Re: Skylake/Kabylake Intel Bug?

[Pete Wright]

On 06/25/2017 14:53, A. Wilcox wrote:

On 25/06/17 12:56, Pete Wright wrote:

Came across this post today via HN regarding a issue with Hyperthreading
causing unpredictable behavior on these CPU's

https://lists.debian.org/debian-devel/2017/06/msg00308.html

I really wish there was more info on this in the email, for example
examples of programs being effected by this bug.  Anywho - was wondering
if any devs here had more info on this issue and could provide better
context?

Cheers,

-pete


The linked OCaml issue goes quite in-depth with the mechanisms behind
this bug and the risks behind not patching the microcode:

https://caml.inria.fr/mantis/view.php?id=7452


Basically, if a HyperThreaded core is running a tight loop accessing
%rax and %ah (or %rbx and %bh, etc) in quick succession, on both threads
of the same physical core, it can corrupt/poison L1d cache.

AIUI, OCaml manages to generate this code by manipulating tagged memory
addresses and the corresponding tag (the address is in %rax, and the tag
is at %ah).

I'd really love to see if this affects write-through-no-allocate cache
or only write-behind, but I haven't seen any program besides OCaml
actually manage to get GCC to generate the insn pattern that is needed,
and I don't have a Skylake or Kaby Lake CPU to test with anyway.


Fun little hardware bug.


Hope this helps you,
--arw


Thanks this is really helpful!  From the dire warning of the debian 
thread I was worried this was a very easy to run into runtime issue.  
Certainly sounds pretty darn serious, but having context at least gives 
me something to keep any eye out for as a syadmin - this def seems like 
a potentially interesting attack surface (as most CPU bugs tend to be) :)


i've got a couple effected CPUs that i use for dev purposes - might see 
if i can reproduce on my end just for shits and giggles.


-p

--
Pete Wright
p...@nomadlogic.org
@nomadlogicLA

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: Skylake/Kabylake Intel Bug?

[A. Wilcox]

On 25/06/17 12:56, Pete Wright wrote:
> Came across this post today via HN regarding a issue with Hyperthreading
> causing unpredictable behavior on these CPU's
> 
> https://lists.debian.org/debian-devel/2017/06/msg00308.html
> 
> I really wish there was more info on this in the email, for example
> examples of programs being effected by this bug.  Anywho - was wondering
> if any devs here had more info on this issue and could provide better
> context?
> 
> Cheers,
> 
> -pete
> 

The linked OCaml issue goes quite in-depth with the mechanisms behind
this bug and the risks behind not patching the microcode:

https://caml.inria.fr/mantis/view.php?id=7452


Basically, if a HyperThreaded core is running a tight loop accessing
%rax and %ah (or %rbx and %bh, etc) in quick succession, on both threads
of the same physical core, it can corrupt/poison L1d cache.

AIUI, OCaml manages to generate this code by manipulating tagged memory
addresses and the corresponding tag (the address is in %rax, and the tag
is at %ah).

I'd really love to see if this affects write-through-no-allocate cache
or only write-behind, but I haven't seen any program besides OCaml
actually manage to get GCC to generate the insn pattern that is needed,
and I don't have a Skylake or Kaby Lake CPU to test with anyway.


Fun little hardware bug.


Hope this helps you,
--arw

-- 
A. Wilcox (awilfox)
Open-source programmer (C, C++, Python)
https://code.foxkit.us/u/awilfox/



signature.asc
Description: OpenPGP digital signature