Meltdown workaround enabled?

classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

Meltdown workaround enabled?

Brian Camp
I have two systems running 6.2-stable with the meltdown syspatch
installed. I noticed that while one of them lists "MELTDOWN" in the
CPU flags, the other does not. The one that does not has a Celeron
J3455, which Intel lists as affected by meltdown.

Does the absence of the MELTDOWN flag mean that the workaround isn't
functioning on this machine? Dmesg below.


Thanks

-Brian



OpenBSD 6.2 (GENERIC.MP) #6: Wed Feb 28 21:13:02 CET 2018
    [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8411357184 (8021MB)
avail mem = 8149352448 (7771MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x79aa1000 (51 entries)
bios0: vendor Intel Corp. version "AYAPLCEL.86A.0047.2018.0108.1419"
date 01/08/2018
bios0: Intel Corporation NUC6CAYH
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP FPDT FIDT MCFG DBG2 DBGP HPET LPIT APIC NPKT
PRAM WSMT SSDT SSDT SSDT SSDT SSDT SSDT SSDT UEFI TPM2 SSDT DMAR WDAT
NHLT
acpi0: wakeup devices SIO1(S3) HDAS(S3) XHC_(S4) XDCI(S4) BRCM(S0)
PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4)
RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpihpet0 at acpi0: 19200000 Hz
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1497.60 MHz
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: TSC frequency 1497600000 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 19MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1497.60 MHz
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1497.60 MHz
cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT
cpu2: 1MB 64b/line 16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1497.60 MHz
cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT
cpu3: 1MB 64b/line 16-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 120 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (RP01)
acpiprt2 at acpi0: bus -1 (RP02)
acpiprt3 at acpi0: bus 1 (RP03)
acpiprt4 at acpi0: bus 2 (RP04)
acpiprt5 at acpi0: bus 3 (RP05)
acpiprt6 at acpi0: bus -1 (RP06)
acpiec0 at acpi0
acpicpu0 at acpi0: C1(@1 halt!), PSS
acpicpu1 at acpi0: C1(@1 halt!), PSS
acpicpu2 at acpi0: C1(@1 halt!), PSS
acpicpu3 at acpi0: C1(@1 halt!), PSS
acpipwrres0 at acpi0: FN00, resource for FAN0
acpitz0 at acpi0: critical temperature is 100 degC
"ITE8708" at acpi0 not configured
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: SLPB
"INT3452" at acpi0 not configured
"INT3452" at acpi0 not configured
"INT3452" at acpi0 not configured
"INT3452" at acpi0 not configured
"INT33A1" at acpi0 not configured
"MSFT0101" at acpi0 not configured
"INT3398" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD1F
cpu0: Enhanced SpeedStep 1497 MHz: speeds: 1501, 1500, 1400, 1300,
1200, 1100, 1000, 900, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 vendor "Intel", unknown product 0x5af0 rev 0x0b
inteldrm0 at pci0 dev 2 function 0 vendor "Intel", unknown product
0x5a85 rev 0x0b
drm0 at inteldrm0
inteldrm0: msi
error: [drm:pid0:i915_firmware_load_error_print] *ERROR* failed to
load firmware i915/bxt_dmc_ver1.bin (-22)
error: [drm:pid0:i915_gem_init_hw] *ERROR* Failed to initialize GuC,
error -8 (ignored)
inteldrm0: 1024x768, 32bpp
Unclaimed register detected after writing to register 0x68980
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
azalia0 at pci0 dev 14 function 0 vendor "Intel", unknown product
0x5a98 rev 0x0b: msi
azalia0: codecs: Realtek/0x0283, 0x0000/0x0000, using Realtek/0x0283
audio0 at azalia0
vendor "Intel", unknown product 0x5a9a (class communications subclass
miscellaneous, rev 0x0b) at pci0 dev 15 function 0 not configured
vendor "Intel", unknown product 0x5a9c (class communications subclass
miscellaneous, rev 0x0b) at pci0 dev 15 function 1 not configured
vendor "Intel", unknown product 0x5a9e (class communications subclass
miscellaneous, rev 0x0b) at pci0 dev 15 function 2 not configured
ahci0 at pci0 dev 18 function 0 vendor "Intel", unknown product 0x5ae3
rev 0x0b: msi, AHCI 1.3.1
ahci0: port 0: 6.0Gb/s
ahci0: PHY offline on port 1
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: <ATA, Samsung SSD 850, EMT0> SCSI3
0/direct fixed naa.5002538d42311cde
sd0: 238475MB, 512 bytes/sector, 488397168 sectors, thin
ppb0 at pci0 dev 19 function 0 vendor "Intel", unknown product 0x5ad8
rev 0xfb: msi
pci1 at ppb0 bus 1
rtsx0 at pci1 dev 0 function 0 "Realtek RTS5229 Card Reader" rev 0x01: msi
sdmmc0 at rtsx0: 4-bit
ppb1 at pci0 dev 19 function 1 vendor "Intel", unknown product 0x5ad9
rev 0xfb: msi
pci2 at ppb1 bus 2
iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless-AC 3168" rev 0x10, msi
ppb2 at pci0 dev 19 function 2 vendor "Intel", unknown product 0x5ada
rev 0xfb: msi
pci3 at ppb2 bus 3
re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x15: RTL8168H/8111H
(0x5400), msi, address 94:c6:91:19:ab:cb
rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0
xhci0 at pci0 dev 21 function 0 vendor "Intel", unknown product 0x5aa8
rev 0x0b: msi
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev
3.00/1.00 addr 1
vendor "Intel", unknown product 0x5aac (class DASP subclass
miscellaneous, rev 0x0b) at pci0 dev 22 function 0 not configured
vendor "Intel", unknown product 0x5abc (class DASP subclass
miscellaneous, rev 0x0b) at pci0 dev 24 function 0 not configured
vendor "Intel", unknown product 0x5ac2 (class DASP subclass
miscellaneous, rev 0x0b) at pci0 dev 25 function 0 not configured
vendor "Intel", unknown product 0x5ac4 (class DASP subclass
miscellaneous, rev 0x0b) at pci0 dev 25 function 1 not configured
vendor "Intel", unknown product 0x5ac6 (class DASP subclass
miscellaneous, rev 0x0b) at pci0 dev 25 function 2 not configured
vendor "Intel", unknown product 0x5ac8 (class serial bus unknown
subclass 0x80, rev 0x0b) at pci0 dev 26 function 0 not configured
pcib0 at pci0 dev 31 function 0 vendor "Intel", unknown product 0x5ae8 rev 0x0b
vendor "Intel", unknown product 0x5ad4 (class serial bus subclass
SMBus, rev 0x0b) at pci0 dev 31 function 1 not configured
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: probed fifo depth: 0 bytes
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vmm0 at mainbus0: VMX/EPT
ugen0 at uhub0 port 8 "Intel product 0x0aa7" rev 2.00/0.01 addr 2
umass0 at uhub0 port 11 configuration 1 interface 0 "Western Digital
Elements 25A1" rev 3.00/10.12 addr 3
umass0: using SCSI over Bulk-Only
scsibus2 at umass0: 2 targets, initiator 0
sd1 at scsibus2 targ 1 lun 0: <WD, Elements 25A1, 1012> SCSI4 0/direct
fixed serial.105825a1373246463836
sd1: 1907697MB, 512 bytes/sector, 3906963456 sectors
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (9a58ed54be73f69d.a) swap on sd0b dump on sd0b
iwm0: hw rev 0x220, fw ver 22.361476.0, address 40:a3:cc:a4:83:d2
sd2 at scsibus4 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006> SCSI2 0/direct fixed
sd2: 183459MB, 512 bytes/sector, 375725649 sectors
sd3 at scsibus4 targ 2 lun 0: <OPENBSD, SR CRYPTO, 006> SCSI2 0/direct fixed
sd3: 1907694MB, 512 bytes/sector, 3906959213 sectors

Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Mike Larkin
On Sun, Mar 11, 2018 at 04:33:49PM -0500, Brian Camp wrote:

> I have two systems running 6.2-stable with the meltdown syspatch
> installed. I noticed that while one of them lists "MELTDOWN" in the
> CPU flags, the other does not. The one that does not has a Celeron
> J3455, which Intel lists as affected by meltdown.
>
> Does the absence of the MELTDOWN flag mean that the workaround isn't
> functioning on this machine? Dmesg below.
>
>
> Thanks
>
> -Brian
>

Odd. Two of us have looked at the detection code again and we can't see any
issues. Can you please do the following to help diagnose?

1. install the "cpuid" port package?

 pkg_add cpuid

2. send the output of:

 cpuid 0x0
 cpuid 0x7

On each of the two machines? (Make sure to say which is the working one
and which is the one where meltdown isn't properly being detected).

Thanks.

