os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add SA-19:03 to SA-19:07 and EN-19:08 to EN-19:10.

Browse source 
Approved by:	so
This commit is contained in:
Gordon Tetlow 2019-05-14 23:48:52 +00:00
parent 2a48f90e8b
commit b9b9eea0f4
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=53023
36 changed files with 411299 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

146
share/security/advisories/FreeBSD-EN-19:08.tzdata.asc Normal file
View file

@ -0,0 +1,146 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-19:08.tzdata Errata Notice
The FreeBSD Project
Topic: Timezone database information update
Category: contrib
Module: zoneinfo
Announced: 2019-01-09
Affects: All supported versions of FreeBSD.
Corrected: 2019-03-29 01:39:20 UTC (stable/12, 12.0-STABLE)
2019-05-14 22:48:36 UTC (releng/12.0, 12.0-RELEASE-p4)
2019-01-01 01:40:44 UTC (stable/11, 11.3-PRERELEASE)
2019-05-14 22:48:36 UTC (releng/11.2, 11.2-RELEASE-p10)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
The tzsetup(8) program allows the user to specify the default local timezone.
Based on the selected timezone, tzsetup(8) copies one of the files from
/usr/share/zoneinfo to /etc/localtime. This file actually controls the
conversion.
II. Problem Description
Several changes in Daylight Savings Time happened after previous FreeBSD
releases were released that would affect many people who live in different
countries. Because of these changes, the data in the zoneinfo files need to
be updated, and if the local timezone on the running system is affected,
tzsetup(8) needs to be run so the /etc/localtime is updated.
III. Impact
An incorrect time will be displayed on a system configured to use one of the
affected timezones if the /usr/share/zoneinfo and /etc/localtime files are
not updated, and all applications on the system that rely on the system time,
such as cron(8) and syslog(8), will be affected.
IV. Workaround
The system administrator can install an updated timezone database from the
misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected.
Applications that store and display times in Coordinated Universal Time (UTC)
are not affected.
V. Solution
Please note that some third party software, for instance PHP, Ruby, Java and
Perl, may be using different zoneinfo data source, in such cases this
software must be updated separately. For software packages that is installed
via binary packages, they can be upgraded by executing `pkg upgrade'.
Following the instructions in this Errata Notice will update all of the
zoneinfo files to be the same as what was released with FreeBSD release.
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date. Restart all the affected
applications and daemons, or reboot the system.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Restart all the affected applications and daemons, or reboot the system.
3) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-19:08/tzdata-2019a.patch
# fetch https://security.FreeBSD.org/patches/EN-19:08/tzdata-2019a.patch.asc
# gpg --verify tzdata-2019a.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all the affected applications and daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r345669
releng/12.0/ r347584
stable/11/ r345670
releng/11.2/ r347584
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:08.tzdata.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTplfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cK4Dw//Y28mXrmzitCE3RclEPrP90hcRYOzknKv8xLYNo3SnCOfSnJCQqoeNw/X
HoAgX5Blm1sSYJ7GvK+AmKVn6FLoRGyd2tLzK5lofpbuExqrIZM6crHUx7HrblfO
4EfUJsIPr70y0+DeD4lBgZtpV5umOVFVWz8plgyeffGwTG3qNEES8RLI62uMrtpW
bkp+/l90eo2P9Wo34DqZSwW4V7JUwmFqooF4akZ0NBJnGpyz0iK+EZjluiRnsZxT
ueG5yqh5BpPPQ4UTxkTMoFrF2cKP18cDzQ2e1Z27JF+MpfW3Ki4zBLcmbFrVdHhR
1vlw1uIVKzusntEYX05oJUG8nkXckf6b7Wr6i1hD8tC7xgg4uBvTU4k/nLuGOHE/
Oe6pAfLHvFS2ISk97FtImJd3UHR62+ZVX544dOxnY8N86tTU8p9vaO2AnfvTxzMR
5lyqIHgDd1RWH41aASin2fM3jeXUTubq5UsTiujaFUM5Cqoe8u5UrDAzFjxx8y2H
Uci9zi0IggRp7z8HbiXLtmoqqzwuUkXIk36j2CT7JLwH/QiP2w34Euh2wrWAeblG
tpITlvvMl9B1+zljUCxs1+8++Q/jLbhmsH1U+r7Qj6CKAg/9hCmNYZp5WAmwDHfY
V1JMNu6eaZpbCscJu9/QTsnvWiZZFBdHFubUueFsBNoKyQGVDkw=
=69LY
-----END PGP SIGNATURE-----

