From Tom's Hardware: It seems that AMD's issued patch for its Zen 1 "Division by zero" bug wasn't the end-all, be-all the company wanted it to be. While the company was fast in issuing a patch, there's now the suspicion that they might've been just a bit too fast: according to Michael Larabel with Phoronix, AMD Linux Engineer Borislav Petkov published a new patch that fixed an issue with the original solution (also published by him). It's just another datapoint on the difficulties of hardening against possible attack vectors.
The original bug related to how Zen 1 processed an integer calculation divided by 0 in certain circumstances: according to the findings, there was the possibility that AMD's CPU kept "stale quotient data" within its registers even after the operation was fully finished, which could give attackers a window to retrieve sensitive information. The original workaround was to perform a final "dummy division 0/1 before returning from the #DE exception handler". The idea is simple: whatever old data was still stored would be wiped upon the completion of the 0/1 division (whose result is always, well, zero).
The issue with that solution, as Petkov explained, was that by the time that security provision kicked in, the speculative execution attack would have already advanced too far: there would already be some amount of old data on AMD's divider, which the attackers could get at before the dummy division kicked in. As Petkov explained it, his new solution now forces that same division in a number of scenarios:
View: Full Article
