[GTALUG] AMD vs. Microsoft patches [was Re: Intel Meltdown Bug -- Conundrum For New Desktop PC Build Spec (to run debian Linux) -- Switch From Intel CPU To AMD CPU ??]

D. Hugh Redelmeier hugh at mimosa.com
Thu Jan 11 14:26:44 EST 2018

| From: D. Hugh Redelmeier via talk <talk at gtalug.org>

| | >And then there is the Spectre bug also lurking ...
| | 
| | Microsoft has stopped, temporarily, updating AMD due to poor documentation.
| | 
| | https://www.theverge.com/2018/1/9/16867068/microsoft-meltdown-spectre-security-updates-amd-pcs-issues>
| Thanks for this reference.  I hadn't seen that.
| Microsoft isn't too clear about their finger-pointing (that doesn't
| mean that they are wrong).  This notice isn't very clear:
| <https://support.microsoft.com/en-us/help/4073707/windows-os-security-update-block-for-some-amd-based-devices>
| - it would be really handy if they explained what "some" means.  Which
|   AMD-based devices are currently blocked
| - this run-on sentence might not mean what it is supposed to
| 	After investigating, Microsoft has determined that some AMD
| 	chipsets do not conform to the documentation previously
| 	provided to Microsoft to develop the Windows operating system
| 	mitigations to protect against the chipset vulnerabilities
| 	known as Spectre and Meltdown.
| - Spectre and Meltdown are different.  The fixes are different.
|   Preventing installation of the fixes for both is probably a mistake.
| To be honest, I don't understand why these mitigations involve a
| chipset at all.

The current best guess is that Microsoft forgot that early x86-64
machines did not have a CMPXCHG16B instruction.  So patch KB4056897
used it and crashed.

I base this on things referenced in the last paragraph of

Alternatively, the problem MIGHT be that the processor has the
instruction but that the chipset doesn't implement its part (lock?).

I have read that Win8.1 and later require CMPXCHG16B so these problems
are likely only showing up in Win 7 and Win 8 or perhaps even older

Is see the flag "cx16" in /proc/cpuid.  I bet that tells me my CPU has
the feature.


More information about the talk mailing list