Spectre mitigation doesn't seem to work at all?!

From: Andreas Hartmann
Date: Fri Jun 01 2018 - 08:27:47 EST

Next message: Rik van Riel: "[PATCH] x86,switch_mm: skip atomic operations for init_mm"
Previous message: Alex Richman: "Re: mlock() confusing 1 half of system RAM limit"
Next in thread: Andreas Hartmann: "Re: Spectre mitigation doesn't seem to work at all?!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello!

I tested the spectre mitigation of different machines and kernels with
https://github.com/crozone/SpectrePoC

You can see the results below.

My question: Did I miss something?
My expectation was, that on base of the output of
/sys/devices/system/cpu/vulnerabilities/spectre_v* as shown below the problem should be gone away.
But the results seem to tell me something other ... .

Thanks
Andreas

----------------------------------------------------------------------------------------------------------------------
CPU: AMD Ryzen 7 1700X Eight-Core Processor
Bios: BIOS 4011 04/19/2018 - ibpb is listed in /proc/cpuinfo
Kernel: 4.14.44-1.1-default
cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Mitigation: Full AMD retpoline, IBPB
cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
Mitigation: __user pointer sanitization

./spectre.out
Using a cache hit threshold of 80.
Build: RDTSCP_SUPPORTED MFENCE_SUPPORTED CLFLUSH_SUPPORTED INTEL_MITIGATION_DISABLED LINUX_KERNEL_MITIGATION_DISABLED
Reading 40 bytes:
Reading at malicious_x = 0xffffffffffdfec18... Success: 0x54=âTâ score=2
Reading at malicious_x = 0xffffffffffdfec19... Success: 0x68=âhâ score=2
Reading at malicious_x = 0xffffffffffdfec1a... Success: 0x65=âeâ score=2
Reading at malicious_x = 0xffffffffffdfec1b... Success: 0x20=â â score=2
Reading at malicious_x = 0xffffffffffdfec1c... Success: 0x4D=âMâ score=2
Reading at malicious_x = 0xffffffffffdfec1d... Success: 0x61=âaâ score=2
Reading at malicious_x = 0xffffffffffdfec1e... Success: 0x67=âgâ score=2
Reading at malicious_x = 0xffffffffffdfec1f... Success: 0x69=âiâ score=2
Reading at malicious_x = 0xffffffffffdfec20... Success: 0x63=âcâ score=2
Reading at malicious_x = 0xffffffffffdfec21... Success: 0x20=â â score=2
Reading at malicious_x = 0xffffffffffdfec22... Success: 0x57=âWâ score=2
Reading at malicious_x = 0xffffffffffdfec23... Success: 0x6F=âoâ score=2
Reading at malicious_x = 0xffffffffffdfec24... Success: 0x72=ârâ score=2
Reading at malicious_x = 0xffffffffffdfec25... Success: 0x64=âdâ score=2
Reading at malicious_x = 0xffffffffffdfec26... Success: 0x73=âsâ score=2
Reading at malicious_x = 0xffffffffffdfec27... Success: 0x20=â â score=2
Reading at malicious_x = 0xffffffffffdfec28... Success: 0x61=âaâ score=2
Reading at malicious_x = 0xffffffffffdfec29... Success: 0x72=ârâ score=2
Reading at malicious_x = 0xffffffffffdfec2a... Success: 0x65=âeâ score=2
Reading at malicious_x = 0xffffffffffdfec2b... Success: 0x20=â â score=2
Reading at malicious_x = 0xffffffffffdfec2c... Success: 0x53=âSâ score=2
Reading at malicious_x = 0xffffffffffdfec2d... Success: 0x71=âqâ score=2
Reading at malicious_x = 0xffffffffffdfec2e... Success: 0x75=âuâ score=2
Reading at malicious_x = 0xffffffffffdfec2f... Success: 0x65=âeâ score=2
Reading at malicious_x = 0xffffffffffdfec30... Success: 0x61=âaâ score=2
Reading at malicious_x = 0xffffffffffdfec31... Success: 0x6D=âmâ score=2
Reading at malicious_x = 0xffffffffffdfec32... Success: 0x69=âiâ score=2
Reading at malicious_x = 0xffffffffffdfec33... Success: 0x73=âsâ score=2
Reading at malicious_x = 0xffffffffffdfec34... Success: 0x68=âhâ score=2
Reading at malicious_x = 0xffffffffffdfec35... Success: 0x20=â â score=2
Reading at malicious_x = 0xffffffffffdfec36... Success: 0x4F=âOâ score=2
Reading at malicious_x = 0xffffffffffdfec37... Success: 0x73=âsâ score=2
Reading at malicious_x = 0xffffffffffdfec38... Success: 0x73=âsâ score=2
Reading at malicious_x = 0xffffffffffdfec39... Success: 0x69=âiâ score=2
Reading at malicious_x = 0xffffffffffdfec3a... Success: 0x66=âfâ score=2
Reading at malicious_x = 0xffffffffffdfec3b... Success: 0x72=ârâ score=2
Reading at malicious_x = 0xffffffffffdfec3c... Success: 0x61=âaâ score=2
Reading at malicious_x = 0xffffffffffdfec3d... Success: 0x67=âgâ score=2
Reading at malicious_x = 0xffffffffffdfec3e... Success: 0x65=âeâ score=2
Reading at malicious_x = 0xffffffffffdfec3f... Success: 0x2E=â.â score=2

