Enable Retpoline to mitigate Spectre variant 2 (CVE-2017-5715) Solved

Page 3 of 4 FirstFirst 1234 LastLast
  1.    #21

    boombastik said: View Post
    @ddelo If u have time i want from you too make a test
    I want u to download the timer resolution from here:
    -https://vvvv.org/contribution/windows-system-timer-tool
    And i want to restart you machine 10 times. Every time you restart your machine i i want from you to write down the current timer info like the photo and tell me if is always 15,625 or a few times 0,500 (and near it).

    My power cfg shows 15,625 but the timer resolution tool 0.5 many times after i restart my machine.

    Hi Bampi,
    Are you watching me?.....
    I was playing around with the powercfg report in Powershell, last week, but to be honest I never saw the timer interrupt thingy...

    I'll definitely test what you said, but I want some time, since I just got back my laptop from a repair and I need to set things back to normal!
    I'll send you my results the soonest possible.

    P.S. You had to put the image in Greek ehhh.....? With these damn translations that I don't understand.
    Although born and raised in Athens, I studied Computer Science at UofT in Toronto and I have difficulty understanding the Greek translation of the computer jargon. But I'll manage. After all it's my mother tongue!

    Take care man. I'll be back in a couple of days with the results.
    Last edited by ddelo; 14 Apr 2019 at 04:01.
      My ComputerSystem Spec

  2.    #22

    @boombastik
    As requested, here are the results:

    I run the test (as you described it) more than 15 times and the results were identical every time!
    The image below is the outcome of the last test (the 15th), which is exactly the same with the other 14.

    Please note that the tests were performed on Windows 10 Pro x64, v. 1809 17763.437


    Click image for larger version. 

Name:	TimerResolution15.png 
Views:	3 
Size:	118.5 KB 
ID:	230657


    What I don't understand, after reading the tech blog of Bruce Dawson, is why powercfg reports current timer resolution of 15.625ms (every single time), whereas both Sysinternals clockres and TimerTool always report it as 0.499ms.

    Hope you can shed some light on this...
      My ComputerSystem Spec

  3.    #23

    @ddelo Open the CPUz latest version 1.88. In the section tools it have the timers options. Run it for 200 sec and post the results.
    Click image for larger version. 

Name:	Χωρίς τίτλο.jpg 
Views:	49 
Size:	99.4 KB 
ID:	230659
      My ComputerSystem Spec

  4.    #24

    boombastik said: View Post
    @ddelo Open the CPUz latest version 1.88. In the section tools it have the timers options. Run it for 200 sec and post the results.
    Click image for larger version. 

Name:	Χωρίς τίτλο.jpg 
Views:	49 
Size:	99.4 KB 
ID:	230659

    Here it its:

    Click image for larger version. 

Name:	CPU-zTimers.png 
Views:	47 
Size:	43.2 KB 
ID:	230662

    What does that tell us?
    ACPI (Advanced Configuration and Power Interface) = QPC (QueryPerformanceCounter) = RTC (Real Time Clock)…. they're the same. And..?
    What does that mean with regards to my question, for the difference in current timer resolution between powercfg and TimerTool/Clockres?
      My ComputerSystem Spec

  5.    #25

    clockres detects kernel and non-kernel timer interrupts. powercfg only detects non-kernel timer interrupts. So a kernel driver built in Microsoft change it and forget to change it back. I dont know for sure but that seems a bug. U may use feedback option in Microsoft and tell about it. I have seen only in haswell and broadwell pcs. Send also your picture that posted here. I have already posted it in feedback but more are better And you may write it better as you know better english.

    For the cpuz i asked because i wanted to see if u have rtc drifting it has nothing to do with timer resolution.
      My ComputerSystem Spec

  6.    #26

    boombastik said: View Post
    clockres detects kernel and non-kernel timer interrupts. powercfg only detects non-kernel timer interrupts. So a kernel driver built in Microsoft change it and forget to change it back. I dont know for sure but that seems a bug. U may use feedback option in Microsoft and tell about it. I have seen only in haswell and broadwell pcs. Send also your picture that posted here. I have already posted it in feedback but more are better And you may write it better as you know better english.

