From owner-freebsd-hackers@freebsd.org Wed Jul 10 09:52:58 2019 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F22A115D155D; Wed, 10 Jul 2019 09:52:57 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E17B28380A; Wed, 10 Jul 2019 09:52:56 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kib@localhost [127.0.0.1]) by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id x6A9qlS6089249 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Wed, 10 Jul 2019 12:52:51 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua x6A9qlS6089249 Received: (from kostik@localhost) by tom.home (8.15.2/8.15.2/Submit) id x6A9ql3D089248; Wed, 10 Jul 2019 12:52:47 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Wed, 10 Jul 2019 12:52:47 +0300 From: Konstantin Belousov To: "damian@damianek.be" Cc: freebsd-hackers@freebsd.org, freebsd-security@freebsd.org Subject: Re: FreeBSD mds mitigation. Message-ID: <20190710095247.GC47193@kib.kiev.ua> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.12.1 (2019-06-15) X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FREEMAIL_FROM, NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tom.home X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jul 2019 09:52:58 -0000 On Wed, Jul 10, 2019 at 09:06:31AM +0200, damian@damianek.be wrote: > Hello > > FreeBSD 11.2-RELEASE-p11 > CPU: Intel(R) Xeon(R) CPU E5-2640 v3 @ 2.60GHz (2594.05-MHz K8-class CPU) > > sysctl hw.mds_disable was set to 3 (Automatic VERW or Software selection), > HT disabled in BIOS, and i install manually latest CPU microcode from > https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/ > > I wonder why hw.mds_disable_state shows > hw.mds_disable_state: software Broadwell > instead VERW? > > sysctl hw.mds_disable=1 causes hw.mds_disable_state: VERW > > These automatic selection works correctly? No idea. How did you installed the microcode ? Was it loaded ? Show the dmesg output after the 'cpucontrol -e /dev/cpuctl0'.