-
Notifications
You must be signed in to change notification settings - Fork 250
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xsimd::available_architectures() fails to skip CPU features when they are explicitly disabled by OS #1025
Comments
thanks for reporting. After reading the linked document it looks like checking xcr0 is the de facto good practice for AVX+ support check. No need for another API here. PR welcome! |
serge-sans-paille
pushed a commit
that referenced
this issue
May 28, 2024
Some CPU vulnerability mitigations may disable AVX functionality on the hardware level via the XCR0 register. We should check that manually to verify that OS actually allows us to use this feature. See https://bugs.kde.org/show_bug.cgi?id=484622 Fix #1025
serge-sans-paille
pushed a commit
that referenced
this issue
May 28, 2024
Some CPU vulnerability mitigations may disable AVX functionality on the hardware level via the XCR0 register. We should check that manually to verify that OS actually allows us to use this feature. See https://bugs.kde.org/show_bug.cgi?id=484622 Fix #1025
serge-sans-paille
pushed a commit
that referenced
this issue
May 28, 2024
Some CPU vulnerability mitigations may disable AVX functionality on the hardware level via the XCR0 register. We should check that manually to verify that OS actually allows us to use this feature. See https://bugs.kde.org/show_bug.cgi?id=484622 Fix #1025
Thanks for forward-porting the patch! :) It was in my todo-list, but I became distracted by the upcoming release :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
According to Intel's manual AVX and AVX512 can be explicitly disabled by the OS by setting corresponding bits of XCR0 register. It seems like Linux uses this feature to mitigate some hardware security issues in the CPU. In such a case, AVX instructions will still be declared in CPUID instruction, but will cause SIGILL when actually used.
Linux's manual says that userspace applications must check both, CPUID and XCR0, otherwise application is considered buggy.
Linux manual related to GDS vulnerability:
https://docs.kernel.org/admin-guide/hw-vuln/gather_data_sampling.html
tldr; pass
clearcpuid=avx
orclearcpuid=156
to the kernel command line and every AVX instruction will cause SIGILL even though CPUID declares its support.Related Krita bug:
https://bugs.kde.org/show_bug.cgi?id=484622
I have made a patch that disables corresponding instructions in XSIMD 8.1.0 when XCR0 says so:
https://invent.kde.org/dkazakov/krita-deps-management/-/blob/master/ext_xsimd/0001-Fix-detection-of-SSE-AVX-AVX512-when-they-are-explic.patch?ref_type=heads
Though I'm not very sure if I should make an upstream version of it? Is XCR0 check a part of the scope of XSIMD library? Should it be "embedded" into
xsimd::available_architectures()
API or there should be a separate function call for that and user should manually decide how to handle XCR0 flags?Speaking truly, I don't know how other operating systems handle XCR0 setup and if SSE and AVX512 instructions can actually be disabled by OS in this way. According to the Intel docs, SSE cannot be disabled with XCR0, but AVX512 can (if any of the three corresponding bits of XCR0 are disabled). Though I cannot tell for sure since I cannot test.
The text was updated successfully, but these errors were encountered: