Page MenuHomeFreeBSD
Differential D46269

Update cpu-microcode-amd to contain ucode with sinkclose mitigation
ClosedPublic
Actions

Authored by nyan_myuji.xyz on Aug 10 2024, 10:15 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Dec 29, 4:35 AM
Unknown Object (File)
Dec 8 2024, 10:56 AM
Unknown Object (File)
Nov 25 2024, 11:49 PM
Unknown Object (File)
Nov 23 2024, 2:07 AM
Unknown Object (File)
Nov 21 2024, 6:37 AM
Unknown Object (File)
Nov 7 2024, 4:56 PM
Unknown Object (File)
Nov 5 2024, 8:11 PM
Unknown Object (File)
Oct 4 2024, 7:37 PM
View All 40 Files
Subscribers
None

Details

Reviewers
lwhsu
jrm
Commits
R11:60a177caf143: sysutils/cpu-microcode-amd: Update to address guest memory vulnerabilities
Summary

Commit to the Linux Firmware repository:
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=091bd5adf19c7ab01214c64689952acb483
3b21d

This commit contains microcode update to mitigate the sinkclose vulnerability
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html

Diff Detail

Repository
R11 FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

nyan_myuji.xyz requested review of this revision.Aug 10 2024, 10:15 PM
nyan_myuji.xyz created this revision.
Harbormaster completed remote builds in B58983: Diff 141981.Aug 10 2024, 10:15 PM
nyan_myuji.xyz edited the summary of this revision. (Show Details)Aug 10 2024, 10:16 PM
nyan_myuji.xyz added a reviewer: lwhsu.
nyan_myuji.xyz added a reviewer: jrm.Aug 10 2024, 10:26 PM
jrm added a comment.Aug 10 2024, 11:19 PM

Thanks! I don't see anything in the commit log of https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=091bd5adf19c7ab01214c64689952acb483 that the update addresses the vulnerabilities. Do you have a reference for that point?

nyan_myuji.xyz added a comment.Aug 10 2024, 11:27 PM
In D46269#1055082, @jrm wrote:

Thanks! I don't see anything in the commit log of https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=091bd5adf19c7ab01214c64689952acb483 that the update addresses the vulnerabilities. Do you have a reference for that point?

No worries! It is indeed quite hidden. Here is to AMD's reference https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html on the microcode revisions containing mitigation to the vulnerabilities, which are the same revisions documented in the README file of the original commit.

--- a/amd-ucode/README
+++ b/amd-ucode/README
@@ -31,19 +31,19 @@ Microcode patches in microcode_amd_fam16h.bin:
   Family=0x16 Model=0x00 Stepping=0x01: Patch=0x0700010f Length=3458 bytes
 
 Microcode patches in microcode_amd_fam17h.bin:
+  Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126f Length=3200 bytes
+  Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107c Length=3200 bytes
   Family=0x17 Model=0x08 Stepping=0x02: Patch=0x0800820d Length=3200 bytes
-  Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107b Length=3200 bytes
   Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a00008 Length=3200 bytes
-  Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126e Length=3200 bytes
 
 Microcode patches in microcode_amd_fam19h.bin:
-  Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101244 Length=5568 bytes
-  Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001236 Length=5568 bytes
-  Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001079 Length=5568 bytes
-  Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d3 Length=5568 bytes
-  Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00213 Length=5568 bytes
+  Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a00107a Length=5568 bytes
+  Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101248 Length=5568 bytes
+  Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00215 Length=5568 bytes
+  Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001238 Length=5568 bytes
+  Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101148 Length=5568 bytes
+  Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d5 Length=5568 bytes
   Family=0x19 Model=0xa0 Stepping=0x01: Patch=0x0aa00116 Length=5568 bytes
-  Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101144 Length=5568 bytes
jrm added a comment.Aug 10 2024, 11:36 PM

Good eye. It's even less evident because on the AMD disclosure site the date beside, e.g., 0x0800126f is 2024-05-03 and not 2024-08-10. Maybe the earlier date was some kind of internal release date. In any case, I'll commit this along with a vuxml entry. Thanks again.

This revision was not accepted when it landed; it landed in state Needs Review.Aug 10 2024, 11:36 PM
Closed by commit R11:60a177caf143: sysutils/cpu-microcode-amd: Update to address guest memory vulnerabilities (authored by nyan_myuji.xyz, committed by jrm). · Explain Why
This revision was automatically updated to reflect the committed changes.
jrm added a commit: R11:60a177caf143: sysutils/cpu-microcode-amd: Update to address guest memory vulnerabilities.

Revision Contents
Changeset List

PathSize
sysutils/
cpu-microcode-amd/
4 lines
22 lines

Diff 141982

View Options

sysutils/cpu-microcode-amd/Makefile

Loading...
View Options

sysutils/cpu-microcode-amd/distinfo

Loading...