CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2023/07/24 22:42:02 Modified files: sys/arch/amd64/amd64: cpu.c sys/arch/i386/i386: machdep.c Log message: Some hypervisors (such as Hertzner) allow msr read of DE_CFG (which does not indicate bit 9 set, but they could have a firmware fix) but then block a msr write to bit 9 (which disables enough AVX optimizations to prevent the exfiltration of data), with a fault. So let's also check the HV bit before we decide to modify the bit. hypervisors are expected to set that bit. tested by lucas at sexy dot is. with jsg, ok mlarkin
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: bl...@cvs.openbsd.org 2023/07/24 14:37:06 Modified files: . : errata72.html errata73.html Log message: Release amd cpu firmware and wscons errata.
Re: CVS: cvs.openbsd.org: src
On Mon, Jul 24, 2023 at 01:38:48PM -0600, Alexander Bluhm wrote: > CVSROOT: /cvs > Module name: src > Changes by: bl...@cvs.openbsd.org 2023/07/24 13:38:48 > > Modified files: > sys/dev/wscons : Tag: OPENBSD_7_3 wsemul_sun.c wsemul_vt100.c > > Log message: > Make sure we do not increase the escape sequence argument count beyond usable > bounds, in case escape sequences end up with too many semicolons. > Without this, the kernel could be made to access random memory after receiving > some specially crafted DCS or CSI terminal escape sequences. > > Reported by David Leadbeater (dgl, dgl dot cx) > from miod@ this is errata/7.3/014_wscons.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2023/07/24 13:43:34 Modified files: sys/dev/wscons : Tag: OPENBSD_7_2 wsemul_sun.c wsemul_vt100.c Log message: Make sure we do not increase the escape sequence argument count beyond usable bounds, in case escape sequences end up with too many semicolons. Without this, the kernel could be made to access random memory after receiving some specially crafted DCS or CSI terminal escape sequences. Reported by David Leadbeater (dgl, dgl dot cx) from miod@ this is errata/7.2/036_wscons.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2023/07/24 13:38:48 Modified files: sys/dev/wscons : Tag: OPENBSD_7_3 wsemul_sun.c wsemul_vt100.c Log message: Make sure we do not increase the escape sequence argument count beyond usable bounds, in case escape sequences end up with too many semicolons. Without this, the kernel could be made to access random memory after receiving some specially crafted DCS or CSI terminal escape sequences. Reported by David Leadbeater (dgl, dgl dot cx) from miod@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2023/07/24 13:33:29 Modified files: sys/kern : init_sysent.c syscalls.c sys/sys: syscall.h syscallargs.h Log message: Regen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2023/07/24 13:33:26 Modified files: sys/arch/amd64/amd64: Tag: OPENBSD_7_2 cpu.c ucode.c sys/arch/amd64/stand/boot: Tag: OPENBSD_7_2 conf.c sys/arch/amd64/stand/cdboot: Tag: OPENBSD_7_2 conf.c sys/arch/amd64/stand/efi32: Tag: OPENBSD_7_2 conf.c sys/arch/amd64/stand/efi64: Tag: OPENBSD_7_2 conf.c sys/arch/amd64/stand/efiboot: Tag: OPENBSD_7_2 conf.c exec_i386.c sys/arch/amd64/stand/libsa: Tag: OPENBSD_7_2 exec_i386.c sys/arch/amd64/stand/pxeboot: Tag: OPENBSD_7_2 conf.c sys/arch/i386/i386: Tag: OPENBSD_7_2 machdep.c ucode.c sys/arch/i386/stand/boot: Tag: OPENBSD_7_2 conf.c sys/arch/i386/stand/cdboot: Tag: OPENBSD_7_2 conf.c sys/arch/i386/stand/libsa: Tag: OPENBSD_7_2 exec_i386.c pciprobe.c sys/arch/i386/stand/pxeboot: Tag: OPENBSD_7_2 conf.c usr.sbin/fw_update: Tag: OPENBSD_7_2 patterns.c Log message: BOOTARG_UCODE for AMD from jsg@; ok deraadt@ update AMD CPU microcode if a newer patch is available from jsg@; ok deraadt@ match AMD x86 CPUs in fw_update(8) from jsg@; ok deraadt@ after the boot block changes on i386, sthen noticed a dmesg change -pci0 at mainbus0 bus 0: configuration mode 1 (bios) +pci0 at mainbus0 bus 0: configuration mode 1 (no bios) deraadt then spent many hours narrowing down the problem to the inline assembly in pciprobe(). It tried to save the carry flag result of pci bios present. But did so after a shift which sets the carry flag. Ask for CF in the output and avoid the shift. from jsg@; ok deraadt@ kettenis@ Set DE_CFG[9] -- a chickenbit which stops Zenbleed. The chickenbit may have other side-effects (not disclosed by AMD), and firmwares fixes may be better (and have other side-effects, same story). Newer processors will probably be validated more carefully by AMD. Issue found by Tavis Ormandy. This is errata 7.2/033_amdcpu.patch.sig and 7.3/011_amdcpu.patch.sig Zenbleed also blocked on select cpus by using errata 7.3/012_amdfirmware.patch.sig + 7.3/013_amdcpufirmware.patch / 7.2/034_amdfirmware.patch.sig + 7.2/035_amdcpufirmware.patch.sig which load AMD cpu firmwares (firmware.openbsd.org is updated often to contain the best firmwares) from deraadt@; ok jsg this is errata/7.2/033_amdcpu.patch.sig errata/7.2/034_amdfirmware.patch.sig errata/7.2/035_amdcpufirmware.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2023/07/24 13:32:23 Modified files: sys/kern : syscalls.master Log message: Fix prototype of getlogin_r syscall to match userland prototype (use size_t for the length argument). Fortunately, this only affects 64-bit platforms and all of those would pass the argument in registers, so there is no BE64 regression to expect and no need to renumber that system call. Found with afresh1@ as part of his perl syscall emulator.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2023/07/24 13:31:40 Modified files: sys/arch/amd64/amd64: Tag: OPENBSD_7_3 cpu.c ucode.c sys/arch/amd64/stand/boot: Tag: OPENBSD_7_3 conf.c sys/arch/amd64/stand/cdboot: Tag: OPENBSD_7_3 conf.c sys/arch/amd64/stand/efi32: Tag: OPENBSD_7_3 conf.c sys/arch/amd64/stand/efi64: Tag: OPENBSD_7_3 conf.c sys/arch/amd64/stand/efiboot: Tag: OPENBSD_7_3 conf.c exec_i386.c sys/arch/amd64/stand/libsa: Tag: OPENBSD_7_3 exec_i386.c sys/arch/amd64/stand/pxeboot: Tag: OPENBSD_7_3 conf.c sys/arch/i386/i386: Tag: OPENBSD_7_3 machdep.c ucode.c sys/arch/i386/stand/boot: Tag: OPENBSD_7_3 conf.c sys/arch/i386/stand/cdboot: Tag: OPENBSD_7_3 conf.c sys/arch/i386/stand/libsa: Tag: OPENBSD_7_3 exec_i386.c pciprobe.c sys/arch/i386/stand/pxeboot: Tag: OPENBSD_7_3 conf.c usr.sbin/fw_update: Tag: OPENBSD_7_3 patterns.c Log message: BOOTARG_UCODE for AMD from jsg@; ok deraadt@ update AMD CPU microcode if a newer patch is available from jsg@; ok deraadt@ match AMD x86 CPUs in fw_update(8) from jsg@; ok deraadt@ after the boot block changes on i386, sthen noticed a dmesg change -pci0 at mainbus0 bus 0: configuration mode 1 (bios) +pci0 at mainbus0 bus 0: configuration mode 1 (no bios) deraadt then spent many hours narrowing down the problem to the inline assembly in pciprobe(). It tried to save the carry flag result of pci bios present. But did so after a shift which sets the carry flag. Ask for CF in the output and avoid the shift. from jsg@; ok deraadt@ kettenis@ Set DE_CFG[9] -- a chickenbit which stops Zenbleed. The chickenbit may have other side-effects (not disclosed by AMD), and firmwares fixes may be better (and have other side-effects, same story). Newer processors will probably be validated more carefully by AMD. Issue found by Tavis Ormandy. This is errata 7.2/033_amdcpu.patch.sig and 7.3/011_amdcpu.patch.sig Zenbleed also blocked on select cpus by using errata 7.3/012_amdfirmware.patch.sig + 7.3/013_amdcpufirmware.patch / 7.2/034_amdfirmware.patch.sig + 7.2/035_amdcpufirmware.patch.sig which load AMD cpu firmwares (firmware.openbsd.org is updated often to contain the best firmwares) from deraadt@; ok jsg this is errata/7.3/011_amdcpu.patch.sig errata/7.3/012_amdfirmware.patch.sig errata/7.3/013_amdcpufirmware.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2023/07/24 13:29:39 Modified files: sys/dev/pckbc : pckbd.c Log message: Use RAWKEY constants for scan code tables, rather than magic numbers. No functional change intended.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2023/07/24 13:28:40 Modified files: sys/dev/wscons : wskbdraw.h Log message: Fix scan code value for print screen key.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/07/24 11:08:53 Modified files: lib/libcrypto/ecdh: ecdh.c lib/libcrypto/gost: gostr341001_key.c Log message: Fix two EC_POINT_is_on_curve() checks This API can fail for various reasons, in which case it returns -1, so you need to check if (EC_POINT_is_on_curve_checks(...) <= 0). ok miod
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2023/07/24 11:03:32 Modified files: sys/dev/wscons : wsemul_sun.c wsemul_vt100.c Log message: Make sure we do not increase the escape sequence argument count beyond usable bounds, in case escape sequences end up with too many semicolons. Without this, the kernel could be made to access random memory after receiving some specially crafted DCS or CSI terminal escape sequences. Reported by David Leadbeater (dgl, dgl dot cx)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/07/24 11:00:11 Modified files: regress/lib/libcrypto/ec: ectest.c Log message: Fix EC_POINT_is_on_curve() checks. If not even the idiot who invented this API gets this right...
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/07/24 10:25:02 Modified files: lib/libcrypto/dh: dh_check.c Log message: Fix a minibug in DH_check() Or in the flag, don't overwrite the already set ones. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2023/07/24 08:54:00 Modified files: sys/arch/amd64/amd64: cpu.c sys/arch/amd64/include: specialreg.h sys/arch/i386/i386: machdep.c sys/arch/i386/include: specialreg.h Log message: Set DE_CFG[9] -- a chickenbit which stops Zenbleed. The chickenbit may have other side-effects (not disclosed by AMD), and firmwares fixes may be better (and have other side-effects, same story). Newer processors will probably be validated more carefully by AMD. Issue found by Tavis Ormandy. This is errata 7.2/033_amdcpu.patch.sig and 7.3/011_amdcpu.patch.sig Zenbleed also blocked on select cpus by using errata 7.3/012_amdfirmware.patch.sig + 7.3/013_amdcpufirmware.patch / 7.2/034_amdfirmware.patch.sig + 7.2/035_amdcpufirmware.patch.sig which load AMD cpu firmwares (firmware.openbsd.org is updated often to contain the best firmwares) ok jsg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/07/24 08:02:36 Modified files: sys/arch/i386/stand/libsa: pciprobe.c Log message: after the boot block changes on i386, sthen noticed a dmesg change -pci0 at mainbus0 bus 0: configuration mode 1 (bios) +pci0 at mainbus0 bus 0: configuration mode 1 (no bios) deraadt then spent many hours narrowing down the problem to the inline assembly in pciprobe(). It tried to save the carry flag result of pci bios present. But did so after a shift which sets the carry flag. Ask for CF in the output and avoid the shift. ok deraadt@ kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2023/07/24 04:24:58 Modified files: lib/libcrypto/evp: c_all.c Log message: Remove OPENSSL_cpuid_setup() call from OPENSSL_add_all_algorithms_noconf() OPENSSL_cpuid_setup() used to need to be called from OPENSSL_add_all_algorithms(), as that was the main entry point. These days we do on demand initialisation and there are various paths that lead to OPENSSL_init_crypto() being called, which in turn calls OPENSSL_cpuid_setup(). ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2023/07/24 04:21:29
Modified files:
lib/libcrypto/bn/arch/aarch64: bn_arch.h
Log message:
Mark read/write registers as non-overlapping for bn_qwmulw_{addqw_,}addw()
This does not cause an issue currently, however if called differently to
their current usage, it can lead to an input being overwritten and
incorrect results being generated.
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: jas...@cvs.openbsd.org 2023/07/24 03:53:25 Modified files: images : n1200.jpg Log message: fix rotation
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/07/24 00:56:54 Modified files: lib/libcrypto/asn1: x_name.c Log message: Use C99 initializers for x509_name_ff