----------------------------------------------------------------------------------------------------------------------
CPU: AMD G-T40E Processor
Kernel: 4.14.44-1.el6.x86_64
cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
Mitigation: __user pointer sanitization
cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Mitigation: Full AMD retpoline

./spectre.out 130
Using a cache hit threshold of 130.
Build: RDTSCP_SUPPORTED MFENCE_SUPPORTED CLFLUSH_SUPPORTED INTEL_MITIGATION_DISABLED LINUX_KERNEL_MITIGATION_DISABLED
Reading 40 bytes:
Reading at malicious_x = 0xffffffffffdfebf0... Unclear: 0x54=âTâ score=999 (second best: 0x00=â?â score=992)
Reading at malicious_x = 0xffffffffffdfebf1... Unclear: 0x68=âhâ score=996 (second best: 0x00=â?â score=988)
Reading at malicious_x = 0xffffffffffdfebf2... Unclear: 0x65=âeâ score=999 (second best: 0x00=â?â score=985)
Reading at malicious_x = 0xffffffffffdfebf3... Unclear: 0x20=â â score=997 (second best: 0x00=â?â score=989)
Reading at malicious_x = 0xffffffffffdfebf4... Unclear: 0x4D=âMâ score=999 (second best: 0x00=â?â score=993)
Reading at malicious_x = 0xffffffffffdfebf5... Unclear: 0x61=âaâ score=998 (second best: 0x00=â?â score=991)
Reading at malicious_x = 0xffffffffffdfebf6... Unclear: 0x67=âgâ score=996 (second best: 0x00=â?â score=988)
Reading at malicious_x = 0xffffffffffdfebf7... Unclear: 0x69=âiâ score=998 (second best: 0x00=â?â score=987)
Reading at malicious_x = 0xffffffffffdfebf8... Unclear: 0x63=âcâ score=999 (second best: 0x00=â?â score=989)
Reading at malicious_x = 0xffffffffffdfebf9... Unclear: 0x20=â â score=999 (second best: 0x00=â?â score=989)
Reading at malicious_x = 0xffffffffffdfebfa... Unclear: 0x57=âWâ score=998 (second best: 0x5B=â[â score=985)
Reading at malicious_x = 0xffffffffffdfebfb... Unclear: 0x6F=âoâ score=998 (second best: 0x00=â?â score=988)
Reading at malicious_x = 0xffffffffffdfebfc... Unclear: 0x00=â?â score=985 (second best: 0xF7=â?â score=942)
Reading at malicious_x = 0xffffffffffdfebfd... Unclear: 0x64=âdâ score=999 (second best: 0x00=â?â score=990)
Reading at malicious_x = 0xffffffffffdfebfe... Unclear: 0x73=âsâ score=998 (second best: 0x00=â?â score=984)
Reading at malicious_x = 0xffffffffffdfebff... Unclear: 0x20=â â score=998 (second best: 0x00=â?â score=985)
Reading at malicious_x = 0xffffffffffdfec00... Unclear: 0x61=âaâ score=999 (second best: 0x00=â?â score=984)
Reading at malicious_x = 0xffffffffffdfec01... Unclear: 0x72=ârâ score=999 (second best: 0x00=â?â score=986)
Reading at malicious_x = 0xffffffffffdfec02... Unclear: 0x65=âeâ score=998 (second best: 0x00=â?â score=980)
