CVS commit: src/sys/arch/x86

matthew green Mon, 24 Jul 2023 18:09:21 -0700

Module Name:    src
Committed By:   mrg
Date:           Tue Jul 25 01:09:05 UTC 2023


Modified Files:
        src/sys/arch/x86/include: specialreg.h
        src/sys/arch/x86/x86: errata.c

Log Message:
x86: turn off zenbleed chicken bit on Zen2 cpus.

this is based upon Taylor's original work.  i just made the list
of CPUs to run on correct as i could determine.  (also, add some
Zen3 and Zen4 cpuids not yet used by any errata.)

(might be nice to have a better way to expression revision ranges
rather than specific cpuid matches, eg, 0x30-0x4f models in a cpu
family, etc.)

tested on ryzen 3600, and a ported zenbleed PoC that no longer
shows any obtained text.  (a similar module-version of it stopped
the PoC on a ryzen 3950x without having to reboot.)

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
https://lock.cmpxchg8b.com/zenbleed.html


To generate a diff of this commit:
cvs rdiff -u -r1.206 -r1.207 src/sys/arch/x86/include/specialreg.h
cvs rdiff -u -r1.30 -r1.31 src/sys/arch/x86/x86/errata.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/x86/include/specialreg.h
diff -u src/sys/arch/x86/include/specialreg.h:1.206 src/sys/arch/x86/include/specialreg.h:1.207
--- src/sys/arch/x86/include/specialreg.h:1.206	Tue Apr 11 06:42:30 2023
+++ src/sys/arch/x86/include/specialreg.h	Tue Jul 25 01:09:05 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: specialreg.h,v 1.206 2023/04/11 06:42:30 msaitoh Exp $	*/
+/*	$NetBSD: specialreg.h,v 1.207 2023/07/25 01:09:05 mrg Exp $	*/
 
 /*
  * Copyright (c) 2014-2020 The NetBSD Foundation, Inc.
@@ -1394,6 +1394,7 @@
 #define MSR_DE_CFG	0xc0011029
 #define 	DE_CFG_ERRATA_721	0x00000001
 #define 	DE_CFG_LFENCE_SERIALIZE	__BIT(1)
+#define 	DE_CFG_ERRATA_ZENBLEED	__BIT(9)
 #define 	DE_CFG_ERRATA_1021	__BIT(13)
 
 #define MSR_BU_CFG2	0xc001102a

Index: src/sys/arch/x86/x86/errata.c
diff -u src/sys/arch/x86/x86/errata.c:1.30 src/sys/arch/x86/x86/errata.c:1.31
--- src/sys/arch/x86/x86/errata.c:1.30	Mon Jul 24 23:42:00 2023
+++ src/sys/arch/x86/x86/errata.c	Tue Jul 25 01:09:05 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: errata.c,v 1.30 2023/07/24 23:42:00 riastradh Exp $	*/
+/*	$NetBSD: errata.c,v 1.31 2023/07/25 01:09:05 mrg Exp $	*/
 
 /*-
  * Copyright (c) 2007 The NetBSD Foundation, Inc.
@@ -47,7 +47,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: errata.c,v 1.30 2023/07/24 23:42:00 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: errata.c,v 1.31 2023/07/25 01:09:05 mrg Exp $");
 
 #include <sys/types.h>
 #include <sys/systm.h>
@@ -73,9 +73,12 @@ typedef enum cpurev {
 	JH_E6, SH_B0, SH_B3, SH_C0, SH_CG, SH_D0, SH_E4, SH_E5,
 	DR_BA, DR_B2, DR_B3, RB_C2, RB_C3, BL_C2, BL_C3, DA_C2,
 	DA_C3, HY_D0, HY_D1, HY_D1_G34R1,  PH_E0, LN_B0, KB_A1,
-	ML_A1, ZP_B1, ZP_B2, PiR_B2, OINK
+	ML_A1, ZP_B1, ZP_B2, PiR_B2, Rome_B0, Z2_XB, Z2_Ren,
+	Z2_Luc, Z2_Mat, Z2_VG, Z2_Men, Milan_B1, Milan_B2, Genoa_B1,
+	OINK
 } cpurev_t;
 
+/* These names match names from various AMD Errata/Revision Guides. */
 static const u_int cpurevs[] = {
 	BH_E4, 0x0020fb1, CH_CG, 0x0000f82, CH_CG, 0x0000fb2,
 	CH_D0, 0x0010f80, CH_D0, 0x0010fb0, DH_CG, 0x0000fc0,
@@ -93,7 +96,12 @@ static const u_int cpurevs[] = {
 	HY_D0, 0x0100f80, HY_D1, 0x0100f81, HY_D1_G34R1, 0x0100f91,
 	PH_E0, 0x0100fa0, LN_B0, 0x0300f10, KB_A1, 0x0700F01,
 	ML_A1, 0x0730F01, ZP_B1, 0x0800F11, ZP_B2, 0x0800F12,
-	PiR_B2, 0x0800F82,
+	PiR_B2, 0x0800F82, Rome_B0, 0x0830F10,
+	/* XXX client Zen2 names aren't known yet. */
+	Z2_XB, 0x0840F70, Z2_Ren, 0x0860F80, Z2_Luc, 0x0870F10,
+	Z2_Mat, 0x0890F70, Z2_VG, 0x0890F80, Z2_Men, 0x08A0F10,
+	Milan_B1, 0x0A00F11, Milan_B2, 0x0A00F12,
+	Genoa_B1, 0x0A10F11,
 	OINK
 };
 
@@ -162,6 +170,10 @@ static const uint8_t x86_errata_set15[] 
 	KB_A1, ML_A1, OINK
 };
 
+static const uint8_t x86_errata_set16[] = {
+	Rome_B0, Z2_XB, Z2_Ren, Z2_Luc, Z2_Mat, Z2_VG, Z2_Men, OINK
+};
+
 static bool x86_errata_setmsr(struct cpu_info *, errata_t *);
 static bool x86_errata_testmsr(struct cpu_info *, errata_t *);
 
@@ -361,6 +373,16 @@ static errata_t errata[] = {
 		1095, FALSE, MSR_LS_CFG, x86_errata_set13,
 		x86_errata_setmsr, LS_CFG_ERRATA_1095
 	},
+	/*
+	 * Zenbleed:
+	 * https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
+	 * https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8
+	 * https://lock.cmpxchg8b.com/zenbleed.html
+	 */
+	{
+		-1, FALSE, MSR_DE_CFG, x86_errata_set16,
+		x86_errata_setmsr, DE_CFG_ERRATA_ZENBLEED,
+	},
 };
 
 static bool

CVS commit: src/sys/arch/x86

Reply via email to