Back to the avx2 bug in my skylake

If you add clearcpuid=293 to the kernel line, it disables the *kernels* use of the feature:

Before:

flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr 
        pge mca cmov pat pse36 clflush dts acpi mmx fxsr 
        sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm 
        constant_tsc art arch_perfmon pebs bts rep_good nopl 
        xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq 
        pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 
        sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe 
        popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm 
        abm 3dnowprefetch cpuid_fault epb invpcid_single pti ibrs 
        ibpb stibp tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust 
        bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap 
        clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm 
        ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp

After:

flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr 
        pge mca cmov pat pse36 clflush dts acpi mmx fxsr 
        sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm 
        constant_tsc art arch_perfmon pebs bts rep_good nopl 
        xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq 
        pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 
        sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe 
        popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm 
        abm 3dnowprefetch cpuid_fault epb invpcid_single pti ibrs 
        ibpb stibp tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust 
        bmi1 hle smep bmi2 erms invpcid rtm mpx rdseed adx smap 
        clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm 
        ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp

Mission accomplished. Great Success! But wait… Still the same problem in user space.

Another method one can use is to clear just this flag on a virtual machine, and use it instead. E.g. have the host do nothing but run this:

<cpu mode='custom' match='exact' check='partial'>
  <model fallback='allow'>Skylake-Client-IBRS</model>
  <feature policy='disable' name='avx2'/>
</cpu>

Now this works. A virtual machine w/o this line exhibits the problem. Adding the line and the problem is gone.

So, gentle reader, is there anyway to hide this bit from cpuid for user-space w/o running a hypervisor?

I want CPUID.(EAX=07H, ECX=0H):EBX.AVX2[bit 5]==0

? Any input ? It appears I can disable the kernel’s use of XSAVE for AVX2 and maybe trick a user-space app that way.

Anyone?

Posted

in

by

db

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *