[src/trunk]: src/sys/arch/x86 x86: turn off zenbleed chicken bit on Zen2 cpus.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/arch/x86 x86: turn off zenbleed chicken bit on Zen2 cpus.
From: mrg <mrg%NetBSD.org@localhost>
Date: Tue, 25 Jul 2023 04:36:50 +0000

details:   https://anonhg.NetBSD.org/src/rev/702484e1ed93
branches:  trunk
changeset: 378171:702484e1ed93
user:      mrg <mrg%NetBSD.org@localhost>
date:      Tue Jul 25 01:09:05 2023 +0000

description:
x86: turn off zenbleed chicken bit on Zen2 cpus.

this is based upon Taylor's original work.  i just made the list
of CPUs to run on correct as i could determine.  (also, add some
Zen3 and Zen4 cpuids not yet used by any errata.)

(might be nice to have a better way to expression revision ranges
rather than specific cpuid matches, eg, 0x30-0x4f models in a cpu
family, etc.)

tested on ryzen 3600, and a ported zenbleed PoC that no longer
shows any obtained text.  (a similar module-version of it stopped
the PoC on a ryzen 3950x without having to reboot.)

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
https://lock.cmpxchg8b.com/zenbleed.html

diffstat:

 sys/arch/x86/include/specialreg.h |   3 ++-
 sys/arch/x86/x86/errata.c         |  30 ++++++++++++++++++++++++++----
 2 files changed, 28 insertions(+), 5 deletions(-)

diffs (91 lines):

diff -r 5d0465933cc5 -r 702484e1ed93 sys/arch/x86/include/specialreg.h
--- a/sys/arch/x86/include/specialreg.h Mon Jul 24 23:42:00 2023 +0000
+++ b/sys/arch/x86/include/specialreg.h Tue Jul 25 01:09:05 2023 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: specialreg.h,v 1.206 2023/04/11 06:42:30 msaitoh Exp $ */
+/*     $NetBSD: specialreg.h,v 1.207 2023/07/25 01:09:05 mrg Exp $     */
 
 /*
  * Copyright (c) 2014-2020 The NetBSD Foundation, Inc.
@@ -1394,6 +1394,7 @@
 #define MSR_DE_CFG     0xc0011029
 #define        DE_CFG_ERRATA_721       0x00000001
 #define        DE_CFG_LFENCE_SERIALIZE __BIT(1)
+#define        DE_CFG_ERRATA_ZENBLEED  __BIT(9)
 #define        DE_CFG_ERRATA_1021      __BIT(13)
 
 #define MSR_BU_CFG2    0xc001102a
diff -r 5d0465933cc5 -r 702484e1ed93 sys/arch/x86/x86/errata.c
--- a/sys/arch/x86/x86/errata.c Mon Jul 24 23:42:00 2023 +0000
+++ b/sys/arch/x86/x86/errata.c Tue Jul 25 01:09:05 2023 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: errata.c,v 1.30 2023/07/24 23:42:00 riastradh Exp $    */
+/*     $NetBSD: errata.c,v 1.31 2023/07/25 01:09:05 mrg Exp $  */
 
 /*-
  * Copyright (c) 2007 The NetBSD Foundation, Inc.
@@ -47,7 +47,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: errata.c,v 1.30 2023/07/24 23:42:00 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: errata.c,v 1.31 2023/07/25 01:09:05 mrg Exp $");
 
 #include <sys/types.h>
 #include <sys/systm.h>
@@ -73,9 +73,12 @@ typedef enum cpurev {
        JH_E6, SH_B0, SH_B3, SH_C0, SH_CG, SH_D0, SH_E4, SH_E5,
        DR_BA, DR_B2, DR_B3, RB_C2, RB_C3, BL_C2, BL_C3, DA_C2,
        DA_C3, HY_D0, HY_D1, HY_D1_G34R1,  PH_E0, LN_B0, KB_A1,
-       ML_A1, ZP_B1, ZP_B2, PiR_B2, OINK
+       ML_A1, ZP_B1, ZP_B2, PiR_B2, Rome_B0, Z2_XB, Z2_Ren,
+       Z2_Luc, Z2_Mat, Z2_VG, Z2_Men, Milan_B1, Milan_B2, Genoa_B1,
+       OINK
 } cpurev_t;
 
+/* These names match names from various AMD Errata/Revision Guides. */
 static const u_int cpurevs[] = {
        BH_E4, 0x0020fb1, CH_CG, 0x0000f82, CH_CG, 0x0000fb2,
        CH_D0, 0x0010f80, CH_D0, 0x0010fb0, DH_CG, 0x0000fc0,
@@ -93,7 +96,12 @@ static const u_int cpurevs[] = {
        HY_D0, 0x0100f80, HY_D1, 0x0100f81, HY_D1_G34R1, 0x0100f91,
        PH_E0, 0x0100fa0, LN_B0, 0x0300f10, KB_A1, 0x0700F01,
        ML_A1, 0x0730F01, ZP_B1, 0x0800F11, ZP_B2, 0x0800F12,
-       PiR_B2, 0x0800F82,
+       PiR_B2, 0x0800F82, Rome_B0, 0x0830F10,
+       /* XXX client Zen2 names aren't known yet. */
+       Z2_XB, 0x0840F70, Z2_Ren, 0x0860F80, Z2_Luc, 0x0870F10,
+       Z2_Mat, 0x0890F70, Z2_VG, 0x0890F80, Z2_Men, 0x08A0F10,
+       Milan_B1, 0x0A00F11, Milan_B2, 0x0A00F12,
+       Genoa_B1, 0x0A10F11,
        OINK
 };
 
@@ -162,6 +170,10 @@ static const uint8_t x86_errata_set15[] 
        KB_A1, ML_A1, OINK
 };
 
+static const uint8_t x86_errata_set16[] = {
+       Rome_B0, Z2_XB, Z2_Ren, Z2_Luc, Z2_Mat, Z2_VG, Z2_Men, OINK
+};
+
 static bool x86_errata_setmsr(struct cpu_info *, errata_t *);
 static bool x86_errata_testmsr(struct cpu_info *, errata_t *);
 
@@ -361,6 +373,16 @@ static errata_t errata[] = {
                1095, FALSE, MSR_LS_CFG, x86_errata_set13,
                x86_errata_setmsr, LS_CFG_ERRATA_1095
        },
+       /*
+        * Zenbleed:
+        * https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
+        * https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8
+        * https://lock.cmpxchg8b.com/zenbleed.html
+        */
+       {
+               -1, FALSE, MSR_DE_CFG, x86_errata_set16,
+               x86_errata_setmsr, DE_CFG_ERRATA_ZENBLEED,
+       },
 };
 
 static bool

Prev by Date: [src/trunk]: src/sys/arch/x86/x86 x86/errata.c: Only say the errata revision ...
Next by Date: [src/trunk]: src/sys/arch/x86/x86 x86/errata.c: Link to original AMD errata g...
Previous by Thread: [src/trunk]: src/sys/arch/x86/x86 x86/errata.c: Only say the errata revision ...
Next by Thread: [src/trunk]: src/sys/arch/x86/x86 x86/errata.c: Link to original AMD errata g...
Indexes:

Home | Main Index | Thread Index | Old Index