Microsoft releases update to reverse problematic Spectre patch
Click here to post a comment for Microsoft releases update to reverse problematic Spectre patch on our message forum
tsunami231
tsunami231
arg stupid dbl posts
Berke53
fOrTy_7
Hi,
Microsoft implemented Reptoline for 1809 and later builds and recommeds to enable Spectre v2 warrant mitigation.
https://support.microsoft.com/en-gb/help/4494441/windows-10-update-kb4494441
I used recommended settings from this site to disable Spectre v2 warrant mitigation in the past.
FeatureSettingsOverride = 0x1
FeatureSettingsOverrideMask = 0x1
Can someone explain the role of FeatureSettingsOverrideMask?
FeatureSettingsOverride is pretty straight forward.
01b - Spectre v2 disabled
10b - Meltdown disabled
11b - Both Disabled
FeatureSettingsOverrideMask
01b - masking / checking setting Spectre v2 e.g. 01b & 01b
===> What happens here for Meltdown mitigation? Is it disabed due to being masked out by using 0x1 as parameter OR FeatureSettingsOverride override setting is ignored for Meltdown and it uses operating system defaults e.g default ON for client systems.
10b - masking / checking settings Meltdown e.g. 01b & 10b
11b - masking / checking both settings Spectre v2 and Meltdown, 01b & 11b
https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot
FeatureSettingsOverride represents a bitmap that overrides the default setting and controls which mitigations will be disabled. Bit 0 controls the mitigation that corresponds to CVE-2017-5715. Bit 1 controls the mitigation that corresponds to CVE-2017-5754. The bits are set to 0 to enable the mitigation and to 1 to disable the mitigation.
FeatureSettingsOverrideMask represents a bitmap mask that's used together with FeatureSettingsOverride. In this situation, we use the value 3 (represented as 11 in the binary numeral or base-2 numeral system) to indicate the first two bits that correspond to the available mitigations. This registry key is set to 3 both to enable or to disable the mitigations.
fOrTy_7
It's hard to say how this freaking mask works since if you enable all mitigations, they still use mask 0x3 (11b).
And it looks like they re-purposed meaning of set bit for bits 3 and higher in FeatureSettingsOverride registry setting.
Now 1b means the mitigation is enabled. What the actual fuck, Microsoft? You can't keep own convention here?
To enable mitigations for Microarchitectural Data Sampling (CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130) along with Spectre [ CVE-2017-5753 & CVE-2017-5715 ] and Meltdown [ CVE-2017-5754 ] variants, including Speculative Store Bypass Disable (SSBD) [ CVE-2018-3639 ] as well as L1 Terminal Fault (L1TF) [ CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646 ] with Hyper-Threading disabled:
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8264 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
I found this app, was shown somewhere on guru3d some time ago.
It looks like Meltdown is still enabled with settings
FeatureSettingsOverride = 0x1
FeatureSettingsOverrideMask = 0x1
https://www.grc.com/inspectre.htm
https://i.postimg.cc/tgcW4Q1R/spectre.png