Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751453AbeAEBew (ORCPT + 1 other); Thu, 4 Jan 2018 20:34:52 -0500 Received: from marcansoft.com ([212.63.210.85]:40280 "EHLO mail.marcansoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751196AbeAEBev (ORCPT ); Thu, 4 Jan 2018 20:34:51 -0500 X-Greylist: delayed 324 seconds by postgrey-1.27 at vger.kernel.org; Thu, 04 Jan 2018 20:34:51 EST Subject: Re: Bricked x86 CPU with software? To: Tim Mouraveiko , Pavel Machek Cc: linux-kernel@vger.kernel.org References: <5A4D7986.2138.FDC590CF@tim.ml.ipcopper.com> <5A4EA724.8051.25FC07E@tim.ml.ipcopper.com> <20180104224018.GA20860@amd> <5A4ED320.12153.79B887@tim.ml.ipcopper.com> From: Hector Martin 'marcan' Message-ID: <4db2b83b-97a2-4926-e1a2-93a256d625e0@marcan.st> Date: Fri, 5 Jan 2018 10:29:25 +0900 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <5A4ED320.12153.79B887@tim.ml.ipcopper.com> Content-Type: text/plain; charset=utf-8 Content-Language: es-ES Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On 2018-01-05 10:21, Tim Mouraveiko wrote: >> On Thu 2018-01-04 14:13:56, Tim Mouraveiko wrote: >> Actually... I don't think your code works. That's why I'm curious. But >> if it works, its rather a big news... and I'm sure Intel and cloud >> providers are going to be interested. >> > > I first discovered this issue over a year ago, quite by accident. I changed the code I was > working on so as not to kill the CPU (as that is not what I was trying to). We made Intel aware > of it. They didn´t care much, one of their personnel suggesting that they already knew about it > (whether this is true or not I couldn´t say). It popped up again later, so I had to fix the code > again. It could be a buggy implementation of a certain x86 functionality, but I left it at that > because I had better things to do with my time. > > Now this news came up about meltdown and spectre and I was curious if anyone else had > experienced a dead CPU by software, too. Meltdown and spectre are undeniably a problem, > but the magnitude and practicality of it is questionable. > > I suspect that what I discovered is either a kill switch, an unintentional flaw that was > implemented at the time the original feature was built into x86 functionality and kept > propagating through successive generations of processors, or could well be that I have a > very destructive and targeted solar flare that is after my CPUs. So, I figured I would put the > question out there, to see if anyone else had a similar experience. Putting the solar flare idea > aside, I can´t conclusively say whether it is a flaw or a feature. Both options are supported at > this time by my observations of the CPU behavior. > If you made Intel aware of the issue a year ago, and they weren't interested, then the responsible thing to do is disclose the problem publicly. This is a security issue (if trusted code can brick a CPU, it's an issue for bare metal hosting providers; if untrusted code can brick a CPU, it's a *huge* issue for every cloud provider and many, many others who run code in various sandboxes). If the vendor is not receptive to coordinated disclosure, the only option is public disclosure to at least make people aware of the problem and allow for mitigations to be developed, if possible. Personally, I would be very interested in seeing such code. We've seen several ways to brick nonvolatile firmware (writable BIOSes, bad CMOS data, etc.), but bricking a CPU is a first. The only way that can happen is either blowing a kill fuse, or causing actual hardware damage, since CPUs have no nonvolatile memory other than fuses. Either way this would be a very interesting result. -- Hector Martin "marcan" (marcan@marcan.st) Public Key: https://mrcn.st/pub