Today's Patch Tuesday helps harden AMD CPUs against Spectre

Today is April's Patch Tuesday for Microsoft operating systems, and AMD CPU owners will want to fire up Windows Update as soon as possible. This round of patching includes operating-system-level mitigations for Spectre Variant 2, also known as CVE-2017-5715, on at least some AMD processors running Windows 10. The update exposes control over the Indirect Branch Prediction Barrier, or IBPB, within AMD CPUs that support the feature. According to AMD's latest security white paper, using the IBPB is the company's recommended mitigation for Spectre Variant 2.

While its CPUs do support other methods of controlling the behavior of the branch predictor in response to past predictions (a special bit indicating Indirect Branch Restricted Spectulation, or IBRS) and in response to sibling threads on a processor (a bit indicating Single Thread Indirect Branch Predictor, or STIBP), AMD does not recommend employing those methods as "performant" mitigations against Spectre.

Downloading operating system updates isn't enough to protect affected systems, either. AMD says that owners of its products will need to check OEM websites or motherboard partner websites for firmware updates that mitigate the vulnerability, as well. We were able to fully patch one of our Ryzen systems this way, and quick benchmarks suggest that any performance impact is minor—about 3% or so for the Javascript benchmarks we use as a gauge of day-to-day performance impacts. That's in line with our results for Spectre mitigations on recent Intel systems. In fact, the impact appears to be less severe on Ryzen CPUs overall.

Despite the update for AMD's CPUs, today's Patch Tuesday doesn't mark broader availability of Intel microcode updates through Microsoft's update catalog. The list of Intel CPUs with Spectre microcode updates available through Microsoft remains the same as it has been for the past few weeks. Users with CPUs older than Skylake still need to hope for OEM or motherboard firmware updates. Whether that's a side effect of Microsoft's support policy for Windows 10 or some broader clog in the pipe for older CPUs remains to be seen, but as a user of a Haswell desktop, I remain hopeful that microcode for my system will eventually be made available—somehow.

Tip: You can use the A/Z keys to walk threads.
View options