch. Intel wanted to make it faster so figured the fetch would not be seen by code. I'm not sure about AMD K6.
    They didn't think about the sideband detection that can be seen by the delay timing caused by the cache fetch.
    Dwight

  4. #4

    Default

    Quote Originally Posted by mbbrutman View Post
    You are only at risk if you run a workload on the machine that is owned by a hostile user, who is trying to extra secrets using the timing attack demonstrated by Meltdown and Spectre.

    So in short, if you know what is running on the machine then I wouldn't be too concerned about it. Those processors are also primitive enough where I doubt they are affected even thought they are superscalar and they do instruction reordering. It's the level of speculative execution that matters and how that is implemented. Except for branch prediction I doubt there is too much speculative execution going on in a K6.

    As Mike says, both have to run some bad guys code at the machine level. I could write a Meltdown code and give it to you to run but that is something you could just say you don't trust it and not run it.
    Dwight

  5. #5

    Default

    Quote Originally Posted by mbbrutman View Post
    ...Those processors are also primitive enough...
    A primitive way of thinking. Or you are a jealous designer of ARM, haha! But I doubt it.

  6. #6

    Default

    Quote Originally Posted by george View Post
    A primitive way of thinking. Or you are a jealous designer of ARM, haha! But I doubt it.
    How is that a primitive way of thinking? The K6 was launched in 1997; it's positively ancient by current standards.

  7. #7

    Default

    I've been thinking about this from time to time. The original Intel Atom processor is essentially a pentium in more modern design. In that, it does not do speculative execution. It has already been said this Atom core is immune (also reported this way by Linux kernel). Which leads me to believe that the original pentium is going to be the same. The K6 is essentially a pentium style architecture, except it had a longer series of updates to compete with the P2 and P3 (K6-2, K6-3). I don't think it will be doing speculative execution however, even with the updates.

    Meltdown is basically an Intel flaw, which almost certainly won't work on any AMD. So that turns the question if some of these older AMD cores have Spectre-type bugs.

    Questions:
    1. The P2 is supposed to be the first with speculative execution. Is it bugged? Or do we really need to go all the way to P4?
    2. Are there really any clear test cases for Spectre that work on AMD? I'm still not sure if there are any practical exploits and what they would have in common with older processor designs.

    I think K6 is probably OK.

  8. #8
    Join Date
    May 2011
    Location
    Outer Mongolia
    Posts
    1,921

    Default

    The K6 does do some speculative and out-of-order execution, but has a pretty shallow pipeline and it's also more limited than later processors with regards to what instructions it's capable of executing speculatively so it's certainly fair to question whether any kind of practical, weaponize-able exploit would really be able to work on it.

    (Exploits that fit that description are rare anywhere; there are "toy" exploits that can override the bounds checking within a single process space pretty quickly on a modern CPU, but reading memory for other processes or breaking out of a VM requires a *lot* of setup/hammering and is very slow.)

    Honestly, if you're running Window XP you don't need Spectre to crack it, it's missing all the process-protection bells and whistles that Spectre-type attacks are specifically useful for thwarting.
    My Retro-computing YouTube Channel (updates... eventually?): Paleozoic PCs

  9. #9

    Default

    ARM isn't immune either. It is just that most are embedded and don't run on the web where things can be loaded. Tablets can be, though. I've not looked into RISC-V, which likely has problems with Spectre and maybe even Meltdown.
    Dwight

  10. #10

    Default

    ** Yes I see now there are a few references the K6 does support speculative execution. At first I did not believe it, since the K6 is not really faster than the average pentium, only when it's clocked much higher it pulls away.

    I'd still like to see what is considered a practical exploit. Even most of the known variants are not possible on AMD, which leads me to believe it's going to be CPU specific if any case is found for K6.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •