| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230811024748.1331186-1-james.walter.preston@gmail.com>
Date: Thu, 10 Aug 2023 22:47:48 -0400
From: James Preston <james.walter.preston@...il.com>
To: bp@...en8.de
Cc: linux-kernel@...r.kernel.org, x86@...nel.org, tglx@...utronix.de,
peterz@...radead.org, dirk@...ndel.org,
James Preston <james.walter.preston@...il.com>
Subject: [PATCH] x86/cpu/amd: Add Van Gogh to Zenbleed fix
Van Gogh (Steam Deck) is family 17h model 90h, and was missing from the
model range array for the fix.
As the SoC is Zen 2 based it is vulnerable and with no available
microcode updates it currently has no mitigations without the fix.
This patch does not provide any microcode revision to check against to
disable the kernel fix, since that is an unknown. Once such a revision is
available it would then have to be added in cpu_has_zenbleed_microcode().
Signed-off-by: James Preston <james.walter.preston@...il.com>
---
Before patch:
[nameless@...am-deck tmp]$ lscpu | grep -A2 'Model name'
Model name: AMD Custom APU 0405
CPU family: 23
Model: 144
[nameless@...am-deck tmp]$ ./zenbleed -m 4 -t 30
*** EMBARGOED SECURITY ISSUE -- DO NOT DISTRIBUTE! ***
ZenBleed Testcase -- taviso@...gle.com
NOTE: Try -h to see configuration options
Spawning 8 Threads...
Thread 0x7f55e1fff6c0 running on CPU 0
Thread 0x7f55e17fe6c0 running on CPU 1
Thread 0x7f55e0ffd6c0 running on CPU 2
Thread 0x7f55dbfff6c0 running on CPU 3
Thread 0x7f55d3fff6c0 running on CPU 4
Thread 0x7f55db7fe6c0 running on CPU 5
Thread 0x7f55daffd6c0 running on CPU 6
Thread 0x7f55da7fc6c0 running on CPU 7
Thread 04: "%%%%%%%%%%%%%%%%"
Thread 06: "5db7fe6c"
Thread 06: " "
Thread 06: " CPU 1 "
The consumer thread completed, sending cancellation requests...
All threads completed.
Test immediately found strings from sibling threads.
After patch:
[nameless@...am-deck tmp]$ ./zenbleed -m 4 -t 30
*** EMBARGOED SECURITY ISSUE -- DO NOT DISTRIBUTE! ***
ZenBleed Testcase -- taviso@...gle.com
NOTE: Try -h to see configuration options
Spawning 8 Threads...
Thread 0x7f8ac1fff6c0 running on CPU 0
Thread 0x7f8ac17fe6c0 running on CPU 1
Thread 0x7f8ac0ffd6c0 running on CPU 2
Thread 0x7f8abbfff6c0 running on CPU 3
Thread 0x7f8abaffd6c0 running on CPU 5
Thread 0x7f8aba7fc6c0 running on CPU 6
Thread 0x7f8ab9ffb6c0 running on CPU 7
Thread 0x7f8abb7fe6c0 running on CPU 4
Alarm clock
The test found nothing in 30 seconds so the vulnerability is now closed.
The system is operating normally with no ill effects.
arch/x86/kernel/cpu/amd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index b55d8f82b621..506ce9257e35 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -73,6 +73,7 @@ static const int amd_erratum_1054[] =
static const int amd_zenbleed[] =
AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0x30, 0x0, 0x4f, 0xf),
AMD_MODEL_RANGE(0x17, 0x60, 0x0, 0x7f, 0xf),
+ AMD_MODEL_RANGE(0x17, 0x90, 0x0, 0x90, 0xf),
AMD_MODEL_RANGE(0x17, 0xa0, 0x0, 0xaf, 0xf));
static const int amd_div0[] =
base-commit: 25aa0bebba72b318e71fe205bfd1236550cc9534
--
2.41.0
Powered by blists - more mailing lists