Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Encryption-related regression/connection issues with 10th/11th gen Intel + new AMD CPUs

See original GitHub issue

Describe the bug

There is some encryption-related bug where players are only able to play for a short time before communication essentially ceases and no actions go through to Geyser if the server is running a 10th or 11th generation Intel processor. It appears not all 10th generation Intel processors are affected, but potentially all 11th generation processors are.

There is a temporary fix: add the following JVM parameters to your startup arguments: -XX:+UnlockDiagnosticVMOptions -XX:-UseAESCTRIntrinsics (add these before -jar)

To Reproduce

Join Bedrock from a modern Intel processor.

Expected behaviour

work

Screenshots / Videos

No response

Server Version and Plugins

No response

Geyser Dump

No response

Geyser Version

As of https://github.com/GeyserMC/Geyser/commit/7bd5b595650322d8915558731a282985235d1d07

Minecraft: Bedrock Edition Version

No response

Additional Context

😦

Issue Analytics

State:
Created 2 years ago
Reactions:12
Comments:10 (4 by maintainers)

Top GitHub Comments

1reaction

Camotoycommented, Sep 30, 2022

Unless a new Raspberry Pi model was introduced with AVX-512 support, it is very likely not affected. Same with a Xeon processor for 2012. Make sure you’re using the latest Geyser version, and if the issue persists please make a new issue.

1reaction

AJ-Fergusoncommented, Aug 5, 2022

Posting for those interested.

Yes, it is an OpenJDK bug that only affects processors with AVX-512. The bug seems to occur when encrypting/decrypting less than 16 bytes at a time. The relevant code is here https://github.com/openjdk/jdk/blob/9bff3b76f2e5d0ecede6c0d4042f65d377a28325/src/hotspot/cpu/x86/macroAssembler_x86_aes.cpp#L783-L814

It looks like the preloop assumes there is at least 16 bytes of input, leading to corruption of the cipher state such as the counter variable.

A bug report and potential fix has been sent. Waiting on their response.

Top Results From Across the Web

A new vulnerability in Intel and AMD CPUs lets hackers steal ...

A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys. Hertzbleed attack targets power-conservation feature found on ...

New Hertzbleed Side Channel Attack Affects All Modern AMD ...

Researchers unveil a new class of side-channel attacks dubbed 'Hertzbleed" that affect all modern AMD and Intel processors.

Software Guard Extensions - Wikipedia

Intel Software Guard Extensions (SGX) is a set of security-related instruction codes that are built into some Intel central processing units (CPUs). ......

AMD Ryzen 7 5800X vs. Intel Core i7-11700K - TechSpot

We've heard that the new 11th-gen CPUs perform really well in ... we saw with Intel's 11th gen Core series was the regression...

Intel vs AMD Processor Security: Who Makes the Safest CPUs?

The multi-decade long fight between Intel and AMD has recently taken a new dimension, as more users begin to wonder which processors can ......