Is taking advantage of Uber drivers

Ryzen: AMD uses PCI drivers to manipulate CPU functions

Had on the weekend Alex IonescuReported on Twitter about an unexpected behavior of the PnP-PCI driver from AMD for systems with Ryzen processors, and the accusation of hidden performance tuning was quickly raised. As it turned out, this is probably not the case. AMD's approach remains questionable.

PnP PCI driver manipulates the CPU

As Ionescu found out, the PCI driver for Windows looks for 19 hashed processes (EXE files) that quickly turned out to be 19 games. If the driver detects one of the applications, it switches off certain functions via the model-specific register (MSR) of the CPU. With Ryzen 1000 (Zen 1, therefore probably also Ryzen 2000), certain functions in the cache for instructions (Op cache) are affected, with Ryzen 3000 (Zen 2) certain functions in the L1 and L2 cache are affected. On the other hand, the function does not seem to be available on Ryzen 5000.

Originally, Ionescu assumed that AMD would activate functions that are advantageous for performance and that could lead to instability in these 19 applications - that is, performance optimization is practically hidden using the PCI driver. In the meantime, however, he has corrected himself: The driver deactivates these functions, most likely to avoid stability problems.

The approach remains questionable

However, AMD's approach remains questionable: Neither the bit adapted by the driver in the MSR, nor the function in the driver is documented, so Ionescu. The fact that the driver has also received the WHQL certificate from Microsoft, although it performs completely different tasks in addition to its actual function in the background, is also criticized. Although the PCI driver should even achieve the goal pursued with WHQL of increasing system stability, the hidden function does not create trust in the functionality of the driver.

Another problem concerns security: the ioctl interface of the driver enabled Ionescu to crash the computer with just one line of code using PowerShell. In addition, it is possible to manipulate the list of processes monitored by the driver. AMD has not yet commented.

Crash a Ryzen system in single line of tweetable PowerShell:

(Get-NtFile \ Device \ NTPNP_PCI0031) .DeviceIoControl (0x9C402400, 5, 5)

Hey, AMD, If you're gonna twiddle magic MSR bits that control the instruction cache when playing certain video games, can you at least code properly

- Alex Ionescu (@aionescu) May 16, 2021
  • Jan-Frederik TimmEmailTwitter
    ... is a graduate engineer and has been writing on ComputerBase since 2001 about the latest hardware, macOS and Windows.