-ml

>
>
> OpenBSD 6.2 (GENERIC.MP) #6: Wed Feb 28 21:13:02 CET 2018
>     [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 8411357184 (8021MB)
> avail mem = 8149352448 (7771MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x79aa1000 (51 entries)
> bios0: vendor Intel Corp. version "AYAPLCEL.86A.0047.2018.0108.1419"
> date 01/08/2018
> bios0: Intel Corporation NUC6CAYH
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP FPDT FIDT MCFG DBG2 DBGP HPET LPIT APIC NPKT
> PRAM WSMT SSDT SSDT SSDT SSDT SSDT SSDT SSDT UEFI TPM2 SSDT DMAR WDAT
> NHLT
> acpi0: wakeup devices SIO1(S3) HDAS(S3) XHC_(S4) XDCI(S4) BRCM(S0)
> PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4)
> RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) [...]
> acpitimer0 at acpi0: 3579545 Hz, 32 bits
> acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
> acpihpet0 at acpi0: 19200000 Hz
> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1497.60 MHz
> cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT
> cpu0: 1MB 64b/line 16-way L2 cache
> cpu0: TSC frequency 1497600000 Hz
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 19MHz
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1497.60 MHz
> cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT
> cpu1: 1MB 64b/line 16-way L2 cache
> cpu1: smt 0, core 1, package 0
> cpu2 at mainbus0: apid 4 (application processor)
> cpu2: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1497.60 MHz
> cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT
> cpu2: 1MB 64b/line 16-way L2 cache
> cpu2: smt 0, core 2, package 0
> cpu3 at mainbus0: apid 6 (application processor)
> cpu3: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1497.60 MHz
> cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT
> cpu3: 1MB 64b/line 16-way L2 cache
> cpu3: smt 0, core 3, package 0
> ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 120 pins
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (RP01)
> acpiprt2 at acpi0: bus -1 (RP02)
> acpiprt3 at acpi0: bus 1 (RP03)
> acpiprt4 at acpi0: bus 2 (RP04)
> acpiprt5 at acpi0: bus 3 (RP05)
> acpiprt6 at acpi0: bus -1 (RP06)
> acpiec0 at acpi0
> acpicpu0 at acpi0: C1(@1 halt!), PSS
> acpicpu1 at acpi0: C1(@1 halt!), PSS
> acpicpu2 at acpi0: C1(@1 halt!), PSS
> acpicpu3 at acpi0: C1(@1 halt!), PSS
> acpipwrres0 at acpi0: FN00, resource for FAN0
> acpitz0 at acpi0: critical temperature is 100 degC
> "ITE8708" at acpi0 not configured
> acpibtn0 at acpi0: PWRB
> acpibtn1 at acpi0: SLPB
> "INT3452" at acpi0 not configured
> "INT3452" at acpi0 not configured
> "INT3452" at acpi0 not configured
> "INT3452" at acpi0 not configured
> "INT33A1" at acpi0 not configured
> "MSFT0101" at acpi0 not configured
> "INT3398" at acpi0 not configured
> "PNP0C0B" at acpi0 not configured
> "PNP0C14" at acpi0 not configured
> acpivideo0 at acpi0: GFX0
> acpivout0 at acpivideo0: DD1F
> cpu0: Enhanced SpeedStep 1497 MHz: speeds: 1501, 1500, 1400, 1300,
> 1200, 1100, 1000, 900, 800 MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 vendor "Intel", unknown product 0x5af0 rev 0x0b
> inteldrm0 at pci0 dev 2 function 0 vendor "Intel", unknown product
> 0x5a85 rev 0x0b
> drm0 at inteldrm0
> inteldrm0: msi
> error: [drm:pid0:i915_firmware_load_error_print] *ERROR* failed to
> load firmware i915/bxt_dmc_ver1.bin (-22)
> error: [drm:pid0:i915_gem_init_hw] *ERROR* Failed to initialize GuC,
> error -8 (ignored)
> inteldrm0: 1024x768, 32bpp
> Unclaimed register detected after writing to register 0x68980
> wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
> wsdisplay0: screen 1-5 added (std, vt100 emulation)
> azalia0 at pci0 dev 14 function 0 vendor "Intel", unknown product
> 0x5a98 rev 0x0b: msi
> azalia0: codecs: Realtek/0x0283, 0x0000/0x0000, using Realtek/0x0283
> audio0 at azalia0
> vendor "Intel", unknown product 0x5a9a (class communications subclass
> miscellaneous, rev 0x0b) at pci0 dev 15 function 0 not configured
> vendor "Intel", unknown product 0x5a9c (class communications subclass
> miscellaneous, rev 0x0b) at pci0 dev 15 function 1 not configured
> vendor "Intel", unknown product 0x5a9e (class communications subclass
> miscellaneous, rev 0x0b) at pci0 dev 15 function 2 not configured
> ahci0 at pci0 dev 18 function 0 vendor "Intel", unknown product 0x5ae3
> rev 0x0b: msi, AHCI 1.3.1
> ahci0: port 0: 6.0Gb/s
> ahci0: PHY offline on port 1
> scsibus1 at ahci0: 32 targets
> sd0 at scsibus1 targ 0 lun 0: <ATA, Samsung SSD 850, EMT0> SCSI3
> 0/direct fixed naa.5002538d42311cde
> sd0: 238475MB, 512 bytes/sector, 488397168 sectors, thin
> ppb0 at pci0 dev 19 function 0 vendor "Intel", unknown product 0x5ad8
> rev 0xfb: msi
> pci1 at ppb0 bus 1
> rtsx0 at pci1 dev 0 function 0 "Realtek RTS5229 Card Reader" rev 0x01: msi
> sdmmc0 at rtsx0: 4-bit
> ppb1 at pci0 dev 19 function 1 vendor "Intel", unknown product 0x5ad9
> rev 0xfb: msi
> pci2 at ppb1 bus 2
> iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless-AC 3168" rev 0x10, msi
> ppb2 at pci0 dev 19 function 2 vendor "Intel", unknown product 0x5ada
> rev 0xfb: msi
> pci3 at ppb2 bus 3
> re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x15: RTL8168H/8111H
> (0x5400), msi, address 94:c6:91:19:ab:cb
> rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0
> xhci0 at pci0 dev 21 function 0 vendor "Intel", unknown product 0x5aa8
> rev 0x0b: msi
> usb0 at xhci0: USB revision 3.0
> uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev
> 3.00/1.00 addr 1
> vendor "Intel", unknown product 0x5aac (class DASP subclass
> miscellaneous, rev 0x0b) at pci0 dev 22 function 0 not configured
> vendor "Intel", unknown product 0x5abc (class DASP subclass
> miscellaneous, rev 0x0b) at pci0 dev 24 function 0 not configured
> vendor "Intel", unknown product 0x5ac2 (class DASP subclass
> miscellaneous, rev 0x0b) at pci0 dev 25 function 0 not configured
> vendor "Intel", unknown product 0x5ac4 (class DASP subclass
> miscellaneous, rev 0x0b) at pci0 dev 25 function 1 not configured
> vendor "Intel", unknown product 0x5ac6 (class DASP subclass
> miscellaneous, rev 0x0b) at pci0 dev 25 function 2 not configured
> vendor "Intel", unknown product 0x5ac8 (class serial bus unknown
> subclass 0x80, rev 0x0b) at pci0 dev 26 function 0 not configured
> pcib0 at pci0 dev 31 function 0 vendor "Intel", unknown product 0x5ae8 rev 0x0b
> vendor "Intel", unknown product 0x5ad4 (class serial bus subclass
> SMBus, rev 0x0b) at pci0 dev 31 function 1 not configured
> isa0 at pcib0
> isadma0 at isa0
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> com0: probed fifo depth: 0 bytes
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> vmm0 at mainbus0: VMX/EPT
> ugen0 at uhub0 port 8 "Intel product 0x0aa7" rev 2.00/0.01 addr 2
> umass0 at uhub0 port 11 configuration 1 interface 0 "Western Digital
> Elements 25A1" rev 3.00/10.12 addr 3
> umass0: using SCSI over Bulk-Only
> scsibus2 at umass0: 2 targets, initiator 0
> sd1 at scsibus2 targ 1 lun 0: <WD, Elements 25A1, 1012> SCSI4 0/direct
> fixed serial.105825a1373246463836
> sd1: 1907697MB, 512 bytes/sector, 3906963456 sectors
> vscsi0 at root
> scsibus3 at vscsi0: 256 targets
> softraid0 at root
> scsibus4 at softraid0: 256 targets
> root on sd0a (9a58ed54be73f69d.a) swap on sd0b dump on sd0b
> iwm0: hw rev 0x220, fw ver 22.361476.0, address 40:a3:cc:a4:83:d2
> sd2 at scsibus4 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006> SCSI2 0/direct fixed
> sd2: 183459MB, 512 bytes/sector, 375725649 sectors
> sd3 at scsibus4 targ 2 lun 0: <OPENBSD, SR CRYPTO, 006> SCSI2 0/direct fixed
> sd3: 1907694MB, 512 bytes/sector, 3906959213 sectors
>

Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Brian Camp
On Tue, Mar 13, 2018 at 2:29 AM, Mike Larkin <[hidden email]> wrote:

> On Sun, Mar 11, 2018 at 04:33:49PM -0500, Brian Camp wrote:
>> I have two systems running 6.2-stable with the meltdown syspatch
>> installed. I noticed that while one of them lists "MELTDOWN" in the
>> CPU flags, the other does not. The one that does not has a Celeron
>> J3455, which Intel lists as affected by meltdown.
>>
>> Does the absence of the MELTDOWN flag mean that the workaround isn't
>> functioning on this machine? Dmesg below.
>>
>>
>> Thanks
>>
>> -Brian
>>
>
> Odd. Two of us have looked at the detection code again and we can't see any
> issues. Can you please do the following to help diagnose?
>
> 1. install the "cpuid" port package?
>
>  pkg_add cpuid
>
> 2. send the output of:
>
>  cpuid 0x0
>  cpuid 0x7
>
> On each of the two machines? (Make sure to say which is the working one
> and which is the one where meltdown isn't properly being detected).
>
> Thanks.
>
> -ml

Sure thing.

Working (i5-4690) -

bcamp@z97x-sli:~ (OpenBSD 6.2)
$ cpuid 0x0
eax = 0x0000000d            13    "????"
ebx = 0x756e6547    1970169159    "Genu"
ecx = 0x6c65746e    1818588270    "ntel"
edx = 0x49656e69    1231384169    "ineI"
bcamp@z97x-sli:~ (OpenBSD 6.2)
$ cpuid 0x7
eax = 0x00000000             0    "????"
ebx = 0x000027ab         10155    "?'??"
ecx = 0x00000000             0    "????"
edx = 0x00000000             0    "????"
bcamp@z97x-sli:~ (OpenBSD 6.2)
$

Non-working (Celeron J3455) -

bcamp@nuc6cayh:~ (OpenBSD 6.2)
$ cpuid 0x0
eax = 0x00000015            21    "????"
ebx = 0x756e6547    1970169159    "Genu"
ecx = 0x6c65746e    1818588270    "ntel"
edx = 0x49656e69    1231384169    "ineI"
bcamp@nuc6cayh:~ (OpenBSD 6.2)
$ cpuid 0x7
eax = 0x00000000             0    "????"
ebx = 0x2294e283     580182659    "???""
ecx = 0x00000000             0    "????"
edx = 0x2c000000     738197504    "???,"
bcamp@nuc6cayh:~ (OpenBSD 6.2)
$


-Brian

Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Christian Weisgerber
On 2018-03-13, Brian Camp <[hidden email]> wrote:

> Non-working (Celeron J3455) -
>
> bcamp@nuc6cayh:~ (OpenBSD 6.2)
> $ cpuid 0x0
> eax = 0x00000015            21    "????"
> ebx = 0x756e6547    1970169159    "Genu"
> ecx = 0x6c65746e    1818588270    "ntel"
> edx = 0x49656e69    1231384169    "ineI"
> bcamp@nuc6cayh:~ (OpenBSD 6.2)
> $ cpuid 0x7
> eax = 0x00000000             0    "????"
> ebx = 0x2294e283     580182659    "???""
> ecx = 0x00000000             0    "????"
> edx = 0x2c000000     738197504    "???,"
          ^

It appears the CPU explicitly claims that it is not vulnerable to
Meltdown, i.e., it indicates that it has support for the
IA32_ARCH_CAPABILITIES register and there the RDCL_NO bit must be
set.

I find this surprising.

--
Christian "naddy" Weisgerber                          [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Mike Larkin
In reply to this post by Brian Camp
On Tue, Mar 13, 2018 at 08:27:49AM -0500, Brian Camp wrote:

> On Tue, Mar 13, 2018 at 2:29 AM, Mike Larkin <[hidden email]> wrote:
> > On Sun, Mar 11, 2018 at 04:33:49PM -0500, Brian Camp wrote:
> >> I have two systems running 6.2-stable with the meltdown syspatch
> >> installed. I noticed that while one of them lists "MELTDOWN" in the
> >> CPU flags, the other does not. The one that does not has a Celeron
> >> J3455, which Intel lists as affected by meltdown.
> >>
> >> Does the absence of the MELTDOWN flag mean that the workaround isn't
> >> functioning on this machine? Dmesg below.
> >>
> >>
> >> Thanks
> >>
> >> -Brian
> >>
> >
> > Odd. Two of us have looked at the detection code again and we can't see any
> > issues. Can you please do the following to help diagnose?
> >
> > 1. install the "cpuid" port package?
> >
> >  pkg_add cpuid
> >
> > 2. send the output of:
> >
> >  cpuid 0x0
> >  cpuid 0x7
> >
> > On each of the two machines? (Make sure to say which is the working one
> > and which is the one where meltdown isn't properly being detected).
> >
> > Thanks.
> >
> > -ml
>
> Sure thing.
>
> Working (i5-4690) -
>
> bcamp@z97x-sli:~ (OpenBSD 6.2)
> $ cpuid 0x0
> eax = 0x0000000d            13    "????"
> ebx = 0x756e6547    1970169159    "Genu"
> ecx = 0x6c65746e    1818588270    "ntel"
> edx = 0x49656e69    1231384169    "ineI"
> bcamp@z97x-sli:~ (OpenBSD 6.2)
> $ cpuid 0x7
> eax = 0x00000000             0    "????"
> ebx = 0x000027ab         10155    "?'??"
> ecx = 0x00000000             0    "????"
> edx = 0x00000000             0    "????"
> bcamp@z97x-sli:~ (OpenBSD 6.2)
> $
>
> Non-working (Celeron J3455) -
>
> bcamp@nuc6cayh:~ (OpenBSD 6.2)
> $ cpuid 0x0
> eax = 0x00000015            21    "????"
> ebx = 0x756e6547    1970169159    "Genu"
> ecx = 0x6c65746e    1818588270    "ntel"
> edx = 0x49656e69    1231384169    "ineI"
> bcamp@nuc6cayh:~ (OpenBSD 6.2)
> $ cpuid 0x7
> eax = 0x00000000             0    "????"
> ebx = 0x2294e283     580182659    "???""
> ecx = 0x00000000             0    "????"
> edx = 0x2c000000     738197504    "???,"
> bcamp@nuc6cayh:~ (OpenBSD 6.2)
> $
>
>
> -Brian
>

As naddy@ pointed out in the earlier reply, this behaviour indicates that for
some reason your CPU is saying it's not vulnerable. The 0x2c in edx for cpuid
0x7 in the J3455 case in your mail indicates the firmware (bios) says that
the IA32_ARCH_CAPABILITIES MSR is available. We read that and if bit 1 is set,
it means the CPU is not susceptible to "RDCL" (RDCL_NO = not susceptible to
"Rogue Data Cache Load" ala Meltdown).

