lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140114114133.GA31473@khazad-dum.debian.net>
Date:	Tue, 14 Jan 2014 09:41:33 -0200
From:	Henrique de Moraes Holschuh <hmh@....eng.br>
To:	X86 ML <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org>
Subject: AMD errata 793 (CVE-2013-6885) needs a workaround in Linux?

I just got this assigned to amd64-microcode in Debian, but it is something
that needs to be worked around by the EFI/BIOS and/or the kernel.

Since we all know just how well it pans out to depend on BIOS/EFI updates
for *anything*, I'm raising the issue here.  IMHO looks like it would be
worthwhile to either set the relevant MSR in the kernel if the BIOS didn't
do it, or at least warn the user of the need for a BIOS/EFI update...

It is the usual hangs-core type of CPU errata (therefore, the best type
since it won't cause silent data corruption).  gcc-produced code managed to
trigger it (in DragonFly BSD).

A quick search under arch/x86 did not locate any existing workaround for
this issue.


Date: Wed, 27 Nov 2013 21:23:37 -0500 (EST)
From: cve-assign@...re.org
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE-2013-6885 AMD Publ. 51810 Errata 793 system hang

The person who requested CVE-2013-6885 asked that we send the CVE
assignment here because various open-source software will probably be
adding code to prevent this denial of service attack.

http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf
http://lists.dragonflybsd.org/pipermail/kernel/2011-December/046594.html
http://www.zdnet.com/blog/hardware/amd-owns-up-to-cpu-bug/18924

  793 Specific Combination of Writes to Write Combined Memory
  Types and Locked Instructions May Cause Core Hang

  Under a highly specific and detailed set of internal timing
  conditions, a locked instruction may trigger a timing sequence whereby
  the write to a write combined memory type is not flushed, causing the
  locked instruction to stall indefinitely.

  Potential Effect on System
  Processor core hang.

  Suggested Workaround
  BIOS should set MSRC001_1020[15] = 1b.

  No fix planned

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