7

As a mitigation against the recent zenbleed vulnerability (https://lock.cmpxchg8b.com/zenbleed.html) it is advised to set DE_CFG[9] = 1.

I have not manage to find anything on this MSR, except for Is LFENCE serializing on AMD processors? which describes DE_CFG[1].

So what are the consequences of setting DE_CFG[9] = 1?

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Unlikus
  • 1,419
  • 10
  • 24
  • 3
    MSRC001_1029 appears to be undocumented, it was omitted from the AMD family 17h PPR manual. The best I can find about this MSRC001_1029 is from this [paper](https://gruss.cc/files/msrtemplating.pdf) which analyses bits 2 to 7 of this MSR using this [msrevelio](https://github.com/IAIK/msrevelio). Strangely, this chicken seems to have no effect on the performance of the `vzeroupper` instruction itself, and causes no noticeable performance change in the system as a whole. – memchr Jul 26 '23 at 01:43
  • 1
    It seems that taviso has no clue about this bit either: https://github.com/google/security-research/issues/36#issuecomment-1650908996 – memchr Jul 26 '23 at 03:56

1 Answers1

4

The most specific claim of knowing what this does comes from Cloudflare.

This change will prevent certain instructions with complex side effects like vzeroupper from being speculatively executed.

That is not very specific, and we can deduce with some certainty that AMD has not released more specific documentation, as major players have a wildly different way of portraying what is even happening. e.g. Amazon was initially misclassifying the original bug as a side channel and recommends to never rely on their instances to be capable of enforcing internal security boundaries anyway.

The Linux kernel maintainers reveal little more than describing it as a fallback fix, see linux/arch/x86/include/asm/msr-index.h

#define MSR_AMD64_DE_CFG        0xc0011029
#define MSR_AMD64_DE_CFG_LFENCE_SERIALIZE_BIT    1
#define MSR_AMD64_DE_CFG_LFENCE_SERIALIZE   BIT_ULL(MSR_AMD64_DE_CFG_LFENCE_SERIALIZE_BIT)
#define MSR_AMD64_DE_CFG_ZEN2_FP_BACKUP_FIX_BIT 9

RedHat and Microsoft keep mostly quiet, I suspect some information from their side will become public when they are done addressing the impact.

anx
  • 174
  • 6