Port-i386 archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[coypu%sdf.org@localhost: VIA C3 backdoor]
Forwarding to correct list, thanks ball.
I've uploaded a -current kernel with this patch here:
https://ftp.netbsd.org/pub/NetBSD/misc/maya/VIA-ALTINST-DISABLE
SHA1 (/home/fly/i386/sys/arch/i386/compile/GENERIC/netbsd) = 15282e698480b0453dee601959dec098a29eebf6
----- Forwarded message from coypu%sdf.org@localhost -----
Date: Fri, 10 Aug 2018 14:15:17 +0000
From: coypu%sdf.org@localhost
To: port-amd64%netbsd.org@localhost
Subject: VIA C3 backdoor
User-Agent: Mutt/1.9.1 (2017-09-22)
Anyone watching this?
https://github.com/xoreaxeaxeax/rosenbridge
Looks like we'll want to disable ALTINST on VIA CPUs if it happens to be on already.
docs:
http://datasheets.chipdb.org/VIA/Nehemiah/VIA%20C3%20Nehemiah%20Datasheet%20R113.pdf
(page 82)
I'm guessing something like this (untested, I have no VIA CPUs), the
function is called cpu_probe_c3, but I'm not sure if it matches too
many VIA CPUs.
cpu_probe_winchip also looks like it would match the same CPUs...?
maybe move the VIA Eden cmpxchg8b instruction enable code from the
probe_winchip function to probe_c3 and make it only for family == 5?
Index: include/specialreg.h
===================================================================
RCS file: /cvsroot/src/sys/arch/x86/include/specialreg.h,v
retrieving revision 1.129
diff -u -r1.129 specialreg.h
--- include/specialreg.h 7 Aug 2018 10:50:12 -0000 1.129
+++ include/specialreg.h 10 Aug 2018 14:08:05 -0000
@@ -792,6 +792,7 @@
#define MSR_VIA_RNG_NOISE_B 0x00000100
#define MSR_VIA_RNG_2NOISE 0x00000300
#define MSR_VIA_ACE 0x00001107
+#define MSR_VIA_ACE_ALTINST 0x00000001
#define MSR_VIA_ACE_ENABLE 0x10000000
/*
Index: x86/identcpu.c
===================================================================
RCS file: /cvsroot/src/sys/arch/x86/x86/identcpu.c,v
retrieving revision 1.79
diff -u -r1.79 identcpu.c
--- x86/identcpu.c 4 Jul 2018 07:55:57 -0000 1.79
+++ x86/identcpu.c 10 Aug 2018 14:08:05 -0000
@@ -601,10 +601,13 @@
msr = rdmsr(MSR_VIA_ACE);
wrmsr(MSR_VIA_ACE, msr | MSR_VIA_ACE_ENABLE);
}
-
}
}
+ /* Disable unsafe ALTINST mode if it's accidentally on */
+ msr = rdmsr(MSR_VIA_ACE);
+ wrmsr(MSR_VIA_ACE, msr & ~MSR_VIA_ACE_ALTINST);
+
/*
* Determine L1 cache/TLB info.
*/
----- End forwarded message -----
Home |
Main Index |
Thread Index |
Old Index