zenbleed "chicken bit" mitigation errata; "modprobe msr"

Question

zenbleed "chicken bit" mitigation errata; "modprobe msr"

vielmetti opened this issue a year ago · comments

Referencing @taviso post about ZenBleed at https://lock.cmpxchg8b.com/zenbleed.html :

First, thanks for an excellent explanation. I was able to reproduce the problem on an "AMD EPYC 7402P 24-Core" system.

Second, the "chicken bit" mitigation worked on this system under Ubuntu 22.04 LTS, but required these extra steps

apt install msr-tools
modprobe msr 
wrmsr -a 0xc0011029 $(($(rdmsr -c 0xc0011029) | (1<<9)))

Without the modprobe you get a weird error message from the shell when wrmsr tries to
interpret the rdmsr: open: No such file or directory error described in the rdmsr(1)
man page.

Edward Vielmetti · Answer 1 · Tue Jul 25 2023 04:30:44 GMT+0800 (China Standard Time)

Also, if you want to toggle this mitigation, you can do

wrmsr -a 0xc0011029 $(($(rdmsr -c 0xc0011029) ^ (1<<9)))

(replace the | with a ^ in the provided command).

CyrIng · Answer 2 · Wed Jul 26 2023 01:44:41 GMT+0800 (China Standard Time)

Hi,
Is bit 9 of DE_CFG register available only since microcode patch ?
I have searched among Zen PPR(s) and previous Gen datasheets and found no specification of such bit.
Thks

Tavis Ormandy · Answer 3 · Wed Jul 26 2023 01:53:27 GMT+0800 (China Standard Time)

Without the modprobe you get a weird error message from the shell

Hmm thanks, I'll clarify the documentation. I thought module autoload would take care it.

Hi, Is bit 9 of DE_CFG register available only since microcode patch ?

You only need to use it if you cant apply the patch. If you have the update, then you don't need to be concerned.

I have searched among Zen PPR(s) and previous Gen datasheets and found no specification of such bit. Thks

This is normal, they are not usually documented until needed.

memchr · Answer 4 · Wed Jul 26 2023 09:49:56 GMT+0800 (China Standard Time)

Strangely, the performance of the vzeroupper instruction itself seems to be little affected by this chicken bit.
If it is free to disclosure, could you please explain what does MSRC001_1029[9] actually does? Thanks.

Tavis Ormandy · Answer 5 · Wed Jul 26 2023 11:10:11 GMT+0800 (China Standard Time)

Sorry, only AMD can answer that question - you know as much as we do!

CyrIng · Answer 6 · Thu Aug 03 2023 14:34:12 GMT+0800 (China Standard Time)

Sorry, only AMD can answer that question - you know as much as we do!

I believe Manufacturer answer is MSR_AMD64_DE_CFG_ZEN2_FP_BACKUP_FIX_BIT which seems to be per CPU for an overall effect. But not clear if per logical (SMT) or per physical Core

EDIT: Scope is per physical Core

wrmsr -p 15 0xc0011029 0x3000310e08003

3000310e08202
3000310e08202
3000310e08202
3000310e08202
3000310e08202
3000310e08202
3000310e08202
3000310e08202
3000310e08202
3000310e08202
3000310e08202
3000310e08202
3000310e08202
3000310e08202
3000310e08202
3000310e08002
3000310e08203
3000310e08203
3000310e08203
3000310e08203
3000310e08203
3000310e08203
3000310e08203
3000310e08203
3000310e08203
3000310e08203
3000310e08203
3000310e08203
3000310e08203
3000310e08203
3000310e08203
3000310e08003

Tamás Koczka · Answer 7 · Fri Nov 24 2023 18:19:56 GMT+0800 (China Standard Time)

Hey! I am closing this issue, feel free to re-open if there is anything actionable. Thanks!