Can you apply this diff and boot the J3455 machine and send the boot dmesg
after applying it (apply to -current, please). This caches what answer we saw
during boot and will tell us if the CPU is reporting garbage there.

You don't need to run this on the other machine.

-ml

PS - you might also try looking for a newer BIOS, although this machine BIOS is
listed as 08 Jan 2018, it's possible that was applied during that short
period where Intel was releasing broken firmware updates. I'd appreciate it
however if you booted with the diff below, first, before trying that.

Index: amd64/identcpu.c
===================================================================
RCS file: /cvs/src/sys/arch/amd64/amd64/identcpu.c,v
retrieving revision 1.95
diff -u -p -a -u -r1.95 identcpu.c
--- amd64/identcpu.c 21 Feb 2018 19:24:15 -0000 1.95
+++ amd64/identcpu.c 13 Mar 2018 20:32:22 -0000
@@ -456,7 +456,7 @@ identifycpu(struct cpu_info *ci)
  int i;
  char *brandstr_from, *brandstr_to;
  int skipspace;
- extern uint32_t cpu_meltdown;
+ extern uint32_t cpu_meltdown, cpu_archcap;
 
  CPUID(1, ci->ci_signature, val, dummy, ci->ci_feature_flags);
  CPUID(0x80000000, ci->ci_pnfeatset, dummy, dummy, dummy);
@@ -616,6 +616,9 @@ identifycpu(struct cpu_info *ci)
 
  if (cpu_meltdown)
  printf(",MELTDOWN");
+
+ if (cpu_archcap)
+ printf("(arch cap=0x%x)", cpu_archcap);
 
  printf("\n");
 
Index: amd64/locore.S
===================================================================
RCS file: /cvs/src/sys/arch/amd64/amd64/locore.S,v
retrieving revision 1.94
diff -u -p -a -u -r1.94 locore.S
--- amd64/locore.S 21 Feb 2018 19:24:15 -0000 1.94
+++ amd64/locore.S 13 Mar 2018 20:28:15 -0000
@@ -178,6 +178,7 @@ _C_LABEL(lapic_isr):
  .globl _C_LABEL(pg_nx)
  .globl _C_LABEL(pg_g_kern)
  .globl _C_LABEL(cpu_meltdown)
+ .globl _C_LABEL(cpu_archcap)
 _C_LABEL(cpu_id): .long 0 # saved from `cpuid' instruction
 _C_LABEL(cpu_feature): .long 0 # feature flags from 'cpuid'
  #   instruction
@@ -214,6 +215,7 @@ _C_LABEL(pg_g_kern): .quad 0 # 0x100 if
  # in kernel mappings, 0 otherwise (for
  # insecure CPUs)
 _C_LABEL(cpu_meltdown): .long 0 # 1 if this CPU has Meltdown
+_C_LABEL(cpu_archcap): .long 0 # cached MSR IA32_ARCH_CAPABILITIES.eax
 
 #define _RELOC(x) ((x) - KERNBASE)
 #define RELOC(x) _RELOC(_C_LABEL(x))
Index: amd64/locore0.S
===================================================================
RCS file: /cvs/src/sys/arch/amd64/amd64/locore0.S,v
retrieving revision 1.7
diff -u -p -a -u -r1.7 locore0.S
--- amd64/locore0.S 21 Feb 2018 19:24:15 -0000 1.7
+++ amd64/locore0.S 13 Mar 2018 20:31:40 -0000
@@ -238,6 +238,7 @@ bi_size_ok:
  /* IA32_ARCH_CAPABILITIES MSR avaialble, use it to check CPU security */
  movl $MSR_ARCH_CAPABILITIES, %ecx
  rdmsr
+ movl %eax, _RELOC(cpu_archcap)
  testl $ARCH_CAPABILITIES_RDCL_NO, %eax
  jz .Lcpu_check_finished
 

Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Mike Larkin
On Tue, Mar 13, 2018 at 02:23:29PM -0700, Mike Larkin wrote:

> On Tue, Mar 13, 2018 at 08:27:49AM -0500, Brian Camp wrote:
> > On Tue, Mar 13, 2018 at 2:29 AM, Mike Larkin <[hidden email]> wrote:
> > > On Sun, Mar 11, 2018 at 04:33:49PM -0500, Brian Camp wrote:
> > >> I have two systems running 6.2-stable with the meltdown syspatch
> > >> installed. I noticed that while one of them lists "MELTDOWN" in the
> > >> CPU flags, the other does not. The one that does not has a Celeron
> > >> J3455, which Intel lists as affected by meltdown.
> > >>
> > >> Does the absence of the MELTDOWN flag mean that the workaround isn't
> > >> functioning on this machine? Dmesg below.
> > >>
> > >>
> > >> Thanks
> > >>
> > >> -Brian
> > >>
> > >
> > > Odd. Two of us have looked at the detection code again and we can't see any
> > > issues. Can you please do the following to help diagnose?
> > >
> > > 1. install the "cpuid" port package?
> > >
> > >  pkg_add cpuid
> > >
> > > 2. send the output of:
> > >
> > >  cpuid 0x0
> > >  cpuid 0x7
> > >
> > > On each of the two machines? (Make sure to say which is the working one
> > > and which is the one where meltdown isn't properly being detected).
> > >
> > > Thanks.
> > >
> > > -ml
> >
> > Sure thing.
> >
> > Working (i5-4690) -
> >
> > bcamp@z97x-sli:~ (OpenBSD 6.2)
> > $ cpuid 0x0
> > eax = 0x0000000d            13    "????"
> > ebx = 0x756e6547    1970169159    "Genu"
> > ecx = 0x6c65746e    1818588270    "ntel"
> > edx = 0x49656e69    1231384169    "ineI"
> > bcamp@z97x-sli:~ (OpenBSD 6.2)
> > $ cpuid 0x7
> > eax = 0x00000000             0    "????"
> > ebx = 0x000027ab         10155    "?'??"
> > ecx = 0x00000000             0    "????"
> > edx = 0x00000000             0    "????"
> > bcamp@z97x-sli:~ (OpenBSD 6.2)
> > $
> >
> > Non-working (Celeron J3455) -
> >
> > bcamp@nuc6cayh:~ (OpenBSD 6.2)
> > $ cpuid 0x0
> > eax = 0x00000015            21    "????"
> > ebx = 0x756e6547    1970169159    "Genu"
> > ecx = 0x6c65746e    1818588270    "ntel"
> > edx = 0x49656e69    1231384169    "ineI"
> > bcamp@nuc6cayh:~ (OpenBSD 6.2)
> > $ cpuid 0x7
> > eax = 0x00000000             0    "????"
> > ebx = 0x2294e283     580182659    "???""
> > ecx = 0x00000000             0    "????"
> > edx = 0x2c000000     738197504    "???,"
> > bcamp@nuc6cayh:~ (OpenBSD 6.2)
> > $
> >
> >
> > -Brian
> >
>
> As naddy@ pointed out in the earlier reply, this behaviour indicates that for
> some reason your CPU is saying it's not vulnerable. The 0x2c in edx for cpuid
> 0x7 in the J3455 case in your mail indicates the firmware (bios) says that
> the IA32_ARCH_CAPABILITIES MSR is available. We read that and if bit 1 is set,

Meant "bit 0" there.

-ml

> it means the CPU is not susceptible to "RDCL" (RDCL_NO = not susceptible to
> "Rogue Data Cache Load" ala Meltdown).
>
> Can you apply this diff and boot the J3455 machine and send the boot dmesg
> after applying it (apply to -current, please). This caches what answer we saw
> during boot and will tell us if the CPU is reporting garbage there.
>
> You don't need to run this on the other machine.
>
> -ml
>
> PS - you might also try looking for a newer BIOS, although this machine BIOS is
> listed as 08 Jan 2018, it's possible that was applied during that short
> period where Intel was releasing broken firmware updates. I'd appreciate it
> however if you booted with the diff below, first, before trying that.
>
> Index: amd64/identcpu.c
> ===================================================================
> RCS file: /cvs/src/sys/arch/amd64/amd64/identcpu.c,v
> retrieving revision 1.95
> diff -u -p -a -u -r1.95 identcpu.c
> --- amd64/identcpu.c 21 Feb 2018 19:24:15 -0000 1.95
> +++ amd64/identcpu.c 13 Mar 2018 20:32:22 -0000
> @@ -456,7 +456,7 @@ identifycpu(struct cpu_info *ci)
>   int i;
>   char *brandstr_from, *brandstr_to;
>   int skipspace;
> - extern uint32_t cpu_meltdown;
> + extern uint32_t cpu_meltdown, cpu_archcap;
>  
>   CPUID(1, ci->ci_signature, val, dummy, ci->ci_feature_flags);
>   CPUID(0x80000000, ci->ci_pnfeatset, dummy, dummy, dummy);
> @@ -616,6 +616,9 @@ identifycpu(struct cpu_info *ci)
>  
>   if (cpu_meltdown)
>   printf(",MELTDOWN");
> +
> + if (cpu_archcap)
> + printf("(arch cap=0x%x)", cpu_archcap);
>  
>   printf("\n");
>  
> Index: amd64/locore.S
> ===================================================================
> RCS file: /cvs/src/sys/arch/amd64/amd64/locore.S,v
> retrieving revision 1.94
> diff -u -p -a -u -r1.94 locore.S
> --- amd64/locore.S 21 Feb 2018 19:24:15 -0000 1.94
> +++ amd64/locore.S 13 Mar 2018 20:28:15 -0000
> @@ -178,6 +178,7 @@ _C_LABEL(lapic_isr):
>   .globl _C_LABEL(pg_nx)
>   .globl _C_LABEL(pg_g_kern)
>   .globl _C_LABEL(cpu_meltdown)
> + .globl _C_LABEL(cpu_archcap)
>  _C_LABEL(cpu_id): .long 0 # saved from `cpuid' instruction
>  _C_LABEL(cpu_feature): .long 0 # feature flags from 'cpuid'
>   #   instruction
> @@ -214,6 +215,7 @@ _C_LABEL(pg_g_kern): .quad 0 # 0x100 if
>   # in kernel mappings, 0 otherwise (for
>   # insecure CPUs)
>  _C_LABEL(cpu_meltdown): .long 0 # 1 if this CPU has Meltdown
> +_C_LABEL(cpu_archcap): .long 0 # cached MSR IA32_ARCH_CAPABILITIES.eax
>  
>  #define _RELOC(x) ((x) - KERNBASE)
>  #define RELOC(x) _RELOC(_C_LABEL(x))
> Index: amd64/locore0.S
> ===================================================================
> RCS file: /cvs/src/sys/arch/amd64/amd64/locore0.S,v
> retrieving revision 1.7
> diff -u -p -a -u -r1.7 locore0.S
> --- amd64/locore0.S 21 Feb 2018 19:24:15 -0000 1.7
> +++ amd64/locore0.S 13 Mar 2018 20:31:40 -0000
> @@ -238,6 +238,7 @@ bi_size_ok:
>   /* IA32_ARCH_CAPABILITIES MSR avaialble, use it to check CPU security */
>   movl $MSR_ARCH_CAPABILITIES, %ecx
>   rdmsr
> + movl %eax, _RELOC(cpu_archcap)
>   testl $ARCH_CAPABILITIES_RDCL_NO, %eax
>   jz .Lcpu_check_finished
>  
>

Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Brian Camp
On Tue, Mar 13, 2018 at 4:41 PM, Mike Larkin <[hidden email]> wrote:

