Date: Wed, 10 Jul 2019 13:32:38 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: "damian@damianek.be" <damian@damianek.be> Cc: freebsd-hackers@freebsd.org Subject: Re: FreeBSD mds mitigation. Message-ID: <20190710103238.GD47193@kib.kiev.ua> In-Reply-To: <CA%2B6J3veBFdeTbeeQ_9EZo4L36A0cMREQjab8E6Z1LgNAvJAZ1Q@mail.gmail.com> References: <CA%2B6J3vcK_FxBbnx%2Bzyo3kFr3dB2LF5C4qQoiH5=bMd04aTjzKQ@mail.gmail.com> <20190710095247.GC47193@kib.kiev.ua> <CA%2B6J3veBFdeTbeeQ_9EZo4L36A0cMREQjab8E6Z1LgNAvJAZ1Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 10, 2019 at 12:15:51PM +0200, damian@damianek.be wrote: > śr., 10 lip 2019 o 11:52 Konstantin Belousov <kostikbel@gmail.com> > napisał(a): > > > On Wed, Jul 10, 2019 at 09:06:31AM +0200, damian@damianek.be wrote: > > > Hello > > > > > > FreeBSD 11.2-RELEASE-p11 > > > CPU: Intel(R) Xeon(R) CPU E5-2640 v3 @ 2.60GHz (2594.05-MHz K8-class CPU) > > > > > > sysctl hw.mds_disable was set to 3 (Automatic VERW or Software > > selection), > > > HT disabled in BIOS, and i install manually latest CPU microcode from > > > https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/ > > > > > > I wonder why hw.mds_disable_state shows > > > hw.mds_disable_state: software Broadwell > > > instead VERW? > > > > > > sysctl hw.mds_disable=1 causes hw.mds_disable_state: VERW > > > > > > These automatic selection works correctly? > > No idea. > > > > How did you installed the microcode ? Was it loaded ? > > Show the dmesg output after the 'cpucontrol -e /dev/cpuctl0'. > > > > I install microcode in /usr/local/share/cpucontrol, > load at boot. > > cpucontrol output: > > CPU: Intel(R) Xeon(R) CPU E5-2640 v3 @ 2.60GHz (2594.05-MHz K8-class CPU) > Origin="GenuineIntel" Id=0x306f2 Family=0x6 Model=0x3f Stepping=2 > > Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE> > > Features2=0x7ffefbff<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND> > AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM> > AMD Features2=0x21<LAHF,ABM> > Structured Extended > Features=0x37ab<FSGSBASE,TSCADJ,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,NFPUSG> > Structured Extended Features3=0x9c000400<IBPB,STIBP,SSBD> You clearly did not loaded microcode which implements MDS mitigation assist. If you did, MD_CLEAR cap would be listed. More, your microcode does not contain L1 data flush mitigation as well, which predated MDS. > XSAVE Features=0x1<XSAVEOPT> > VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID,VID,PostIntr > TSC: P-state invariant, performance statistics > > > -- > damian@damianek.be > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190710103238.GD47193>