I will be helping with a hardware security class in the spring, and I am currently setting up some of the labs for the class. One of the labs we are doing is a cache side-channels lab where we look at attacks/communication that can occur through cache side-channels. The lab will be based of this MIT lab, which you can find here.
An important part of this lab is determining the cache latencies on the lab machines. However, hardware prefetching complicates this issue. Prefetching can skew the cache latency measurements if it works correctly.
(Output of lscpu is at the bottom, along with os information)
To disable hardware prefetching, I started by finding the model specific registers associated with hardware prefetching in the Intel 64 and IA-32 Software Developers Manual Vol. 4. I found the registers that I wanted to adjust, 0x1A0 (page 68 of the manual). I downloaded a copy of msr tools onto my machine, and then read the value of 0x1A0 to make sure that things were working okay.
$ sudo rdmsr 416 -0
0000000000850089
This value basically indicated that prefetching is enabled (which was the expected behavior, as normally it should be enabled). Note that 416 is the base ten equivalent to 0x1A0.
I then attempted to write a new value to register 0x1A0 which would disable the hardware prefetcher by setting bit 9 (page 68 of the manual talks about which bits control hardware prefetching).
$ sudo wrmsr 416 850601
wrmsr: CPU 0 cannot set MSR 0x000001a0 to 0x00000000000cfaa9
Here I just get this message that it cannot be set. On the msr-tools page it says you may need to run modprobe msr prior to writing a model-specific register, but when doing that I get the same result.
$ sudo modprobe msr
$ sudo wrmsr 416 850601
wrmsr: CPU 0 cannot set MSR 0x000001a0 to 0x00000000000cfaa9
I tried this on each cpu (e.g. cpu 0, 1, 2...) and it failed on each one. I suspect that the processor I am using just does not support disabling of the hardware prefetcher, but I would like to confirm that. I have followed several links and leads through the Intel Software Developer Manuals and through the chipset datasheet but I have not been able to find a suitable answer. So again, I return to my question, how can I tell if my Intel CPU supports disabling hardware prefetching?
I feel that I have been bouncing around manuals long enough that I thought I would see if someone on the internet could point me in the right direction.
This is my first time working with model specific registers and posting on stack overflow, so if I'm missing some key information about msrs or I'm doing this post wrong, please let me know!
$ lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 39 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 8
On-line CPU(s) list: 0-7
Vendor ID: GenuineIntel
Model name: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
CPU family: 6
Model: 60
Thread(s) per core: 2
Core(s) per socket: 4
Socket(s): 1
Stepping: 3
CPU max MHz: 4000.0000
CPU min MHz: 800.0000
BogoMIPS: 7183.36
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx f
xsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_
good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx e
st tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer
aes xsave avx f16c rdrand lahf_lm abm cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp
tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms inv
pcid xsaveopt dtherm ida arat pln pts md_clear flush_l1d
Virtualization features:
Virtualization: VT-x
Caches (sum of all):
L1d: 128 KiB (4 instances)
L1i: 128 KiB (4 instances)
L2: 1 MiB (4 instances)
L3: 8 MiB (1 instance)
NUMA:
NUMA node(s): 1
NUMA node0 CPU(s): 0-7
Vulnerabilities:
Itlb multihit: KVM: Mitigation: VMX disabled
L1tf: Mitigation; PTE Inversion; VMX conditional cache flushes, SMT vulnerable
Mds: Mitigation; Clear CPU buffers; SMT vulnerable
Meltdown: Mitigation; PTI
Mmio stale data: Unknown: No mitigations
Retbleed: Not affected
Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Retpolines, IBPB conditional, IBRS_FW, STIBP conditional, RSB filling, PBRSB-eIBRS
Not affected
Srbds: Mitigation; Microcode
Tsx async abort: Not affected
$ uname -a
Linux 5.19.0-45-generic #46~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Jun 7 15:06:04 UTC 20 x86_64 x86_64 x86_64 GNU/Linux