> On Tue, Mar 13, 2018 at 02:23:29PM -0700, Mike Larkin wrote:
>> On Tue, Mar 13, 2018 at 08:27:49AM -0500, Brian Camp wrote:
>> > On Tue, Mar 13, 2018 at 2:29 AM, Mike Larkin <[hidden email]> wrote:
>> > > On Sun, Mar 11, 2018 at 04:33:49PM -0500, Brian Camp wrote:
>> > >> I have two systems running 6.2-stable with the meltdown syspatch
>> > >> installed. I noticed that while one of them lists "MELTDOWN" in the
>> > >> CPU flags, the other does not. The one that does not has a Celeron
>> > >> J3455, which Intel lists as affected by meltdown.
>> > >>
>> > >> Does the absence of the MELTDOWN flag mean that the workaround isn't
>> > >> functioning on this machine? Dmesg below.
>> > >>
>> > >>
>> > >> Thanks
>> > >>
>> > >> -Brian
>> > >>
>> > >
>> > > Odd. Two of us have looked at the detection code again and we can't see any
>> > > issues. Can you please do the following to help diagnose?
>> > >
>> > > 1. install the "cpuid" port package?
>> > >
>> > >  pkg_add cpuid
>> > >
>> > > 2. send the output of:
>> > >
>> > >  cpuid 0x0
>> > >  cpuid 0x7
>> > >
>> > > On each of the two machines? (Make sure to say which is the working one
>> > > and which is the one where meltdown isn't properly being detected).
>> > >
>> > > Thanks.
>> > >
>> > > -ml
>> >
>> > Sure thing.
>> >
>> > Working (i5-4690) -
>> >
>> > bcamp@z97x-sli:~ (OpenBSD 6.2)
>> > $ cpuid 0x0
>> > eax = 0x0000000d            13    "????"
>> > ebx = 0x756e6547    1970169159    "Genu"
>> > ecx = 0x6c65746e    1818588270    "ntel"
>> > edx = 0x49656e69    1231384169    "ineI"
>> > bcamp@z97x-sli:~ (OpenBSD 6.2)
>> > $ cpuid 0x7
>> > eax = 0x00000000             0    "????"
>> > ebx = 0x000027ab         10155    "?'??"
>> > ecx = 0x00000000             0    "????"
>> > edx = 0x00000000             0    "????"
>> > bcamp@z97x-sli:~ (OpenBSD 6.2)
>> > $
>> >
>> > Non-working (Celeron J3455) -
>> >
>> > bcamp@nuc6cayh:~ (OpenBSD 6.2)
>> > $ cpuid 0x0
>> > eax = 0x00000015            21    "????"
>> > ebx = 0x756e6547    1970169159    "Genu"
>> > ecx = 0x6c65746e    1818588270    "ntel"
>> > edx = 0x49656e69    1231384169    "ineI"
>> > bcamp@nuc6cayh:~ (OpenBSD 6.2)
>> > $ cpuid 0x7
>> > eax = 0x00000000             0    "????"
>> > ebx = 0x2294e283     580182659    "???""
>> > ecx = 0x00000000             0    "????"
>> > edx = 0x2c000000     738197504    "???,"
>> > bcamp@nuc6cayh:~ (OpenBSD 6.2)
>> > $
>> >
>> >
>> > -Brian
>> >
>>
>> As naddy@ pointed out in the earlier reply, this behaviour indicates that for
>> some reason your CPU is saying it's not vulnerable. The 0x2c in edx for cpuid
>> 0x7 in the J3455 case in your mail indicates the firmware (bios) says that
>> the IA32_ARCH_CAPABILITIES MSR is available. We read that and if bit 1 is set,
>
> Meant "bit 0" there.
>
> -ml
>
>> it means the CPU is not susceptible to "RDCL" (RDCL_NO = not susceptible to
>> "Rogue Data Cache Load" ala Meltdown).
>>
>> Can you apply this diff and boot the J3455 machine and send the boot dmesg
>> after applying it (apply to -current, please). This caches what answer we saw
>> during boot and will tell us if the CPU is reporting garbage there.

Patch applied to -current and the resulting dmesg attached.

>>
>> PS - you might also try looking for a newer BIOS, although this machine BIOS is
>> listed as 08 Jan 2018, it's possible that was applied during that short
>> period where Intel was releasing broken firmware updates. I'd appreciate it
>> however if you booted with the diff below, first, before trying that.
>>

Thats actually the latest version. Even though this board is made by
Intel itself, they have yet to release a BIOS update with the patched
microcode that other OEMs are shipping.

Thanks

-Brian


OpenBSD 6.3-beta (GENERIC.MP) #0: Tue Mar 13 18:01:15 CDT 2018
    [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8411357184 (8021MB)
avail mem = 8149372928 (7771MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x79aa1000 (51 entries)
bios0: vendor Intel Corp. version "AYAPLCEL.86A.0047.2018.0108.1419"
date 01/08/2018
bios0: Intel Corporation NUC6CAYH
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP FPDT FIDT MCFG DBG2 DBGP HPET LPIT APIC NPKT
PRAM WSMT SSDT SSDT SSDT SSDT SSDT SSDT SSDT UEFI TPM2 SSDT DMAR WDAT
NHLT
acpi0: wakeup devices SIO1(S3) HDAS(S3) XHC_(S4) XDCI(S4) BRCM(S0)
PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4)
RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpihpet0 at acpi0: 19200000 Hz
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1497.12 MHz
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT(arch
cap=0x1)
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 19MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1496.54 MHz
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT(arch
cap=0x1)
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1496.54 MHz
cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT(arch
cap=0x1)
cpu2: 1MB 64b/line 16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1496.54 MHz
cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT(arch
cap=0x1)
cpu3: 1MB 64b/line 16-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 120 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (RP01)
acpiprt2 at acpi0: bus -1 (RP02)
acpiprt3 at acpi0: bus 1 (RP03)
acpiprt4 at acpi0: bus 2 (RP04)
acpiprt5 at acpi0: bus 3 (RP05)
acpiprt6 at acpi0: bus -1 (RP06)
acpiec0 at acpi0
acpicpu0 at acpi0: C1(@1 halt!), PSS
acpicpu1 at acpi0: C1(@1 halt!), PSS
acpicpu2 at acpi0: C1(@1 halt!), PSS
acpicpu3 at acpi0: C1(@1 halt!), PSS
acpipwrres0 at acpi0: FN00, resource for FAN0
acpitz0 at acpi0: critical temperature is 100 degC
"ITE8708" at acpi0 not configured
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: SLPB
"INT3452" at acpi0 not configured
"INT3452" at acpi0 not configured
"INT3452" at acpi0 not configured
"INT3452" at acpi0 not configured
"INT33A1" at acpi0 not configured
"MSFT0101" at acpi0 not configured
"INT3398" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD1F
cpu0: Enhanced SpeedStep 1497 MHz: speeds: 1501, 1500, 1400, 1300,
1200, 1100, 1000, 900, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 vendor "Intel", unknown product 0x5af0 rev 0x0b
inteldrm0 at pci0 dev 2 function 0 vendor "Intel", unknown product
0x5a85 rev 0x0b
drm0 at inteldrm0
inteldrm0: msi
error: [drm:pid0:i915_firmware_load_error_print] *ERROR* failed to
load firmware i915/bxt_dmc_ver1.bin (-22)
error: [drm:pid0:i915_gem_init_hw] *ERROR* Failed to initialize GuC,
error -8 (ignored)
inteldrm0: 3840x2160, 32bpp
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
azalia0 at pci0 dev 14 function 0 vendor "Intel", unknown product
0x5a98 rev 0x0b: msi
azalia0: codecs: Realtek/0x0283, Intel/0x280a, using Realtek/0x0283
audio0 at azalia0
vendor "Intel", unknown product 0x5a9a (class communications subclass
miscellaneous, rev 0x0b) at pci0 dev 15 function 0 not configured
vendor "Intel", unknown product 0x5a9c (class communications subclass
miscellaneous, rev 0x0b) at pci0 dev 15 function 1 not configured
vendor "Intel", unknown product 0x5a9e (class communications subclass
miscellaneous, rev 0x0b) at pci0 dev 15 function 2 not configured
ahci0 at pci0 dev 18 function 0 vendor "Intel", unknown product 0x5ae3
rev 0x0b: msi, AHCI 1.3.1
ahci0: port 0: 6.0Gb/s
ahci0: PHY offline on port 1
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: <ATA, Samsung SSD 850, EMT0> SCSI3
0/direct fixed naa.5002538d42311cde
sd0: 238475MB, 512 bytes/sector, 488397168 sectors, thin
ppb0 at pci0 dev 19 function 0 vendor "Intel", unknown product 0x5ad8
rev 0xfb: msi
pci1 at ppb0 bus 1
rtsx0 at pci1 dev 0 function 0 "Realtek RTS5229 Card Reader" rev 0x01: msi
sdmmc0 at rtsx0: 4-bit, dma
ppb1 at pci0 dev 19 function 1 vendor "Intel", unknown product 0x5ad9
rev 0xfb: msi
pci2 at ppb1 bus 2
iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless-AC 3168" rev 0x10, msi
ppb2 at pci0 dev 19 function 2 vendor "Intel", unknown product 0x5ada
rev 0xfb: msi
pci3 at ppb2 bus 3
re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x15: RTL8168H/8111H
(0x5400), msi, address 94:c6:91:19:ab:cb
rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0
xhci0 at pci0 dev 21 function 0 vendor "Intel", unknown product 0x5aa8
rev 0x0b: msi
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev
3.00/1.00 addr 1
vendor "Intel", unknown product 0x5aac (class DASP subclass
miscellaneous, rev 0x0b) at pci0 dev 22 function 0 not configured
vendor "Intel", unknown product 0x5abc (class DASP subclass
miscellaneous, rev 0x0b) at pci0 dev 24 function 0 not configured
vendor "Intel", unknown product 0x5ac2 (class DASP subclass
miscellaneous, rev 0x0b) at pci0 dev 25 function 0 not configured
vendor "Intel", unknown product 0x5ac4 (class DASP subclass
miscellaneous, rev 0x0b) at pci0 dev 25 function 1 not configured
vendor "Intel", unknown product 0x5ac6 (class DASP subclass
miscellaneous, rev 0x0b) at pci0 dev 25 function 2 not configured
vendor "Intel", unknown product 0x5ac8 (class serial bus unknown
subclass 0x80, rev 0x0b) at pci0 dev 26 function 0 not configured
pcib0 at pci0 dev 31 function 0 vendor "Intel", unknown product 0x5ae8 rev 0x0b
vendor "Intel", unknown product 0x5ad4 (class serial bus subclass
SMBus, rev 0x0b) at pci0 dev 31 function 1 not configured
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: probed fifo depth: 0 bytes
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vmm0 at mainbus0: VMX/EPT
uhidev0 at uhub0 port 2 configuration 1 interface 0 "Dell Dell KB216
Wired Keyboard" rev 2.00/1.08 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub0 port 2 configuration 1 interface 1 "Dell Dell KB216
Wired Keyboard" rev 2.00/1.08 addr 2
uhidev1: iclass 3/0, 2 report ids
uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=2, output=0, feature=0
ugen0 at uhub0 port 8 "Intel product 0x0aa7" rev 2.00/0.01 addr 3
umass0 at uhub0 port 11 configuration 1 interface 0 "Samsung Portable
SSD T5" rev 3.10/1.00 addr 4
umass0: using SCSI over Bulk-Only
scsibus2 at umass0: 2 targets, initiator 0
sd1 at scsibus2 targ 1 lun 0: <Samsung, Portable SSD T5, 0> SCSI4
0/direct fixed serial.04e861f51234567A2BDF
sd1: 476940MB, 512 bytes/sector, 976773168 sectors
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd1a (31db6badac6479b0.a) swap on sd1b dump on sd1b
iwm0: hw rev 0x220, fw ver 22.361476.0, address 40:a3:cc:a4:83:d2

Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Mike Larkin
On Tue, Mar 13, 2018 at 06:20:16PM -0500, Brian Camp wrote:

