The Complete AMD Spectre Mitigation Strategy Guide Rev. 2.0

AMD Spectre 1 Mitigations + Spectre 2 Mitigations

Contents

AMD Spectre 1 Mitigation Options

AMD Spectre Mitigation V1-1

Target : Spectre 1 only

Technique : With LFENCE serializing, use it to control speculation for bounds checking. For instance, consider the following code:

1:  cmp eax, [buffer_top]    ; compare eax (index) to upper bound

2:  ja out_of_bounds          ; if greater, index is too big

3:  mov ebx, [eax]              ; read buffer

In this code, the CPU can speculative execute instruction 3 (mov) if it mispredicts the branch at 2 (ja). If this is undesirable, software should implement:

1:  cmp eax, [buffer_top]    ; compare eax (index) to upper bound

2:  ja out_of_bounds          ; if greater, index is too big

3:  lfence                             ; serializes dispatch until branch

4:  mov ebx, [eax]              ; read buffer

Effect : In the second code sequence, the processor cannot execute op 4 because dispatch is stalled until the branch target is known.

Applicability : All AMD processors.

 

AMD Spectre Mitigation V1-2

Target : Spectre 1 only

Technique : Create a data dependency on the outcome of a compare to avoid speculatively executing instructions in the false path of the branch. For instance, consider the following code:

1:  cmp eax, [buffer_top]    ; compare eax (index) to upper bound

2:  ja out_of_bounds          ; if greater, index is too big

3:  mov ebx, [eax]              ; read buffer

In this code, the CPU can speculative execute instruction 3 (mov) if it mispredicts the branch at 2 (ja). If this is undesirable, software should implement:

1:  xor edx, edx

2:  cmp eax, [buffer_top]    ; compare eax (index) to upper bound

3:  ja out_of_bounds            ; if greater, index is too big

4:  cmova eax, edx              ; NEW: dummy conditional mov

5:  mov ebx, [eax]               ; read buffer

Effect : In the second code sequence, the processor cannot execute op 4 (cmova) because the ags are not available until after instruction 2 (cmp) nishes executing. Because op 4 cannot execute, op 5 (mov) cannot execute since no address is available.

Applicability : All AMD processors.

 

AMD Spectre Mitigation V1-3

Target : Spectre 1 only

Technique : Create a data dependency on the outcome of a compare to mask the array index to keep it within bounds. For instance, consider the following code:

1:  cmp eax, [buffer_top]    ; compare eax (index) to upper bound

2:  ja out_of_bounds            ; if greater, index is too big

3:  mov ebx, [eax]                ; read buffer

In this code, the CPU can speculative execute instruction 3 (mov) if it mispredicts the branch at 2 (ja). If this is undesirable, software should implement:

1:  cmp eax, [buffer_top]    ; compare eax (index) to upper bound

2:  ja out_of_bounds           ; if greater, index is too big

3:  and eax, $MASK            ; NEW: Mask array index

4:  mov ebx, [eax]              ; read buffer

Effect : In the second code sequence, the processor will mask the array index before the memory load constraining the range of addresses that can be speculatively loaded. For performance it is best if $MASK is an immediate value.

Applicability : All AMD processors. This mitigation works best for arrays that are power-of-2 sizes but can be used in all cases to limit the range of addresses that can be loaded.

Note : In the case of RET instructions, RIP values are predicted using a special hardware structure that tracks CALL and RET instructions called the return stack bu er. Other indirect branches (JMP, CALL) are predicted using a branch target bu er (BTB) structure. While the mechanism and structure of this buffer varies significantly across AMD processors, branch predictions in these structures can be controlled with software changes to mitigate variant 2 attacks.