Reading at malicious_x = 0xffffffffffdfec03... Unclear: 0x20=â â score=998 (second best: 0x00=â?â score=992)
Reading at malicious_x = 0xffffffffffdfec04... Unclear: 0x53=âSâ score=997 (second best: 0x50=âPâ score=990)
Reading at malicious_x = 0xffffffffffdfec05... Unclear: 0x71=âqâ score=998 (second best: 0x00=â?â score=984)
Reading at malicious_x = 0xffffffffffdfec06... Unclear: 0x75=âuâ score=999 (second best: 0x72=ârâ score=976)
Reading at malicious_x = 0xffffffffffdfec07... Unclear: 0x65=âeâ score=999 (second best: 0x00=â?â score=988)
Reading at malicious_x = 0xffffffffffdfec08... Unclear: 0x61=âaâ score=999 (second best: 0x00=â?â score=986)
Reading at malicious_x = 0xffffffffffdfec09... Unclear: 0x6D=âmâ score=999 (second best: 0x00=â?â score=987)
Reading at malicious_x = 0xffffffffffdfec0a... Unclear: 0x69=âiâ score=998 (second best: 0x00=â?â score=987)
Reading at malicious_x = 0xffffffffffdfec0b... Unclear: 0x73=âsâ score=984 (second best: 0x00=â?â score=974)
Reading at malicious_x = 0xffffffffffdfec0c... Unclear: 0x00=â?â score=991 (second best: 0xB4=â?â score=933)
Reading at malicious_x = 0xffffffffffdfec0d... Unclear: 0x20=â â score=999 (second best: 0x00=â?â score=986)
Reading at malicious_x = 0xffffffffffdfec0e... Unclear: 0x4F=âOâ score=998 (second best: 0x50=âPâ score=991)
Reading at malicious_x = 0xffffffffffdfec0f... Unclear: 0x73=âsâ score=999 (second best: 0x00=â?â score=987)
Reading at malicious_x = 0xffffffffffdfec10... Unclear: 0x73=âsâ score=998 (second best: 0x00=â?â score=971)
Reading at malicious_x = 0xffffffffffdfec11... Unclear: 0x69=âiâ score=999 (second best: 0x00=â?â score=980)
Reading at malicious_x = 0xffffffffffdfec12... Unclear: 0x66=âfâ score=998 (second best: 0x00=â?â score=978)
Reading at malicious_x = 0xffffffffffdfec13... Unclear: 0x72=ârâ score=995 (second best: 0x00=â?â score=981)
Reading at malicious_x = 0xffffffffffdfec14... Unclear: 0x61=âaâ score=996 (second best: 0x00=â?â score=971)
Reading at malicious_x = 0xffffffffffdfec15... Unclear: 0x67=âgâ score=999 (second best: 0x00=â?â score=975)
Reading at malicious_x = 0xffffffffffdfec16... Unclear: 0x65=âeâ score=999 (second best: 0x00=â?â score=984)
Reading at malicious_x = 0xffffffffffdfec17... Unclear: 0x2E=â.â score=999 (second best: 0x00=â?â score=987)

---------------------------------------------------------------------------------------------------------------------
CPU: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Kernel: 4.16.5-13.1-default
cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Mitigation: Full generic retpoline
cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
Mitigation: __user pointer sanitization