> On Tue, Mar 13, 2018 at 4:41 PM, Mike Larkin <[hidden email]> wrote:
> > On Tue, Mar 13, 2018 at 02:23:29PM -0700, Mike Larkin wrote:
> >> On Tue, Mar 13, 2018 at 08:27:49AM -0500, Brian Camp wrote:
> >> > On Tue, Mar 13, 2018 at 2:29 AM, Mike Larkin <[hidden email]> wrote:
> >> > > On Sun, Mar 11, 2018 at 04:33:49PM -0500, Brian Camp wrote:
> >> > >> I have two systems running 6.2-stable with the meltdown syspatch
> >> > >> installed. I noticed that while one of them lists "MELTDOWN" in the
> >> > >> CPU flags, the other does not. The one that does not has a Celeron
> >> > >> J3455, which Intel lists as affected by meltdown.
> >> > >>
> >> > >> Does the absence of the MELTDOWN flag mean that the workaround isn't
> >> > >> functioning on this machine? Dmesg below.
> >> > >>
> >> > >>
> >> > >> Thanks
> >> > >>
> >> > >> -Brian
> >> > >>
> >> > >
> >> > > Odd. Two of us have looked at the detection code again and we can't see any
> >> > > issues. Can you please do the following to help diagnose?
> >> > >
> >> > > 1. install the "cpuid" port package?
> >> > >
> >> > >  pkg_add cpuid
> >> > >
> >> > > 2. send the output of:
> >> > >
> >> > >  cpuid 0x0
> >> > >  cpuid 0x7
> >> > >
> >> > > On each of the two machines? (Make sure to say which is the working one
> >> > > and which is the one where meltdown isn't properly being detected).
> >> > >
> >> > > Thanks.
> >> > >
> >> > > -ml
> >> >
> >> > Sure thing.
> >> >
> >> > Working (i5-4690) -
> >> >
> >> > bcamp@z97x-sli:~ (OpenBSD 6.2)
> >> > $ cpuid 0x0
> >> > eax = 0x0000000d            13    "????"
> >> > ebx = 0x756e6547    1970169159    "Genu"
> >> > ecx = 0x6c65746e    1818588270    "ntel"
> >> > edx = 0x49656e69    1231384169    "ineI"
> >> > bcamp@z97x-sli:~ (OpenBSD 6.2)
> >> > $ cpuid 0x7
> >> > eax = 0x00000000             0    "????"
> >> > ebx = 0x000027ab         10155    "?'??"
> >> > ecx = 0x00000000             0    "????"
> >> > edx = 0x00000000             0    "????"
> >> > bcamp@z97x-sli:~ (OpenBSD 6.2)
> >> > $
> >> >
> >> > Non-working (Celeron J3455) -
> >> >
> >> > bcamp@nuc6cayh:~ (OpenBSD 6.2)
> >> > $ cpuid 0x0
> >> > eax = 0x00000015            21    "????"
> >> > ebx = 0x756e6547    1970169159    "Genu"
> >> > ecx = 0x6c65746e    1818588270    "ntel"
> >> > edx = 0x49656e69    1231384169    "ineI"
> >> > bcamp@nuc6cayh:~ (OpenBSD 6.2)
> >> > $ cpuid 0x7
> >> > eax = 0x00000000             0    "????"
> >> > ebx = 0x2294e283     580182659    "???""
> >> > ecx = 0x00000000             0    "????"
> >> > edx = 0x2c000000     738197504    "???,"
> >> > bcamp@nuc6cayh:~ (OpenBSD 6.2)
> >> > $
> >> >
> >> >
> >> > -Brian
> >> >
> >>
> >> As naddy@ pointed out in the earlier reply, this behaviour indicates that for
> >> some reason your CPU is saying it's not vulnerable. The 0x2c in edx for cpuid
> >> 0x7 in the J3455 case in your mail indicates the firmware (bios) says that
> >> the IA32_ARCH_CAPABILITIES MSR is available. We read that and if bit 1 is set,
> >
> > Meant "bit 0" there.
> >
> > -ml
> >
> >> it means the CPU is not susceptible to "RDCL" (RDCL_NO = not susceptible to
> >> "Rogue Data Cache Load" ala Meltdown).
> >>
> >> Can you apply this diff and boot the J3455 machine and send the boot dmesg
> >> after applying it (apply to -current, please). This caches what answer we saw
> >> during boot and will tell us if the CPU is reporting garbage there.
>
> Patch applied to -current and the resulting dmesg attached.
>
> >>
> >> PS - you might also try looking for a newer BIOS, although this machine BIOS is
> >> listed as 08 Jan 2018, it's possible that was applied during that short
> >> period where Intel was releasing broken firmware updates. I'd appreciate it
> >> however if you booted with the diff below, first, before trying that.
> >>
>
> Thats actually the latest version. Even though this board is made by
> Intel itself, they have yet to release a BIOS update with the patched
> microcode that other OEMs are shipping.
>
> Thanks
>
> -Brian
>
>
> OpenBSD 6.3-beta (GENERIC.MP) #0: Tue Mar 13 18:01:15 CDT 2018
>     [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 8411357184 (8021MB)
> avail mem = 8149372928 (7771MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x79aa1000 (51 entries)
> bios0: vendor Intel Corp. version "AYAPLCEL.86A.0047.2018.0108.1419"
> date 01/08/2018
> bios0: Intel Corporation NUC6CAYH
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP FPDT FIDT MCFG DBG2 DBGP HPET LPIT APIC NPKT
> PRAM WSMT SSDT SSDT SSDT SSDT SSDT SSDT SSDT UEFI TPM2 SSDT DMAR WDAT
> NHLT
> acpi0: wakeup devices SIO1(S3) HDAS(S3) XHC_(S4) XDCI(S4) BRCM(S0)
> PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4)
> RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) [...]
> acpitimer0 at acpi0: 3579545 Hz, 32 bits
> acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
> acpihpet0 at acpi0: 19200000 Hz
> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1497.12 MHz
> cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT(arch
> cap=0x1)

Thanks!

This is somehow saying that the CPU in this machine is not vulnerable. This
is straight out of the Intel "Speculative Execution Side Channel Mitigations"
PDF file (doc #336996):

"Two bits are currently defined in the IA32_ARCH_CAPABILITIES MSR:

      · Bit 0 is defined as RDCL_NO. If RDMSR returns 1 for this bit, the processor is not susceptible
            to RDCL (rogue data cache load).

      · Bit 1 is defined as IBRS_ALL. If RDMSR returns 1 for this bit, the processor supports enhanced
            IBRS (see Section 2.5.1.3, "Enhanced IBRS").
"

I'm not sure whether or not I believe what your machine is reporting, I was
under the assumption that new hardware was needed to fix this. Shrug.

-ml

> cpu0: 1MB 64b/line 16-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 19MHz
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1496.54 MHz
> cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT(arch
> cap=0x1)
> cpu1: 1MB 64b/line 16-way L2 cache
> cpu1: smt 0, core 1, package 0
> cpu2 at mainbus0: apid 4 (application processor)
> cpu2: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1496.54 MHz
> cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT(arch
> cap=0x1)
> cpu2: 1MB 64b/line 16-way L2 cache
> cpu2: smt 0, core 2, package 0
> cpu3 at mainbus0: apid 6 (application processor)
> cpu3: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1496.54 MHz
> cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT(arch
> cap=0x1)
> cpu3: 1MB 64b/line 16-way L2 cache
> cpu3: smt 0, core 3, package 0
> ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 120 pins
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (RP01)
> acpiprt2 at acpi0: bus -1 (RP02)
> acpiprt3 at acpi0: bus 1 (RP03)
> acpiprt4 at acpi0: bus 2 (RP04)
> acpiprt5 at acpi0: bus 3 (RP05)
> acpiprt6 at acpi0: bus -1 (RP06)
> acpiec0 at acpi0
> acpicpu0 at acpi0: C1(@1 halt!), PSS
> acpicpu1 at acpi0: C1(@1 halt!), PSS
> acpicpu2 at acpi0: C1(@1 halt!), PSS
> acpicpu3 at acpi0: C1(@1 halt!), PSS
> acpipwrres0 at acpi0: FN00, resource for FAN0
> acpitz0 at acpi0: critical temperature is 100 degC
> "ITE8708" at acpi0 not configured
> acpibtn0 at acpi0: PWRB
> acpibtn1 at acpi0: SLPB
> "INT3452" at acpi0 not configured
> "INT3452" at acpi0 not configured
> "INT3452" at acpi0 not configured
> "INT3452" at acpi0 not configured
> "INT33A1" at acpi0 not configured
> "MSFT0101" at acpi0 not configured
> "INT3398" at acpi0 not configured
> "PNP0C0B" at acpi0 not configured
> "PNP0C14" at acpi0 not configured
> acpivideo0 at acpi0: GFX0
> acpivout0 at acpivideo0: DD1F
> cpu0: Enhanced SpeedStep 1497 MHz: speeds: 1501, 1500, 1400, 1300,
> 1200, 1100, 1000, 900, 800 MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 vendor "Intel", unknown product 0x5af0 rev 0x0b
> inteldrm0 at pci0 dev 2 function 0 vendor "Intel", unknown product
> 0x5a85 rev 0x0b
> drm0 at inteldrm0
> inteldrm0: msi
> error: [drm:pid0:i915_firmware_load_error_print] *ERROR* failed to
> load firmware i915/bxt_dmc_ver1.bin (-22)
> error: [drm:pid0:i915_gem_init_hw] *ERROR* Failed to initialize GuC,
> error -8 (ignored)
> inteldrm0: 3840x2160, 32bpp
> wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
> wsdisplay0: screen 1-5 added (std, vt100 emulation)
> azalia0 at pci0 dev 14 function 0 vendor "Intel", unknown product
> 0x5a98 rev 0x0b: msi
> azalia0: codecs: Realtek/0x0283, Intel/0x280a, using Realtek/0x0283
> audio0 at azalia0
> vendor "Intel", unknown product 0x5a9a (class communications subclass
> miscellaneous, rev 0x0b) at pci0 dev 15 function 0 not configured
> vendor "Intel", unknown product 0x5a9c (class communications subclass
> miscellaneous, rev 0x0b) at pci0 dev 15 function 1 not configured
> vendor "Intel", unknown product 0x5a9e (class communications subclass
> miscellaneous, rev 0x0b) at pci0 dev 15 function 2 not configured
> ahci0 at pci0 dev 18 function 0 vendor "Intel", unknown product 0x5ae3
> rev 0x0b: msi, AHCI 1.3.1
> ahci0: port 0: 6.0Gb/s
> ahci0: PHY offline on port 1
> scsibus1 at ahci0: 32 targets
> sd0 at scsibus1 targ 0 lun 0: <ATA, Samsung SSD 850, EMT0> SCSI3
> 0/direct fixed naa.5002538d42311cde
> sd0: 238475MB, 512 bytes/sector, 488397168 sectors, thin
> ppb0 at pci0 dev 19 function 0 vendor "Intel", unknown product 0x5ad8
> rev 0xfb: msi
> pci1 at ppb0 bus 1
> rtsx0 at pci1 dev 0 function 0 "Realtek RTS5229 Card Reader" rev 0x01: msi
> sdmmc0 at rtsx0: 4-bit, dma
> ppb1 at pci0 dev 19 function 1 vendor "Intel", unknown product 0x5ad9
> rev 0xfb: msi
> pci2 at ppb1 bus 2
> iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless-AC 3168" rev 0x10, msi
> ppb2 at pci0 dev 19 function 2 vendor "Intel", unknown product 0x5ada
> rev 0xfb: msi
> pci3 at ppb2 bus 3
> re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x15: RTL8168H/8111H
> (0x5400), msi, address 94:c6:91:19:ab:cb
> rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0
> xhci0 at pci0 dev 21 function 0 vendor "Intel", unknown product 0x5aa8
> rev 0x0b: msi
> usb0 at xhci0: USB revision 3.0
> uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev
> 3.00/1.00 addr 1
> vendor "Intel", unknown product 0x5aac (class DASP subclass
> miscellaneous, rev 0x0b) at pci0 dev 22 function 0 not configured
> vendor "Intel", unknown product 0x5abc (class DASP subclass
> miscellaneous, rev 0x0b) at pci0 dev 24 function 0 not configured
> vendor "Intel", unknown product 0x5ac2 (class DASP subclass
> miscellaneous, rev 0x0b) at pci0 dev 25 function 0 not configured
> vendor "Intel", unknown product 0x5ac4 (class DASP subclass
> miscellaneous, rev 0x0b) at pci0 dev 25 function 1 not configured
> vendor "Intel", unknown product 0x5ac6 (class DASP subclass
> miscellaneous, rev 0x0b) at pci0 dev 25 function 2 not configured
> vendor "Intel", unknown product 0x5ac8 (class serial bus unknown
> subclass 0x80, rev 0x0b) at pci0 dev 26 function 0 not configured
> pcib0 at pci0 dev 31 function 0 vendor "Intel", unknown product 0x5ae8 rev 0x0b
> vendor "Intel", unknown product 0x5ad4 (class serial bus subclass
> SMBus, rev 0x0b) at pci0 dev 31 function 1 not configured
> isa0 at pcib0
> isadma0 at isa0
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> com0: probed fifo depth: 0 bytes
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> vmm0 at mainbus0: VMX/EPT
> uhidev0 at uhub0 port 2 configuration 1 interface 0 "Dell Dell KB216
> Wired Keyboard" rev 2.00/1.08 addr 2
> uhidev0: iclass 3/1
> ukbd0 at uhidev0: 8 variable keys, 6 key codes
> wskbd1 at ukbd0 mux 1
> wskbd1: connecting to wsdisplay0
> uhidev1 at uhub0 port 2 configuration 1 interface 1 "Dell Dell KB216
> Wired Keyboard" rev 2.00/1.08 addr 2
> uhidev1: iclass 3/0, 2 report ids
> uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
> uhid1 at uhidev1 reportid 2: input=2, output=0, feature=0
> ugen0 at uhub0 port 8 "Intel product 0x0aa7" rev 2.00/0.01 addr 3
> umass0 at uhub0 port 11 configuration 1 interface 0 "Samsung Portable
> SSD T5" rev 3.10/1.00 addr 4
> umass0: using SCSI over Bulk-Only
> scsibus2 at umass0: 2 targets, initiator 0
> sd1 at scsibus2 targ 1 lun 0: <Samsung, Portable SSD T5, 0> SCSI4
> 0/direct fixed serial.04e861f51234567A2BDF
> sd1: 476940MB, 512 bytes/sector, 976773168 sectors
> vscsi0 at root
> scsibus3 at vscsi0: 256 targets
> softraid0 at root
> scsibus4 at softraid0: 256 targets
> root on sd1a (31db6badac6479b0.a) swap on sd1b dump on sd1b
> iwm0: hw rev 0x220, fw ver 22.361476.0, address 40:a3:cc:a4:83:d2
>

Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Jacob Leifman-2
On 13 Mar 2018 at 16:57, Mike Larkin wrote:

> On Tue, Mar 13, 2018 at 06:20:16PM -0500, Brian Camp wrote:
> > On Tue, Mar 13, 2018 at 4:41 PM, Mike Larkin <[hidden email]> wrote:
> > > On Tue, Mar 13, 2018 at 02:23:29PM -0700, Mike Larkin wrote:
> > >> On Tue, Mar 13, 2018 at 08:27:49AM -0500, Brian Camp wrote:
> > >> > On Tue, Mar 13, 2018 at 2:29 AM, Mike Larkin <[hidden email]> wrote:
> > >> > > On Sun, Mar 11, 2018 at 04:33:49PM -0500, Brian Camp wrote:
> > >> > >> I have two systems running 6.2-stable with the meltdown syspatch
> > >> > >> installed. I noticed that while one of them lists "MELTDOWN" in the
> > >> > >> CPU flags, the other does not. The one that does not has a Celeron
> > >> > >> J3455, which Intel lists as affected by meltdown.
> > >> > >>
> > >> > >> Does the absence of the MELTDOWN flag mean that the workaround isn't
> > >> > >> functioning on this machine? Dmesg below.
> > >> > >>
> > >> > >>
> > >> > >> Thanks
> > >> > >>
> > >> > >> -Brian
> > >> > >>
> > >> > >
> > >> > > Odd. Two of us have looked at the detection code again and we can't see any
> > >> > > issues. Can you please do the following to help diagnose?
> > >> > >
> > >> > > 1. install the "cpuid" port package?
> > >> > >
> > >> > >  pkg_add cpuid
> > >> > >
> > >> > > 2. send the output of:
> > >> > >
> > >> > >  cpuid 0x0
> > >> > >  cpuid 0x7
> > >> > >
> > >> > > On each of the two machines? (Make sure to say which is the working one
> > >> > > and which is the one where meltdown isn't properly being detected).
> > >> > >
> > >> > > Thanks.
> > >> > >
> > >> > > -ml
> > >> >
> > >> > Sure thing.
> > >> >
> > >> > Working (i5-4690) -
> > >> >
> > >> > bcamp@z97x-sli:~ (OpenBSD 6.2)
> > >> > $ cpuid 0x0
> > >> > eax = 0x0000000d            13    "????"
> > >> > ebx = 0x756e6547    1970169159    "Genu"
> > >> > ecx = 0x6c65746e    1818588270    "ntel"
> > >> > edx = 0x49656e69    1231384169    "ineI"
> > >> > bcamp@z97x-sli:~ (OpenBSD 6.2)
> > >> > $ cpuid 0x7
> > >> > eax = 0x00000000             0    "????"
> > >> > ebx = 0x000027ab         10155    "?'??"
> > >> > ecx = 0x00000000             0    "????"
> > >> > edx = 0x00000000             0    "????"
> > >> > bcamp@z97x-sli:~ (OpenBSD 6.2)
> > >> > $
> > >> >
> > >> > Non-working (Celeron J3455) -
> > >> >
> > >> > bcamp@nuc6cayh:~ (OpenBSD 6.2)
> > >> > $ cpuid 0x0
> > >> > eax = 0x00000015            21    "????"
> > >> > ebx = 0x756e6547    1970169159    "Genu"
> > >> > ecx = 0x6c65746e    1818588270    "ntel"
> > >> > edx = 0x49656e69    1231384169    "ineI"
> > >> > bcamp@nuc6cayh:~ (OpenBSD 6.2)
> > >> > $ cpuid 0x7
> > >> > eax = 0x00000000             0    "????"
> > >> > ebx = 0x2294e283     580182659    "???""
> > >> > ecx = 0x00000000             0    "????"
> > >> > edx = 0x2c000000     738197504    "???,"
> > >> > bcamp@nuc6cayh:~ (OpenBSD 6.2)
> > >> > $
> > >> >
> > >> >
> > >> > -Brian
> > >> >
> > >>
> > >> As naddy@ pointed out in the earlier reply, this behaviour indicates that for
> > >> some reason your CPU is saying it's not vulnerable. The 0x2c in edx for cpuid
> > >> 0x7 in the J3455 case in your mail indicates the firmware (bios) says that
> > >> the IA32_ARCH_CAPABILITIES MSR is available. We read that and if bit 1 is set,
> > >
> > > Meant "bit 0" there.
> > >
> > > -ml
> > >
> > >> it means the CPU is not susceptible to "RDCL" (RDCL_NO = not susceptible to
> > >> "Rogue Data Cache Load" ala Meltdown).
> > >>
> > >> Can you apply this diff and boot the J3455 machine and send the boot dmesg
> > >> after applying it (apply to -current, please). This caches what answer we saw
> > >> during boot and will tell us if the CPU is reporting garbage there.
> >
> > Patch applied to -current and the resulting dmesg attached.
> >
> > >>
> > >> PS - you might also try looking for a newer BIOS, although this machine BIOS is
> > >> listed as 08 Jan 2018, it's possible that was applied during that short
> > >> period where Intel was releasing broken firmware updates. I'd appreciate it
> > >> however if you booted with the diff below, first, before trying that.
> > >>
> >
> > Thats actually the latest version. Even though this board is made by
> > Intel itself, they have yet to release a BIOS update with the patched
> > microcode that other OEMs are shipping.
> >
> > Thanks
> >
> > -Brian
> >
> >
> > OpenBSD 6.3-beta (GENERIC.MP) #0: Tue Mar 13 18:01:15 CDT 2018
> >     [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > real mem = 8411357184 (8021MB)
> > avail mem = 8149372928 (7771MB)
> > mpath0 at root
> > scsibus0 at mpath0: 256 targets
> > mainbus0 at root
> > bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x79aa1000 (51 entries)
> > bios0: vendor Intel Corp. version "AYAPLCEL.86A.0047.2018.0108.1419"
> > date 01/08/2018
> > bios0: Intel Corporation NUC6CAYH
> > acpi0 at bios0: rev 2
> > acpi0: sleep states S0 S3 S4 S5
> > acpi0: tables DSDT FACP FPDT FIDT MCFG DBG2 DBGP HPET LPIT APIC NPKT
> > PRAM WSMT SSDT SSDT SSDT SSDT SSDT SSDT SSDT UEFI TPM2 SSDT DMAR WDAT
> > NHLT
> > acpi0: wakeup devices SIO1(S3) HDAS(S3) XHC_(S4) XDCI(S4) BRCM(S0)
> > PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4)
> > RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) [...]
> > acpitimer0 at acpi0: 3579545 Hz, 32 bits
> > acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
> > acpihpet0 at acpi0: 19200000 Hz
> > acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> > cpu0 at mainbus0: apid 0 (boot processor)
> > cpu0: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1497.12 MHz
> > cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT(arch
> > cap=0x1)
>
> Thanks!
>
> This is somehow saying that the CPU in this machine is not vulnerable. This
> is straight out of the Intel "Speculative Execution Side Channel Mitigations"
> PDF file (doc #336996):
>
> "Two bits are currently defined in the IA32_ARCH_CAPABILITIES MSR:
>
>       · Bit 0 is defined as RDCL_NO. If RDMSR returns 1 for this bit, the processor is not susceptible
>             to RDCL (rogue data cache load).
>
>       · Bit 1 is defined as IBRS_ALL. If RDMSR returns 1 for this bit, the processor supports enhanced
>             IBRS (see Section 2.5.1.3, "Enhanced IBRS").
> "
>
> I'm not sure whether or not I believe what your machine is reporting, I was
> under the assumption that new hardware was needed to fix this. Shrug.
>
> -ml

According to some sources, Intel and a handful of others have known about the
issue since February 2017(!), so perhaps it has already been patched in the
08Jan2018 BIOS. I too have doubts that to date any processor has been
redesigned to avoid the flaws entirely, but then again...