128
share/security/advisories/FreeBSD-EN-19:09.xinstall.asc Normal file
View file

@ -0,0 +1,128 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-19:09.xinstall Errata Notice
The FreeBSD Project
Topic: install(1) broken with partially matching relative paths
Category: core
Module: xinstall
Announced: 2019-05-14
Affects: All supported versions of FreeBSD
Corrected: 2019-02-16 04:48:30 UTC (stable/12, 12.0-STABLE)
2019-05-14 22:51:49 UTC (releng/12.0, 12.0-RELEASE-p4)
2019-02-16 04:49:10 UTC (stable/11, 11.3-PRERELEASE)
2019-05-14 22:51:49 UTC (releng/11.2, 11.2-RELEASE-p10)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
The install(1) utility installs files and links, optionally calculating
relative paths for an installed symbolic link.
II. Problem Description
Due to an issue in the way install(1) determines common components of the
source and target paths, the relative link may be incorrectly calculated and
drop a component of the link because a partial match existed on that
component.
III. Impact
The ports tree and other software very frequently use install(1) to create
relative symlinks without checking whether a partial match of the path
exists that would result in such a truncation.
IV. Workaround
No workaround is available, but using install(1) to install non-relative
links and files is unaffected.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-19:09/xinstall.patch
# fetch https://security.FreeBSD.org/patches/EN-19:09/xinstall.patch.asc
# gpg --verify xinstall.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r344205
releng/12.0/ r347585
stable/11/ r344206
releng/11.2/ r347585
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235330>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:09.xinstall.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTqhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJV2RAAjFslsJRGQlL5piJPcAixaQO3gEgmaAp+q79whcsN3O8cqQpApU0BApTA
cT7cNnm3/sMteHFd6wCTLsssBnDsTWYxqccOeUIiCIgpXXkP67XYpLxxjBZqq5Tn
egFesjpZdu2yr+0gdRrpf54msed7ts8E0dDVoGIYeGhU7omIqlYWJGJfsZ4tg1La
Mod40JgxXcHMTca7Et46LBu/j/cF5MeQhzIepRrj1awiElQY/dMesmJwD9AuYL9m
cuS7yTH4eC6A/b7TdhUXBqBTbNipUCmwUuIWJ6OxpcrKPrtv/qGhUCEDdsNvMxpA
i8ciQY4YD06wdmZP+9Ugp/qXMXpLlxzwHrUYPe/Xn6/NvUgMp+KyMWgfkmtPBuIl
YKRTp5S4ZAs6U7RPSOMUWmQ2bWh0yZqEaQXAgzzNwIpqdghrZj73krr99pCeWc81
1MWv6K9/ZMdm8i31Iur3Mz/4hkv5WQSObU9SdjigtvFGu5ldVEJzE5f3Zu9Vr5ja
keCB1HVYtU25ekngLYPdFiVf9B/HAWwHugOyeZNV2jPB6VVSeFkyeicm8zZ95G63
Ww0BQbc830AFYlhb6DpciaP1Epokywr+wO4O+I3DRN3K6Zi47ODv7881milM8KQO
jWYn0kemMIgnz0R0ZluU/I5SU1cnXbWZuKvsw9efd++irqEHrBw=
=t05i
-----END PGP SIGNATURE-----

