11.1-p8 (feature IBRS) breaks ACPI and crashes the system

PMc

Member

Thanks: 27
Messages: 96

#1
After upgrading from RELEASE 11.1-p7 to RELEASE 11.1-p8, a new feature appears, called hw.ibrs_active

This feature, when activated, is dangerous: it will crash the system at the next time a suspend-to-RAM is performed (reboot without dump).

This works as well the other way: if the system has ever been suspended-to-RAM beforehand, then activating this feature will as well perform a system crash (CPU crash without dump).

The behaviour is a little bit erratic: on some occasion, "acpiconf -s 3" will just become a no-op, on other occasion the hw.ibrs_active will not activate, on other occasion the system will render unbootable (and require a full disconnect primary), and in any case you will have some fun...

(As this stuff seems to be CPU-related: here it is i5-3570T)
 
OP
OP
PMc

PMc

Member

Thanks: 27
Messages: 96

#2
Thought I give it a try and see what's the behaviour with Rel. 11.2.
Surprize: hibernation works again!

But then, the reason is also quickly found:

Code:
kernel: Structured Extended Features3=0xc000000<IBPB,STIBP>
# sysctl hw.ibrs_disable hw.ibrs_active
hw.ibrs_disable: 0
hw.ibrs_active: 0
Seems that the so-called mitigation is no longer working in 11.2

Well, maybe it's no longer necessary? But then, surprizingly, the Security Advisory SA-18:03 is explicitely mentioned in the Release Notes, and it is not mentioned that this has been removed in 11.2.
 

fernandel

Aspiring Daemon

Thanks: 130
Messages: 619

#3
Thought I give it a try and see what's the behaviour with Rel. 11.2.
Surprize: hibernation works again!

But then, the reason is also quickly found:

Code:
kernel: Structured Extended Features3=0xc000000<IBPB,STIBP>
# sysctl hw.ibrs_disable hw.ibrs_active
hw.ibrs_disable: 0
hw.ibrs_active: 0
Seems that the so-called mitigation is no longer working in 11.2

Well, maybe it's no longer necessary? But then, surprizingly, the Security Advisory SA-18:03 is explicitely mentioned in the Release Notes, and it is not mentioned that this has been removed in 11.2.
On mine FreeBSD 11.2 _RELEASE (amd64) I have:

Code:
sysctl hw.ibrs_disable
hw.ibrs_disable: 0
sysctl hw.ibrs_active
hw.ibrs_active: 1
 
OP
OP
PMc

PMc

Member

Thanks: 27
Messages: 96

#4
Yes, exactly that was the behaviour here with 11.1-p8.

Now with 11.2 I have this behaviour:
Code:
# sysctl hw.ibrs_disable
hw.ibrs_disable: 0
# sysctl hw.ibrs_active
hw.ibrs_active: 0
 
Top