>
> > cpu0: 1MB 64b/line 16-way L2 cache
> > cpu0: smt 0, core 0, package 0
> > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> > cpu0: apic clock running at 19MHz
> > cpu1 at mainbus0: apid 2 (application processor)
> > cpu1: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1496.54 MHz
> > cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT(arch
> > cap=0x1)
> > cpu1: 1MB 64b/line 16-way L2 cache
> > cpu1: smt 0, core 1, package 0
> > cpu2 at mainbus0: apid 4 (application processor)
> > cpu2: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1496.54 MHz
> > cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT(arch
> > cap=0x1)
> > cpu2: 1MB 64b/line 16-way L2 cache
> > cpu2: smt 0, core 2, package 0
> > cpu3 at mainbus0: apid 6 (application processor)
> > cpu3: Intel(R) Celeron(R) CPU J3455 @ 1.50GHz, 1496.54 MHz
> > cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,IBRS,IBPB,STIBP,SENSOR,ARAT(arch
> > cap=0x1)
> > cpu3: 1MB 64b/line 16-way L2 cache
> > cpu3: smt 0, core 3, package 0
> > ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 120 pins
> > acpiprt0 at acpi0: bus 0 (PCI0)
> > acpiprt1 at acpi0: bus -1 (RP01)
> > acpiprt2 at acpi0: bus -1 (RP02)
> > acpiprt3 at acpi0: bus 1 (RP03)
> > acpiprt4 at acpi0: bus 2 (RP04)
> > acpiprt5 at acpi0: bus 3 (RP05)
> > acpiprt6 at acpi0: bus -1 (RP06)
> > acpiec0 at acpi0
> > acpicpu0 at acpi0: C1(@1 halt!), PSS
> > acpicpu1 at acpi0: C1(@1 halt!), PSS
> > acpicpu2 at acpi0: C1(@1 halt!), PSS
> > acpicpu3 at acpi0: C1(@1 halt!), PSS
> > acpipwrres0 at acpi0: FN00, resource for FAN0
> > acpitz0 at acpi0: critical temperature is 100 degC
> > "ITE8708" at acpi0 not configured
> > acpibtn0 at acpi0: PWRB
> > acpibtn1 at acpi0: SLPB
> > "INT3452" at acpi0 not configured
> > "INT3452" at acpi0 not configured
> > "INT3452" at acpi0 not configured
> > "INT3452" at acpi0 not configured
> > "INT33A1" at acpi0 not configured
> > "MSFT0101" at acpi0 not configured
> > "INT3398" at acpi0 not configured
> > "PNP0C0B" at acpi0 not configured
> > "PNP0C14" at acpi0 not configured
> > acpivideo0 at acpi0: GFX0
> > acpivout0 at acpivideo0: DD1F
> > cpu0: Enhanced SpeedStep 1497 MHz: speeds: 1501, 1500, 1400, 1300,
> > 1200, 1100, 1000, 900, 800 MHz
> > pci0 at mainbus0 bus 0
> > pchb0 at pci0 dev 0 function 0 vendor "Intel", unknown product 0x5af0 rev 0x0b
> > inteldrm0 at pci0 dev 2 function 0 vendor "Intel", unknown product
> > 0x5a85 rev 0x0b
> > drm0 at inteldrm0
> > inteldrm0: msi
> > error: [drm:pid0:i915_firmware_load_error_print] *ERROR* failed to
> > load firmware i915/bxt_dmc_ver1.bin (-22)
> > error: [drm:pid0:i915_gem_init_hw] *ERROR* Failed to initialize GuC,
> > error -8 (ignored)
> > inteldrm0: 3840x2160, 32bpp
> > wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
> > wsdisplay0: screen 1-5 added (std, vt100 emulation)
> > azalia0 at pci0 dev 14 function 0 vendor "Intel", unknown product
> > 0x5a98 rev 0x0b: msi
> > azalia0: codecs: Realtek/0x0283, Intel/0x280a, using Realtek/0x0283
> > audio0 at azalia0
> > vendor "Intel", unknown product 0x5a9a (class communications subclass
> > miscellaneous, rev 0x0b) at pci0 dev 15 function 0 not configured
> > vendor "Intel", unknown product 0x5a9c (class communications subclass
> > miscellaneous, rev 0x0b) at pci0 dev 15 function 1 not configured
> > vendor "Intel", unknown product 0x5a9e (class communications subclass
> > miscellaneous, rev 0x0b) at pci0 dev 15 function 2 not configured
> > ahci0 at pci0 dev 18 function 0 vendor "Intel", unknown product 0x5ae3
> > rev 0x0b: msi, AHCI 1.3.1
> > ahci0: port 0: 6.0Gb/s
> > ahci0: PHY offline on port 1
> > scsibus1 at ahci0: 32 targets
> > sd0 at scsibus1 targ 0 lun 0: <ATA, Samsung SSD 850, EMT0> SCSI3
> > 0/direct fixed naa.5002538d42311cde
> > sd0: 238475MB, 512 bytes/sector, 488397168 sectors, thin
> > ppb0 at pci0 dev 19 function 0 vendor "Intel", unknown product 0x5ad8
> > rev 0xfb: msi
> > pci1 at ppb0 bus 1
> > rtsx0 at pci1 dev 0 function 0 "Realtek RTS5229 Card Reader" rev 0x01: msi
> > sdmmc0 at rtsx0: 4-bit, dma
> > ppb1 at pci0 dev 19 function 1 vendor "Intel", unknown product 0x5ad9
> > rev 0xfb: msi
> > pci2 at ppb1 bus 2
> > iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless-AC 3168" rev 0x10, msi
> > ppb2 at pci0 dev 19 function 2 vendor "Intel", unknown product 0x5ada
> > rev 0xfb: msi
> > pci3 at ppb2 bus 3
> > re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x15: RTL8168H/8111H
> > (0x5400), msi, address 94:c6:91:19:ab:cb
> > rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0
> > xhci0 at pci0 dev 21 function 0 vendor "Intel", unknown product 0x5aa8
> > rev 0x0b: msi
> > usb0 at xhci0: USB revision 3.0
> > uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev
> > 3.00/1.00 addr 1
> > vendor "Intel", unknown product 0x5aac (class DASP subclass
> > miscellaneous, rev 0x0b) at pci0 dev 22 function 0 not configured
> > vendor "Intel", unknown product 0x5abc (class DASP subclass
> > miscellaneous, rev 0x0b) at pci0 dev 24 function 0 not configured
> > vendor "Intel", unknown product 0x5ac2 (class DASP subclass
> > miscellaneous, rev 0x0b) at pci0 dev 25 function 0 not configured
> > vendor "Intel", unknown product 0x5ac4 (class DASP subclass
> > miscellaneous, rev 0x0b) at pci0 dev 25 function 1 not configured
> > vendor "Intel", unknown product 0x5ac6 (class DASP subclass
> > miscellaneous, rev 0x0b) at pci0 dev 25 function 2 not configured
> > vendor "Intel", unknown product 0x5ac8 (class serial bus unknown
> > subclass 0x80, rev 0x0b) at pci0 dev 26 function 0 not configured
> > pcib0 at pci0 dev 31 function 0 vendor "Intel", unknown product 0x5ae8 rev 0x0b
> > vendor "Intel", unknown product 0x5ad4 (class serial bus subclass
> > SMBus, rev 0x0b) at pci0 dev 31 function 1 not configured
> > isa0 at pcib0
> > isadma0 at isa0
> > fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> > com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> > com0: probed fifo depth: 0 bytes
> > pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> > pckbd0 at pckbc0 (kbd slot)
> > wskbd0 at pckbd0: console keyboard, using wsdisplay0
> > pcppi0 at isa0 port 0x61
> > spkr0 at pcppi0
> > vmm0 at mainbus0: VMX/EPT
> > uhidev0 at uhub0 port 2 configuration 1 interface 0 "Dell Dell KB216
> > Wired Keyboard" rev 2.00/1.08 addr 2
> > uhidev0: iclass 3/1
> > ukbd0 at uhidev0: 8 variable keys, 6 key codes
> > wskbd1 at ukbd0 mux 1
> > wskbd1: connecting to wsdisplay0
> > uhidev1 at uhub0 port 2 configuration 1 interface 1 "Dell Dell KB216
> > Wired Keyboard" rev 2.00/1.08 addr 2
> > uhidev1: iclass 3/0, 2 report ids
> > uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
> > uhid1 at uhidev1 reportid 2: input=2, output=0, feature=0
> > ugen0 at uhub0 port 8 "Intel product 0x0aa7" rev 2.00/0.01 addr 3
> > umass0 at uhub0 port 11 configuration 1 interface 0 "Samsung Portable
> > SSD T5" rev 3.10/1.00 addr 4
> > umass0: using SCSI over Bulk-Only
> > scsibus2 at umass0: 2 targets, initiator 0
> > sd1 at scsibus2 targ 1 lun 0: <Samsung, Portable SSD T5, 0> SCSI4
> > 0/direct fixed serial.04e861f51234567A2BDF
> > sd1: 476940MB, 512 bytes/sector, 976773168 sectors
> > vscsi0 at root
> > scsibus3 at vscsi0: 256 targets
> > softraid0 at root
> > scsibus4 at softraid0: 256 targets
> > root on sd1a (31db6badac6479b0.a) swap on sd1b dump on sd1b
> > iwm0: hw rev 0x220, fw ver 22.361476.0, address 40:a3:cc:a4:83:d2
> >
>
>


Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Chris Cappuccio
In reply to this post by Mike Larkin
Mike Larkin [[hidden email]] wrote:
>
> I'm not sure whether or not I believe what your machine is reporting, I was
> under the assumption that new hardware was needed to fix this. Shrug.
>

There is a public PoC for meltdown and spectre on OpenBSD:

https://github.com/genua/meltdown

Here's what it looks like with the current meltdown work-around:

danka# ./meltdown -qv
CPU has RDTSCP
CPU has TSX
Access time: memory 401, cache 121 -> threshold 261
Using addr 0xffffffff818e4f30 for symbol '_version'.
0000    ?? ?? ?? ?? ?? ?? ?? ?? ?? ??                     ??????????
matched 0% (0 of 10 bytes)
System is not vulnerable to meltdown
0000    53 70 65 63 69 ?? 6c 20 45 78                     Speci?l Ex
matched 90% (9 of 10 bytes)
System is vulnerable to spectre

here's a 6.1 system with no patches:

meltdown# ./meltdown -qv
WARNING: CPU has no RDTSCP support!
CPU has no TSX support!
Access time: memory 347, cache 98 -> threshold 222
Using addr 0xffffffff816bc1a0 for symbol '_version'.
0000    4f 70 65 6e 42 53 44 20 36 2e                     OpenBSD 6.
matched 100% (10 of 10 bytes)
System is vulnerable to meltdown
0000    53 70 65 63 69 61 6c 20 45 78                     Special Ex
matched 100% (10 of 10 bytes)
Segmentation fault (core dumped)

Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Brian Camp
On Tue, Mar 13, 2018 at 7:18 PM, Chris Cappuccio <[hidden email]> wrote:

> Mike Larkin [[hidden email]] wrote:
>>
>> I'm not sure whether or not I believe what your machine is reporting, I was
>> under the assumption that new hardware was needed to fix this. Shrug.
>>
>
> There is a public PoC for meltdown and spectre on OpenBSD:
>
> https://github.com/genua/meltdown
>
> Here's what it looks like with the current meltdown work-around:
>
> danka# ./meltdown -qv
> CPU has RDTSCP
> CPU has TSX
> Access time: memory 401, cache 121 -> threshold 261
> Using addr 0xffffffff818e4f30 for symbol '_version'.
> 0000    ?? ?? ?? ?? ?? ?? ?? ?? ?? ??                     ??????????
> matched 0% (0 of 10 bytes)
> System is not vulnerable to meltdown
> 0000    53 70 65 63 69 ?? 6c 20 45 78                     Speci?l Ex
> matched 90% (9 of 10 bytes)
> System is vulnerable to spectre
>
> here's a 6.1 system with no patches:
>
> meltdown# ./meltdown -qv
> WARNING: CPU has no RDTSCP support!
> CPU has no TSX support!
> Access time: memory 347, cache 98 -> threshold 222
> Using addr 0xffffffff816bc1a0 for symbol '_version'.
> 0000    4f 70 65 6e 42 53 44 20 36 2e                     OpenBSD 6.
> matched 100% (10 of 10 bytes)
> System is vulnerable to meltdown
> 0000    53 70 65 63 69 61 6c 20 45 78                     Special Ex
> matched 100% (10 of 10 bytes)
> Segmentation fault (core dumped)
>

Well, I'm thoroughly confused now.

Running that PoC on the machine while in -current and even 6.1 (no
patches) returns that the system is not vulnerable to meltdown. This
processor was made in 2016 and everything I've read indicates that it
should be vulnerable.

-current (no MELTDOWN printf) -
# ./meltdown -v
CPU has RDTSCP
CPU has no TSX support!
Access time: memory 210, cache 91 -> threshold 150
Using addr 0xffffffff81a16230 for symbol '_version'.
0000    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   ????????????????
0010    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   ????????????????
0020    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   ????????????????
0030    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   ????????????????
0040    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   ????????????????
0050    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   ????????????????
0060    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   ????????????????
0070    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   ????????????????
0080    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??      ???????????????
matched 0% (0 of 143 bytes)
System is not vulnerable to meltdown
0000    53 70 65 ?? 69 61 6c 20 45 78 65 63 75 74 69 76   Spe?ial Executiv
0010    65 ?? 66 6f 72 20 43 ?? 75 6e 74 65 72 ?? ?? 74   e?for C?unter??t
0020    ?? 6c 6c 69 67 65 ?? 63 65 2c 20 ?? 65 72 72 6f   ?llige?ce, ?erro
0030    72 69 73 6d 2c 20 52 ?? 76 65 ?? 67 65 20 ?? 6e   rism, R?ve?ge ?n
0040    64 20 45 78 74 6f 72 74 69 ?? 6e 2e               d Extorti?n.
matched 84% (64 of 76 bytes)
System is vulnerable to spectre

6.1 release without any patches -
# ./meltdown -v
WARNING: CPU has no RDTSCP support!
CPU has no TSX support!
Access time: memory 193, cache 76 -> threshold 134
Using addr 0xffffffff816bb1a0 for symbol '_version'.
0000    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   ????????????????
0010    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   ????????????????
0020    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   ????????????????
0030    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   ????????????????
0040    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   ????????????????
0050    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   ????????????????
0060    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   ????????????????
0070    ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   ????????????????
0080    ?? ?? ?? ?? ??                                    ?????
matched 0% (0 of 133 bytes)
System is not vulnerable to meltdown
0000    53 70 65 63 69 ?? 6c 20 45 78 65 63 75 74 69 76   Speci?l Executiv
0010    65 20 66 6f 72 20 ?? 6f 75 6e 74 65 72 69 6e 74   e for ?ounterint
0020    65 ?? 6c 69 67 65 6e 63 65 ?? 20 54 65 ?? ?? ??   e?ligence? Te???
0030    72 ?? 73 6d 2c ?? ?? ?? 76 65 6e 67 65 ?? 61 6e   r?sm,???venge?an
0040    64 20 45 78 74 6f 72 74 69 6f 6e 2e               d Extortion.
matched 84% (64 of 76 bytes)
Segmentation fault (core dumped)

Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Theo de Raadt-2
> Running that PoC on the machine while in -current and even 6.1 (no
> patches) returns that the system is not vulnerable to meltdown. This
> processor was made in 2016 and everything I've read indicates that it
> should be vulnerable.