[adrotate group=”1″]

 

AMD Spectre 2 Mitigation Options

AMD Spectre Mitigation V2-1

Target : Spectre 2 only

Technique : Convert indirect branches into a “retpoline”. Retpoline sequences are a software construct which allows indirect branches to be isolated from speculative execution. It uses properties of the return stack bu er (RSB) to control speculation. The RSB can be lled with safe targets on entry to a privileged mode and is per thread for SMT processors. So instead of

1: jmp *[eax] ; jump to address pointed to by EAX2:

To this:

1: call l5 ; keep return stack balanced

l2: pause ; keep speculation to a minimum

3:  lfence

4:  jmp l2

l5: add rsp, 8 ; assumes 64 bit stack

6:  push [eax] ; put true target on stack

7:  ret

and this 1: call *[eax] ;

To this:

1: jmp l9

l2:  call l6          ; keep return stack balanced

l3:  pause

4:  lfence           ; keep speculation to a minimum

5:  jmp l3

l6: add rsp, 8    ; assumes 64 bit stack

7:  push [eax]    ; put true target on stack

8:  ret

L9: call l2

Effect : This sequence controls the processor’s speculation to a safe known point. The performance impact is likely greater than V2-2 but more portable across the x86 architecture. Care needs to be taken for use outside of privileged mode where the RSB was not cleared on entry or the sequence can be interrupted. AMD processors do not put RET based predictions in BTB type structures.

Applicability : All AMD processors.

 

AMD Spectre Mitigation V2-2

Target : Spectre 2 only

Technique : Convert an indirect branch into a dispatch serializing instruction sequence where the load has nished before the branch is dispatched. For instance, change this code:

1: jmp *[eax]    ; jump to address pointed to by EAX2:

To this:

1:  mov eax, [eax]    ; load target address

2:  lfence                  ; dispatch serializing instruction

3:  jmp *eax

Effect : The processor will stop dispatching instructions until all older instructions have returned their results and are capable of being retired by the processor. At this point the branch target will be in the general purpose register (eax in this example) and available at dispatch for execution such that the speculative execution window is not large enough to be exploited.

Applicability : All AMD processors. AMD plans that this sequence will continue to work on future processors until support for other architectural means to control indirect branches are introduced.

 

AMD Spectre Mitigation V2-3

Target : Spectre 2 only

Technique : Execute a series of CALL instructions upon entering more privileged code to ll up the return address predictor.

Effect : The processor will only predict RET targets to the RIP values in the return address predictor, thus preventing attacker controlled RIP values from being predicted.

Applicability : All AMD processors. The size of the return address predictor varies by processor, all current AMD processors have a return address predictor with 32 entries or less. Future processors that have more than 32 RSB entries are planned to be architected to not require software intervention.

 

AMD Spectre Mitigation V2-4

Target : Spectre 2 only

Technique : An architectural mechanism, Indirect Branch Control (IBC), is being added to the x86 ISA to help software control branch prediction of jmp near indirect and call near indirect instructions. It consists of 3 features: Indirect Branch Prediction Barrier (IBPB), Indirect Branch Restricted Speculation (IBRS) and Single Thread Indirect Branch Predictors (STIBP).

Effect : These features give software another mechanism through architectural MSRs to provide mitigation for different variant 2 exploits.

IBPB – Places a barrier such that indirect branch predictions from earlier execution cannot in uence execution after the barrier.
IBRS – Restricts indirect branch speculation when set.
STIBP – Provides sibling thread protection on processors that require sibling indirect branch prediction protection

Applicability : As a new feature, these mechanism are available in only a limited number of current AMD processors and require a microcode patch. These 3 features are individually enumerated through CPUID and all processors do not support all features. These features also require software updates to write the MSR where appropriate.

Note : After a RIP value is predicted, the new RIP value is sent through a TLB and table walker pipeline before instruction bytes can be fetched and sent for execution.

Next Page > AMD Spectre 2 Hardware Mitigations

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

One thought on “The Complete AMD Spectre Mitigation Strategy Guide Rev. 2.0

  1. Pingback: Everything On The Meltdown + Spectre CPU Flaws! Rev. 2.0 - Tech ARP

Leave a ReplyCancel reply