Geyser: Encryption-related regression/connection issues with 10th/11th gen Intel + new AMD CPUs

Describe the bug

There is some encryption-related bug where players are only able to play for a short time before communication essentially ceases and no actions go through to Geyser if the server is running a 10th or 11th generation Intel processor. It appears not all 10th generation Intel processors are affected, but potentially all 11th generation processors are (if the processor has AVX-512 support, then it is affected).

Fix

Java versions at, or greater than, 17.0.6 and 19.0.2, and OpenJDK 20 build 17 or greater, have this encryption bug fixed.

If you cannot update to these versions: add the following JVM parameters to your startup arguments: -XX:+UnlockDiagnosticVMOptions -XX:-UseAESCTRIntrinsics (add these before -jar)

Geyser Version

As of https://github.com/GeyserMC/Geyser/commit/7bd5b595650322d8915558731a282985235d1d07

Additional Context

😦

About this issue

  • Original URL
  • State: open
  • Created 2 years ago
  • Reactions: 14
  • Comments: 24 (8 by maintainers)

Most upvoted comments

Posting for those interested.

Yes, it is an OpenJDK bug that only affects processors with AVX-512. The bug seems to occur when encrypting/decrypting less than 16 bytes at a time. The relevant code is here https://github.com/openjdk/jdk/blob/9bff3b76f2e5d0ecede6c0d4042f65d377a28325/src/hotspot/cpu/x86/macroAssembler_x86_aes.cpp#L783-L814

It looks like the preloop assumes there is at least 16 bytes of input, leading to corruption of the cipher state such as the counter variable.

A bug report and potential fix has been sent. Waiting on their response.

+3
AJ-Ferguson on Aug 5, 2022

It’s fixed in 11.0.18, 15.0.10, 17.0.6 and 19.0.2. These versions will all release on 2023-01-17. And you’re right, it’s fixed in build 17 and higher of OpenJDK 20.

After January the 17th it’ll be up to the hosting providers to update their Java versions. Link to the bug tracker: https://bugs.openjdk.org/browse/JDK-8292158

+1
Tim203 on Dec 24, 2022

Unless a new Raspberry Pi model was introduced with AVX-512 support, it is very likely not affected. Same with a Xeon processor for 2012. Make sure you’re using the latest Geyser version, and if the issue persists please make a new issue.

+1
Camotoy on Sep 30, 2022
Read more comments on GitHub
← Geyser: Client freezes when opening up commands for the first time
Geyser: Getting "An exceptionCaught() event was fired.... Index 0 out of bounds for length 0.." on velocity With MiniMOTD plugin and MOTD pass through enabled →