Such a low-grade processor may not have sufficient speculative prefetch
to cause the problem, but it is very strange to see the bit set which
indicates it is invulnerable.

Did someone know ahead of time about this problem and a speculative-prefetch
bit already existed and Intel did bravado to indicate it was the new checking
mechanism?  Or was the bit already there and reused to indicate this?

Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Theo de Raadt-2
In reply to this post by Jacob Leifman-2
> According to some sources, Intel and a handful of others have known about the
> issue since February 2017(!), so perhaps it has already been patched in the
> 08Jan2018 BIOS. I too have doubts that to date any processor has been
> redesigned to avoid the flaws entirely, but then again...

Sure.  A BIOS can change the flag bits.

Be nice to know.  Did a BIOS change them?

Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Brian Camp
On Tue, Mar 13, 2018 at 10:39 PM, Theo de Raadt <[hidden email]> wrote:
>> According to some sources, Intel and a handful of others have known about the
>> issue since February 2017(!), so perhaps it has already been patched in the
>> 08Jan2018 BIOS. I too have doubts that to date any processor has been
>> redesigned to avoid the flaws entirely, but then again...
>
> Sure.  A BIOS can change the flag bits.
>
> Be nice to know.  Did a BIOS change them?

I downgraded the bios to try and figure this out. Going back just one
revision (1/8/2018 to 12/18/2017) causes it to lose the flag and
-current's MELTDOWN workaround to activate.

Previous BIOS revision (12/18/2017):
bcamp@nuc6cayh:~ (OpenBSD 6.3)
$ cpuid 0x7
eax = 0x00000000             0    "????"
ebx = 0x2294e283     580182659    "???""
ecx = 0x00000000             0    "????"
edx = 0x00000000             0    "????"

Newest BIOS revision (1/8/2018):
bcamp@nuc6cayh:~ (OpenBSD 6.3)
$  cpuid 0x7
eax = 0x00000000             0    "????"
ebx = 0x2294e283     580182659    "???""
ecx = 0x00000000             0    "????"
edx = 0x2c000000     738197504    "???,"

Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Theo de Raadt-2
> On Tue, Mar 13, 2018 at 10:39 PM, Theo de Raadt <[hidden email]> wrote:
> >> According to some sources, Intel and a handful of others have known about the
> >> issue since February 2017(!), so perhaps it has already been patched in the
> >> 08Jan2018 BIOS. I too have doubts that to date any processor has been
> >> redesigned to avoid the flaws entirely, but then again...
> >
> > Sure.  A BIOS can change the flag bits.
> >
> > Be nice to know.  Did a BIOS change them?
>
> I downgraded the bios to try and figure this out. Going back just one
> revision (1/8/2018 to 12/18/2017) causes it to lose the flag and
> -current's MELTDOWN workaround to activate.
>
> Previous BIOS revision (12/18/2017):
> bcamp@nuc6cayh:~ (OpenBSD 6.3)
> $ cpuid 0x7
> eax = 0x00000000             0    "????"
> ebx = 0x2294e283     580182659    "???""
> ecx = 0x00000000             0    "????"
> edx = 0x00000000             0    "????"
>
> Newest BIOS revision (1/8/2018):
> bcamp@nuc6cayh:~ (OpenBSD 6.3)
> $  cpuid 0x7
> eax = 0x00000000             0    "????"
> ebx = 0x2294e283     580182659    "???""
> ecx = 0x00000000             0    "????"
> edx = 0x2c000000     738197504    "???,"

Fascinating isn't it?

Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Bob Beck-4
In reply to this post by Brian Camp
Intel make kitty scared...  What a fuckmess.

On Tue, Mar 13, 2018 at 22:57 Brian Camp <[hidden email]> wrote:

> On Tue, Mar 13, 2018 at 10:39 PM, Theo de Raadt <[hidden email]>
> wrote:
> >> According to some sources, Intel and a handful of others have known
> about the
> >> issue since February 2017(!), so perhaps it has already been patched in
> the
> >> 08Jan2018 BIOS. I too have doubts that to date any processor has been
> >> redesigned to avoid the flaws entirely, but then again...
> >
> > Sure.  A BIOS can change the flag bits.
> >
> > Be nice to know.  Did a BIOS change them?
>
> I downgraded the bios to try and figure this out. Going back just one
> revision (1/8/2018 to 12/18/2017) causes it to lose the flag and
> -current's MELTDOWN workaround to activate.
>
> Previous BIOS revision (12/18/2017):
> bcamp@nuc6cayh:~ (OpenBSD 6.3)
> $ cpuid 0x7
> eax = 0x00000000             0    "????"
> ebx = 0x2294e283     580182659    "???""
> ecx = 0x00000000             0    "????"
> edx = 0x00000000             0    "????"
>
> Newest BIOS revision (1/8/2018):
> bcamp@nuc6cayh:~ (OpenBSD 6.3)
> $  cpuid 0x7
> eax = 0x00000000             0    "????"
> ebx = 0x2294e283     580182659    "???""
> ecx = 0x00000000             0    "????"
> edx = 0x2c000000     738197504    "???,"
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Robert Paschedag

> Gesendet: Mittwoch, 14. März 2018 um 06:13 Uhr
> Von: "Bob Beck" <[hidden email]>
> An: "Brian Camp" <[hidden email]>
> Cc: "Theo de Raadt" <[hidden email]>, [hidden email]
> Betreff: Re: Meltdown workaround enabled?
>
> Intel make kitty scared...  What a fuckmess.

Err....do I get it right, that a possibly vulnerable CPU
(from 2016) is still vulnerable to MELTDOWN but a newer
BIOS *fakes* the CPU flags so the MELTDOWN "detection code"
says, "this CPU is NOT vulnerable"

Is that right?

Robert

>
> On Tue, Mar 13, 2018 at 22:57 Brian Camp <[hidden email]> wrote:
>
> > On Tue, Mar 13, 2018 at 10:39 PM, Theo de Raadt <[hidden email]>
> > wrote:
> > >> According to some sources, Intel and a handful of others have known
> > about the
> > >> issue since February 2017(!), so perhaps it has already been patched in
> > the
> > >> 08Jan2018 BIOS. I too have doubts that to date any processor has been
> > >> redesigned to avoid the flaws entirely, but then again...
> > >
> > > Sure.  A BIOS can change the flag bits.
> > >
> > > Be nice to know.  Did a BIOS change them?
> >
> > I downgraded the bios to try and figure this out. Going back just one
> > revision (1/8/2018 to 12/18/2017) causes it to lose the flag and
> > -current's MELTDOWN workaround to activate.
> >
> > Previous BIOS revision (12/18/2017):
> > bcamp@nuc6cayh:~ (OpenBSD 6.3)
> > $ cpuid 0x7
> > eax = 0x00000000             0    "????"
> > ebx = 0x2294e283     580182659    "???""
> > ecx = 0x00000000             0    "????"
> > edx = 0x00000000             0    "????"
> >
> > Newest BIOS revision (1/8/2018):
> > bcamp@nuc6cayh:~ (OpenBSD 6.3)
> > $  cpuid 0x7
> > eax = 0x00000000             0    "????"
> > ebx = 0x2294e283     580182659    "???""
> > ecx = 0x00000000             0    "????"
> > edx = 0x2c000000     738197504    "???,"
> >
> >
>

Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Christian Weisgerber
On 2018-03-14, "Robert Paschedag" <[hidden email]> wrote:

> Err....do I get it right, that a possibly vulnerable CPU
> (from 2016) is still vulnerable to MELTDOWN but a newer
> BIOS *fakes* the CPU flags so the MELTDOWN "detection code"
> says, "this CPU is NOT vulnerable"
>
> Is that right?

The newer BIOS includes new microcode.  As reported by the cpuid 7
edx return, this microcode adds:

- IBRS/IBPB speculation control
- STIBP speculation control
  These can be used by the operating system to mitigate Spectre
  V2 vulnerabilities.

- IA32_ARCH_CAPABILITIES model-specific register
  - RDCL_NO indicator
  This indicates that the CPU is not vulnerable to Meltdown (V3).

The gracious assumption is that the CPU (Apollo Lake/Goldmont)
either wasn't vulnerable to Meltdown in the first place or that it
could be fixed by the new microcode.

--
Christian "naddy" Weisgerber                          [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Bob Beck-4
In reply to this post by Robert Paschedag
On Wed, Mar 14, 2018 at 05:38 Robert Paschedag <[hidden email]>
wrote:

>
> > Gesendet: Mittwoch, 14. März 2018 um 06:13 Uhr
> > Von: "Bob Beck" <[hidden email]>
> > An: "Brian Camp" <[hidden email]>
> > Cc: "Theo de Raadt" <[hidden email]>, [hidden email]
> > Betreff: Re: Meltdown workaround enabled?
> >
> > Intel make kitty scared...  What a fuckmess.
>
> Err....do I get it right, that a possibly vulnerable CPU
> (from 2016) is still vulnerable to MELTDOWN but a newer
> BIOS *fakes* the CPU flags so the MELTDOWN "detection code"
> says, "this CPU is NOT vulnerable"
>
> Is that right?
>
> Robert
>


Just consume the broken crap like a good citizen.  Intel is too big to fail
so thinking about these things is bad for society. Right?



> >
> > On Tue, Mar 13, 2018 at 22:57 Brian Camp <[hidden email]> wrote:
> >
> > > On Tue, Mar 13, 2018 at 10:39 PM, Theo de Raadt <[hidden email]>
> > > wrote:
> > > >> According to some sources, Intel and a handful of others have known
> > > about the
> > > >> issue since February 2017(!), so perhaps it has already been
> patched in
> > > the
> > > >> 08Jan2018 BIOS. I too have doubts that to date any processor has
> been
> > > >> redesigned to avoid the flaws entirely, but then again...
> > > >
> > > > Sure.  A BIOS can change the flag bits.
> > > >
> > > > Be nice to know.  Did a BIOS change them?
> > >
> > > I downgraded the bios to try and figure this out. Going back just one
> > > revision (1/8/2018 to 12/18/2017) causes it to lose the flag and
> > > -current's MELTDOWN workaround to activate.
> > >
> > > Previous BIOS revision (12/18/2017):
> > > bcamp@nuc6cayh:~ (OpenBSD 6.3)
> > > $ cpuid 0x7
> > > eax = 0x00000000             0    "????"
> > > ebx = 0x2294e283     580182659    "???""
> > > ecx = 0x00000000             0    "????"
> > > edx = 0x00000000             0    "????"
> > >
> > > Newest BIOS revision (1/8/2018):
> > > bcamp@nuc6cayh:~ (OpenBSD 6.3)
> > > $  cpuid 0x7
> > > eax = 0x00000000             0    "????"
> > > ebx = 0x2294e283     580182659    "???""
> > > ecx = 0x00000000             0    "????"
> > > edx = 0x2c000000     738197504    "???,"
> > >
> > >
> >
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Meltdown workaround enabled?

Stuart Henderson
In reply to this post by Brian Camp
On 2018-03-13, Brian Camp <[hidden email]> wrote:
> Thats actually the latest version. Even though this board is made by
> Intel itself, they have yet to release a BIOS update with the patched
> microcode that other OEMs are shipping.

BTW, they're actually ECS boards.

> re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x15: RTL8168H/8111H
> (0x5400), msi, address 94:c6:91:19:ab:cb

The clue is here ^^