[Bug 1105536] New: Spectre V2 : System has more than MAX_PA/2 memory. L1TF mitigation not effective.
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536 Bug ID: 1105536 Summary: Spectre V2 : System has more than MAX_PA/2 memory. L1TF mitigation not effective. Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: x86-64 OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Kernel Assignee: kernel-maintainers@forge.provo.novell.com Reporter: studio@anchev.net QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- A system with kernel-default-4.12.14-lp150.12.16.1.x86_64 shows the following info: # dmesg | grep -i l1tf [ 0.020108] Spectre V2 : System has more than MAX_PA/2 memory. L1TF mitigation not effective. # find /sys/devices/system/cpu/vulnerabilities/ -type f -print -exec /usr/bin/cat '{}' \; /sys/devices/system/cpu/vulnerabilities/spectre_v2 Mitigation: Full generic retpoline, IBPB, IBRS_FW /sys/devices/system/cpu/vulnerabilities/spec_store_bypass Mitigation: Speculative Store Bypass disabled via prctl and seccomp /sys/devices/system/cpu/vulnerabilities/l1tf Vulnerable /sys/devices/system/cpu/vulnerabilities/spectre_v1 Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/meltdown Mitigation: PTI CPU flags show that "flush_l1d" is available: # lscpu | egrep "Model name:|Flags" Model name: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm cpuid_fault epb pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid fsgsbase smep erms xsaveopt dtherm ida arat pln pts flush_l1d # zypper se -si ucode-intel microcode Loading repository data... Reading installed packages... S | Name | Type | Version | Arch | Repository ---+-------------+---------+----------------------+--------+-------------- i+ | ucode-intel | package | 20180807-lp150.2.7.1 | x86_64 | *Update (OSS) An attempt to mitigate the L1TF vulnerability using kernel boot command line options kvm-intel.enable_ept=0 or l1tf=full,force didn't change anything - still vulnerable and not effective. Additionally I tried disabling HyperThreading from BIOS but that didn't help either. According to https://lore.kernel.org/patchwork/patch/974259/: "Note there is no workaround for [...] systems which have more than MAX_PA/2 worth of memory. The later case is very unlikely to happen on real systems." However the dmesg line seems to show this exact case. The system has 32GB of RAM (the maximum which the CPU and the mainboard support). Based on a forum discussion it was suggested to file these findings in a bug report. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536#c1
--- Comment #1 from George Anchev
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536
Malcolm Lewis
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536#c3
--- Comment #3 from George Anchev
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536#c5
Christopher Snowhill
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536#c8
--- Comment #8 from George Anchev
the CPU physical limit is 64GB, motherboard might be less
In my case the CPU actually supports maximum 32GB: https://ark.intel.com/products/65719/Intel-Core-i7-3770-Processor-8M-Cache-u... So why would one need to add 'mem=32G'? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536#c9
--- Comment #9 from George Anchev
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536#c11
--- Comment #11 from George Anchev
500MB of physical dimms are on "physical addresses" above 32GB
- Does the "mem=" value suggested by you result in using less RAM than what is usable physically available? I notice that before `free` showed 32874012 total, now it shows 32374300 which if I calculate correctly is 488Mb difference (not negligible). Also 32374300 != 33554428 (the mem value). I am just confused if the L1TF mitigation leads to a requirement of not using all available physical RAM (in which case I suppose this may qualify as a bug as it would mean not using efficiently the available hardware). -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536#c13
--- Comment #13 from George Anchev
The author of the code (Andi Kleen of Intel) added the following comment next to the warning [...]
Intel should better not have created vulnerable hardware rather than give us post factum comments about what is extremely unlikely :)
Yeah, I will send a patch upstream soon.
Do you think you could post a notice here so we can test again when it is fixed? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536#c14
--- Comment #14 from George Anchev
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536#c15
--- Comment #15 from George Anchev
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536#c16
--- Comment #16 from George Anchev
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536
http://bugzilla.opensuse.org/show_bug.cgi?id=1105536#c19
--- Comment #19 from George Anchev
participants (1)
-
bugzilla_noreply@novell.com