From owner-freebsd-current@freebsd.org Mon Jun 26 01:22:06 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BB444D9E339 for ; Mon, 26 Jun 2017 01:22:06 +0000 (UTC) (envelope-from pete@nomadlogic.org) Received: from vps-mail.nomadlogic.org (unknown [IPv6:2607:f2f8:a098::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A5442845D3 for ; Mon, 26 Jun 2017 01:22:06 +0000 (UTC) (envelope-from pete@nomadlogic.org) Received: from [192.168.1.26] (cpe-23-242-94-236.socal.res.rr.com [23.242.94.236]) by vps-mail.nomadlogic.org (OpenSMTPD) with ESMTPSA id 74611906 TLS version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO for ; Sun, 25 Jun 2017 18:22:05 -0700 (PDT) Subject: Re: Skylake/Kabylake Intel Bug? To: freebsd-current@freebsd.org References: <595030E7.1030400@Wilcox-Tech.com> From: Pete Wright Message-ID: <06aeb24f-c725-52c8-5746-fca40c588a20@nomadlogic.org> Date: Sun, 25 Jun 2017 18:22:04 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: <595030E7.1030400@Wilcox-Tech.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jun 2017 01:22:06 -0000 On 06/25/2017 14:53, A. Wilcox wrote: > On 25/06/17 12:56, Pete Wright wrote: >> Came across this post today via HN regarding a issue with Hyperthreading >> causing unpredictable behavior on these CPU's >> >> https://lists.debian.org/debian-devel/2017/06/msg00308.html >> >> I really wish there was more info on this in the email, for example >> examples of programs being effected by this bug. Anywho - was wondering >> if any devs here had more info on this issue and could provide better >> context? >> >> Cheers, >> >> -pete >> > The linked OCaml issue goes quite in-depth with the mechanisms behind > this bug and the risks behind not patching the microcode: > > https://caml.inria.fr/mantis/view.php?id=7452 > > > Basically, if a HyperThreaded core is running a tight loop accessing > %rax and %ah (or %rbx and %bh, etc) in quick succession, on both threads > of the same physical core, it can corrupt/poison L1d cache. > > AIUI, OCaml manages to generate this code by manipulating tagged memory > addresses and the corresponding tag (the address is in %rax, and the tag > is at %ah). > > I'd really love to see if this affects write-through-no-allocate cache > or only write-behind, but I haven't seen any program besides OCaml > actually manage to get GCC to generate the insn pattern that is needed, > and I don't have a Skylake or Kaby Lake CPU to test with anyway. > > > Fun little hardware bug. > > > Hope this helps you, > --arw Thanks this is really helpful! From the dire warning of the debian thread I was worried this was a very easy to run into runtime issue. Certainly sounds pretty darn serious, but having context at least gives me something to keep any eye out for as a syadmin - this def seems like a potentially interesting attack surface (as most CPU bugs tend to be) :) i've got a couple effected CPUs that i use for dev purposes - might see if i can reproduce on my end just for shits and giggles. -p -- Pete Wright pete@nomadlogic.org @nomadlogicLA