    For the cpuz i asked because i wanted to see if u have rtc drifting it has nothing to do with timer resolution.

    Thanks a lot for the explanation Bampi!

    So the actual timer resolution is the one presented by Russinovich (clockres).

    The good thing is that none of my installed apps and drivers changes the timer resolution!
    On the other hand, MS either by mistake or in purpose change the kernel timer interval to 0.5ms...I will post it in feedback to see if we get any reaction (I seriously doubt it, but it won't hurt trying!)
    Last edited by ddelo; 04 Jun 2019 at 04:41.
      My ComputerSystem Spec



  7. Posts : 1
    Windows 10 1809
       #27

    So stupid question. I have applied 1809 updates and Retpoline is enabled, but I notice when I run Get-SpeculationControlSettings the SSBDWindowsSupportEnabledSystemWide: is False. The only way for me to get this to True, is to change the below registry entries, which were the original fix. So if I am reading this right, with Retpoline enabled, this SHOULD be false?

    To enable mitigations for CVE-2018-3639 (Speculative Store Bypass), default mitigations for CVE-2017-5715 (Spectre Variant 2) and CVE-2017-5754 (Meltdown):

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
      My ComputerSystem Spec

  8.    #28

    @ddelo the timer resolution fixed in new windows? can u test?
      My ComputerSystem Spec

  9.    #29

    boombastik said: View Post
    @ddelo the timer resolution fixed in new windows? can u test?

    Fix what....?
    Mine was ACPI (Advanced Configuration and Power Interface) = QPC (QueryPerformanceCounter) = RTC (Real Time Clock), in v1809
    and still is in 1903.
      My ComputerSystem Spec

  10.    #30

    lmskk said: View Post
    So stupid question. I have applied 1809 updates and Retpoline is enabled, but I notice when I run Get-SpeculationControlSettings the SSBDWindowsSupportEnabledSystemWide: is False. The only way for me to get this to True, is to change the below registry entries, which were the original fix. So if I am reading this right, with Retpoline enabled, this SHOULD be false?

    To enable mitigations for CVE-2018-3639 (Speculative Store Bypass), default mitigations for CVE-2017-5715 (Spectre Variant 2) and CVE-2017-5754 (Meltdown):

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    Hi and welcome to TenForums
    First things first... stupid question is only the one that hasn't been asked....

    Second, Microsoft Cumulative Update KB4494441 (OS Build 17763.503), enables “Retpoline” by default if Spectre Variant 2 (CVE-2017-5715) is enabled. In other words, Retpoline is enabled by default, in Clent SKUs with a Retpoline capable CPU, without the need to alter the Registry in any way!

    So if you want SSBDWindowsSupportEnabledSystemWide to be True, yes you need to add the two registry entries with the values 8 and 3.
    You can read about it here

    In my system, I haven't added the two registry entries which results to SSBDWindowsSupportEnabledSystemWide not enabled (=False). That's my choice though and I cannot suggest to anyone that it's the correct one!
      My ComputerSystem Spec


 
Page 3 of 4 FirstFirst 1234 LastLast

Related Threads
Source: Mitigating Spectre variant 2 with Retpoline on Windows - Microsoft Tech Community - 295618
Source: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190006
Source: https://support.microsoft.com/en-us/help/4078407/update-to-enable-mitigation-against-spectre-variant-2 Direct download link for KB4078407 EXE file from Microsoft Update Catalog: :arrow: Download KB4078407 MSU for Windows 10,Windows...
Source: https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2 Direct download link for KB4078130 EXE file from Microsoft Update Catalog: :arrow: Download KB4078130 MSU for Windows 10, Windows...
Read more (PDF): https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 11:28.
Find Us