./spectre.out
Using a cache hit threshold of 80.
Build: RDTSCP_SUPPORTED MFENCE_SUPPORTED CLFLUSH_SUPPORTED INTEL_MITIGATION_DISABLED LINUX_KERNEL_MITIGATION_DISABLED
Reading 40 bytes:
Reading at malicious_x = 0xffffffffffdfebe8... Success: 0x54=âTâ score=2
Reading at malicious_x = 0xffffffffffdfebe9... Success: 0x68=âhâ score=2
Reading at malicious_x = 0xffffffffffdfebea... Success: 0x65=âeâ score=2
Reading at malicious_x = 0xffffffffffdfebeb... Success: 0x20=â â score=7 (second best: 0x21=â!â score=1)
Reading at malicious_x = 0xffffffffffdfebec... Success: 0x4D=âMâ score=2
Reading at malicious_x = 0xffffffffffdfebed... Success: 0x61=âaâ score=2
Reading at malicious_x = 0xffffffffffdfebee... Success: 0x67=âgâ score=2
Reading at malicious_x = 0xffffffffffdfebef... Success: 0x69=âiâ score=7 (second best: 0xB2=â?â score=1)
Reading at malicious_x = 0xffffffffffdfebf0... Success: 0x63=âcâ score=2
Reading at malicious_x = 0xffffffffffdfebf1... Success: 0x20=â â score=2
Reading at malicious_x = 0xffffffffffdfebf2... Success: 0x57=âWâ score=2
Reading at malicious_x = 0xffffffffffdfebf3... Success: 0x6F=âoâ score=2
Reading at malicious_x = 0xffffffffffdfebf4... Success: 0x72=ârâ score=2
Reading at malicious_x = 0xffffffffffdfebf5... Success: 0x64=âdâ score=2
Reading at malicious_x = 0xffffffffffdfebf6... Success: 0x73=âsâ score=2
Reading at malicious_x = 0xffffffffffdfebf7... Success: 0x20=â â score=2
Reading at malicious_x = 0xffffffffffdfebf8... Success: 0x61=âaâ score=2
Reading at malicious_x = 0xffffffffffdfebf9... Success: 0x72=ârâ score=7 (second best: 0x22=â"â score=1)
Reading at malicious_x = 0xffffffffffdfebfa... Success: 0x65=âeâ score=2
Reading at malicious_x = 0xffffffffffdfebfb... Success: 0x20=â â score=2
Reading at malicious_x = 0xffffffffffdfebfc... Success: 0x53=âSâ score=2
Reading at malicious_x = 0xffffffffffdfebfd... Success: 0x71=âqâ score=2
Reading at malicious_x = 0xffffffffffdfebfe... Success: 0x75=âuâ score=2
Reading at malicious_x = 0xffffffffffdfebff... Success: 0x65=âeâ score=2
Reading at malicious_x = 0xffffffffffdfec00... Success: 0x61=âaâ score=2
Reading at malicious_x = 0xffffffffffdfec01... Success: 0x6D=âmâ score=2
Reading at malicious_x = 0xffffffffffdfec02... Success: 0x69=âiâ score=2
Reading at malicious_x = 0xffffffffffdfec03... Success: 0x73=âsâ score=2
Reading at malicious_x = 0xffffffffffdfec04... Success: 0x68=âhâ score=2
Reading at malicious_x = 0xffffffffffdfec05... Success: 0x20=â â score=2
Reading at malicious_x = 0xffffffffffdfec06... Success: 0x4F=âOâ score=2
Reading at malicious_x = 0xffffffffffdfec07... Success: 0x73=âsâ score=2
Reading at malicious_x = 0xffffffffffdfec08... Success: 0x73=âsâ score=2
Reading at malicious_x = 0xffffffffffdfec09... Success: 0x69=âiâ score=2
Reading at malicious_x = 0xffffffffffdfec0a... Success: 0x66=âfâ score=2
Reading at malicious_x = 0xffffffffffdfec0b... Success: 0x72=ârâ score=2
Reading at malicious_x = 0xffffffffffdfec0c... Success: 0x61=âaâ score=2
Reading at malicious_x = 0xffffffffffdfec0d... Success: 0x67=âgâ score=7 (second best: 0x42=âBâ score=1)
Reading at malicious_x = 0xffffffffffdfec0e... Success: 0x65=âeâ score=2
Reading at malicious_x = 0xffffffffffdfec0f... Success: 0x2E=â.â score=2

Next message: Rik van Riel: "[PATCH] x86,switch_mm: skip atomic operations for init_mm"
Previous message: Alex Richman: "Re: mlock() confusing 1 half of system RAM limit"
Next in thread: Andreas Hartmann: "Re: Spectre mitigation doesn't seem to work at all?!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]