Re: Zenbleed
- Reply: grarpamp : "Re: Zenbleed"
- In reply to: Shawn Webb : "Re: Zenbleed"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 27 Jul 2023 15:32:47 UTC
Hello, I can confirm that the PoC unfortunately works perfectly on an AMD 3900X. Variant 0 leads to a few leaks, 1 apparently none, variant 2 much more and variant 3 the most. With variant 3, I'm measuring around 6 upper-XMM leaks per second with 12 threads, hence ~8 bytes/s/core (~64bit/s/core), far from the reported[1] speed of 30kb/s/core in the original post (on different hardware). But I can see text, such as JS code, leaking. This is serious. The workaround provided by kib@ in another reply works (leaks stop instantly): # for x in /dev/cpuctl*; do cpucontrol -m '0xc0011029|=0x200' $x; done Little info on MSR C001_1029 is available[6]. According to [2] and [3], it seems that no firmware is currently available for anything else than Rome/Castle Peak and Mendocino (see AMD processors list[5]). BIOS updates will come at best at end of year (see [2]). The situation for microcode updates seems more blurry, as [2] does not talk about them (except for Rome/Castle Peak), but [4] seems to indicate that these updates at least have been assigned IDs for all affected models. If someone has more info, please share. Thanks. Links: [1] https://lock.cmpxchg8b.com/zenbleed.html [2] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html [3] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=0bc3126c9cfa0b8c761483215c25382f831a7c6f [4] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.4.6&id=9b8bb5c4e25678af895dc9dd4a1e82b2f948cacc [5] https://en.wikipedia.org/wiki/List_of_AMD_Ryzen_processors [6] https://lore.kernel.org/lkml/20170425114541.8267-1-dvlasenk@redhat.com/ -- Olivier Certner