Message ID | 20230830143837.220465-1-cascardo@canonical.com |
---|---|
Headers | show |
Series | CVE-2023-20588 | expand |
On 8/30/23 8:38 AM, Thadeu Lima de Souza Cascardo wrote: > [Impact] > A division-by-zero error on some AMD processors can potentially return > speculative data resulting in loss of confidentiality. > > [Backport] > There were some minimal conflicts resulting in this being backported before > the SRSO mitigation. > > But for 5.4 kernels, the entry code has been changed. And instead of > adopting those changes and introducing new code here, I opted to not touch > that divide error entry code since the added function call added in the > second patch is removed in the third patch. Then, the places where it is > called have moved and I had to manually place them in their equivalent > spots. > > [Test case] > The test case here was looking at dmesg for the following line in one > affected part: > > "AMD Zen1 DIV0 bug detected. Disable SMT for full protection." > > I also tested that an integer division by zero in userspace doesn't cause > any crashes or hiccups in the kernel. > > [Potential regression] > Booting on affected parts may be affected. Kernel exit and SVM may be > affected too. Also CPU vulnerability reporting may be affected. > > Borislav Petkov (AMD) (3): > x86/bugs: Increase the x86 bugs vector size to two u32s > x86/CPU/AMD: Do not leak quotient data after a division by 0 > x86/CPU/AMD: Fix the DIV(0) initial fix attempt > > arch/x86/entry/common.c | 1 + > arch/x86/include/asm/cpufeatures.h | 4 +++- > arch/x86/include/asm/processor.h | 2 ++ > arch/x86/kernel/cpu/amd.c | 20 ++++++++++++++++++++ > arch/x86/kvm/svm.c | 2 ++ > tools/arch/x86/include/asm/cpufeatures.h | 2 +- > 6 files changed, 29 insertions(+), 2 deletions(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
On 30/08/2023 17:38, Thadeu Lima de Souza Cascardo wrote: > [Impact] > A division-by-zero error on some AMD processors can potentially return > speculative data resulting in loss of confidentiality. > > [Backport] > There were some minimal conflicts resulting in this being backported before > the SRSO mitigation. > > But for 5.4 kernels, the entry code has been changed. And instead of > adopting those changes and introducing new code here, I opted to not touch > that divide error entry code since the added function call added in the > second patch is removed in the third patch. Then, the places where it is > called have moved and I had to manually place them in their equivalent > spots. > > [Test case] > The test case here was looking at dmesg for the following line in one > affected part: > > "AMD Zen1 DIV0 bug detected. Disable SMT for full protection." > > I also tested that an integer division by zero in userspace doesn't cause > any crashes or hiccups in the kernel. > > [Potential regression] > Booting on affected parts may be affected. Kernel exit and SVM may be > affected too. Also CPU vulnerability reporting may be affected. > > Borislav Petkov (AMD) (3): > x86/bugs: Increase the x86 bugs vector size to two u32s > x86/CPU/AMD: Do not leak quotient data after a division by 0 > x86/CPU/AMD: Fix the DIV(0) initial fix attempt Acked-by: Cengiz Can <cengiz.can@canonical.com> > arch/x86/entry/common.c | 1 + > arch/x86/include/asm/cpufeatures.h | 4 +++- > arch/x86/include/asm/processor.h | 2 ++ > arch/x86/kernel/cpu/amd.c | 20 ++++++++++++++++++++ > arch/x86/kvm/svm.c | 2 ++ > tools/arch/x86/include/asm/cpufeatures.h | 2 +- > 6 files changed, 29 insertions(+), 2 deletions(-) >
On 30.08.23 16:38, Thadeu Lima de Souza Cascardo wrote: > [Impact] > A division-by-zero error on some AMD processors can potentially return > speculative data resulting in loss of confidentiality. > > [Backport] > There were some minimal conflicts resulting in this being backported before > the SRSO mitigation. > > But for 5.4 kernels, the entry code has been changed. And instead of > adopting those changes and introducing new code here, I opted to not touch > that divide error entry code since the added function call added in the > second patch is removed in the third patch. Then, the places where it is > called have moved and I had to manually place them in their equivalent > spots. > > [Test case] > The test case here was looking at dmesg for the following line in one > affected part: > > "AMD Zen1 DIV0 bug detected. Disable SMT for full protection." > > I also tested that an integer division by zero in userspace doesn't cause > any crashes or hiccups in the kernel. > > [Potential regression] > Booting on affected parts may be affected. Kernel exit and SVM may be > affected too. Also CPU vulnerability reporting may be affected. > > Borislav Petkov (AMD) (3): > x86/bugs: Increase the x86 bugs vector size to two u32s > x86/CPU/AMD: Do not leak quotient data after a division by 0 > x86/CPU/AMD: Fix the DIV(0) initial fix attempt > > arch/x86/entry/common.c | 1 + > arch/x86/include/asm/cpufeatures.h | 4 +++- > arch/x86/include/asm/processor.h | 2 ++ > arch/x86/kernel/cpu/amd.c | 20 ++++++++++++++++++++ > arch/x86/kvm/svm.c | 2 ++ > tools/arch/x86/include/asm/cpufeatures.h | 2 +- > 6 files changed, 29 insertions(+), 2 deletions(-) > Applied to lunar,jammy,focal:linux/master-next. Thanks. -Stefan
Thadeu Lima de Souza Cascardo kirjoitti 30.8.2023 klo 17.38: > [Impact] > A division-by-zero error on some AMD processors can potentially return > speculative data resulting in loss of confidentiality. > > [Backport] > There were some minimal conflicts resulting in this being backported before > the SRSO mitigation. > > But for 5.4 kernels, the entry code has been changed. And instead of > adopting those changes and introducing new code here, I opted to not touch > that divide error entry code since the added function call added in the > second patch is removed in the third patch. Then, the places where it is > called have moved and I had to manually place them in their equivalent > spots. > > [Test case] > The test case here was looking at dmesg for the following line in one > affected part: > > "AMD Zen1 DIV0 bug detected. Disable SMT for full protection." > > I also tested that an integer division by zero in userspace doesn't cause > any crashes or hiccups in the kernel. > > [Potential regression] > Booting on affected parts may be affected. Kernel exit and SVM may be > affected too. Also CPU vulnerability reporting may be affected. > > Borislav Petkov (AMD) (3): > x86/bugs: Increase the x86 bugs vector size to two u32s > x86/CPU/AMD: Do not leak quotient data after a division by 0 > x86/CPU/AMD: Fix the DIV(0) initial fix attempt > > arch/x86/entry/common.c | 1 + > arch/x86/include/asm/cpufeatures.h | 4 +++- > arch/x86/include/asm/processor.h | 2 ++ > arch/x86/kernel/cpu/amd.c | 20 ++++++++++++++++++++ > arch/x86/kvm/svm.c | 2 ++ > tools/arch/x86/include/asm/cpufeatures.h | 2 +- > 6 files changed, 29 insertions(+), 2 deletions(-) > applied to oem-6.1, thanks