FreeBSD mds mitigation.
Konstantin Belousov
kostikbel at gmail.com
Wed Jul 10 10:32:48 UTC 2019
On Wed, Jul 10, 2019 at 12:15:51PM +0200, damian at damianek.be wrote:
> śr., 10 lip 2019 o 11:52 Konstantin Belousov <kostikbel at gmail.com>
> napisał(a):
>
> > On Wed, Jul 10, 2019 at 09:06:31AM +0200, damian at damianek.be wrote:
> > > Hello
> > >
> > > FreeBSD 11.2-RELEASE-p11
> > > CPU: Intel(R) Xeon(R) CPU E5-2640 v3 @ 2.60GHz (2594.05-MHz K8-class CPU)
> > >
> > > sysctl hw.mds_disable was set to 3 (Automatic VERW or Software
> > selection),
> > > HT disabled in BIOS, and i install manually latest CPU microcode from
> > > https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/
> > >
> > > I wonder why hw.mds_disable_state shows
> > > hw.mds_disable_state: software Broadwell
> > > instead VERW?
> > >
> > > sysctl hw.mds_disable=1 causes hw.mds_disable_state: VERW
> > >
> > > These automatic selection works correctly?
> > No idea.
> >
> > How did you installed the microcode ? Was it loaded ?
> > Show the dmesg output after the 'cpucontrol -e /dev/cpuctl0'.
> >
>
> I install microcode in /usr/local/share/cpucontrol,
> load at boot.
>
> cpucontrol output:
>
> CPU: Intel(R) Xeon(R) CPU E5-2640 v3 @ 2.60GHz (2594.05-MHz K8-class CPU)
> Origin="GenuineIntel" Id=0x306f2 Family=0x6 Model=0x3f Stepping=2
>
> Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
>
> Features2=0x7ffefbff<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
> AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM>
> AMD Features2=0x21<LAHF,ABM>
> Structured Extended
> Features=0x37ab<FSGSBASE,TSCADJ,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,NFPUSG>
> Structured Extended Features3=0x9c000400<IBPB,STIBP,SSBD>
You clearly did not loaded microcode which implements MDS mitigation
assist. If you did, MD_CLEAR cap would be listed. More, your microcode
does not contain L1 data flush mitigation as well, which predated MDS.
> XSAVE Features=0x1<XSAVEOPT>
> VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID,VID,PostIntr
> TSC: P-state invariant, performance statistics
>
>
> --
> damian at damianek.be
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
More information about the freebsd-hackers
mailing list