125
share/security/advisories/FreeBSD-EN-19:10.scp.asc Normal file
View file

@ -0,0 +1,125 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-19:10.scp Errata Notice
The FreeBSD Project
Topic: Insufficient filename validation in scp(1) client
Category: contrib
Module: scp
Announced: 2019-05-14
Affects: All supported versions of FreeBSD.
Corrected: 2019-05-07 19:48:39 UTC (stable/12, 12.0-STABLE)
2019-05-14 22:54:17 UTC (releng/12.0, 12.0-RELEASE-p10)
CVE Name: CVE-2019-6111
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
scp(1) is a file transfer protocol running over an SSH session.
II. Problem Description
The scp(1) client implementation fails to verify if the objects returned by
the server match what was requested.
III. Impact
A malicious scp server can write arbitrary files to the client.
IV. Workaround
Switch to using the sftp(1) client, if possible.
V. Solution
Note: While stable/11 and its release branches are currently affected by this
errata, due to the lack of patches, no fix is currently available for
stable/11. We are currently evaluating a backport for these fixes to
stable/11.
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 12.0]
# fetch https://security.FreeBSD.org/patches/EN-19:10/scp.patch
# fetch https://security.FreeBSD.org/patches/EN-19:10/scp.patch.asc
# gpg --verify scp.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r347232
releng/12.0/ r347586
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:10.scp.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTq1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJXGQ/+Ii19QUq6MdSeNPPOHVTtW8G/FIlsaYYlCFooIvzxYxvcqDcCyabVlX/a
Lt815YY7+EbKcSbA0Gh/YFm9S05rwUg4Dnj8nIQwMVp9OEtziIdY6TVU0JhRoUpe
+YVG9e5eh8wK7FFJ/jIaZbAcr2MfMYV2KPouA1HZdqsMBkAkr8xuS3HrmkeE0nxo
6QHTWaaD7qvr8foUSHS1hJsAX3+1eIsdytGUTJIGeL6g7DWsLYYiX7v2k+eZuSe1
dkt7/3J+RqpyJAv+LfGh3QnILC52fO7jOVlnOBt5H/HefX+xRdb8lwHfoBeyxIFc
N4v4Ecypewci6Hv4moTeZF+FtIETHj3EfPIe04eiikiGhrpGQ4cCveK6+kk49x4m
RR7TE+y7klGIfoSuxoooaJ1/UyFJ9T0eICmBUh1B5rcrnwbbhgpXVPpbbee7IFL2
HYiEuDECPN45zek+bL0M5D0wHZc823e7p1Ioxl1NNzawdts7hWwIpNmFTlfWNczQ
KZ9y0bDFffK3nuUkMHORLagCM6ou/wAPunsnWXY3Xg3X61svYIvZThDIeeOi9SbF
d1ve8/H/t5yHRQBpqWk51FfO4RdPmQAo6Y9w9WzhnkETsNXeTruQq7D8SnOaWgXG
JUh9PAVQKcJRWPXVwDTPEsqRgaDVB0gpaPCt5IS2j2tyB8UuAd4=
=2h+W
-----END PGP SIGNATURE-----

154
share/security/advisories/FreeBSD-SA-19:03.wpa.asc Normal file
View file

@ -0,0 +1,154 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-19:03.wpa Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in hostapd and wpa_supplicant
Category: contrib
Module: wpa
Announced: 2019-05-14
Affects: All supported versions of FreeBSD.
Corrected: 2019-05-01 01:42:38 UTC (stable/12, 12.0-STABLE)
2019-05-14 22:57:29 UTC (releng/12.0, 12.0-RELEASE-p4)
2019-05-01 01:43:17 UTC (stable/11, 11.2-STABLE)
2019-05-14 22:59:32 UTC (releng/11.2, 11.2-RELEASE-p10)
CVE Name: CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497,
CVE-2019-9498, CVE-2019-9499, CVE-2019-11555
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
Wi-Fi Protected Access II (WPA2) is a security protocol developed by the
Wi-Fi Alliance to secure wireless computer networks.
hostapd(8) and wpa_supplicant(8) are implementations of user space daemon for
access points and wireless client that implements the WPA2 protocol.
II. Problem Description
Multiple vulnerabilities exist in the hostapd(8) and wpa_supplicant(8)
implementations. For more details, please see the reference URLs in the
References section below.
III. Impact
Security of the wireless network may be compromised. For more details,
please see the reference URLS in the References section below.
IV. Workaround
No workaround is available, but systems not using hostapd(8) or
wpa_supplicant(8) are not affected.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
Afterwards, restart hostapd(8) or wpa_supplicant(8).
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Afterwards, restart hostapd(8) or wpa_supplicant(8).
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 12.0]
# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch
# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch.asc
# gpg --verify wpa-12.patch.asc
[FreeBSD 11.2]
# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch
# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch.asc
# gpg --verify wpa-11.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the applicable daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r346980
releng/12.0/ r347587
stable/11/ r346981
releng/11.2/ r347588
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://w1.fi/security/2019-1>
<URL:https://w1.fi/security/2019-2>
<URL:https://w1.fi/security/2019-3>
<URL:https://w1.fi/security/2019-4>
<URL:https://w1.fi/security/2019-5>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9494>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9496>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11555>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTrVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cLsaA/9EB577JYdYdwFCOQ6TiOVhyluLJzgrhG3aiXeBntj8ytkRjcXKnP0aega
3G2R1do7pixVYUF52OWJwaNO3Hm+LHMngiOqujcLI+49ISI3T/APaU/D2dqmXVb8
nN/Pd+0HDGj3R3MwyyHT8/3fX0pJ395vcQhYb61M6PUSrwr8uiBbILT57iCadZoL
F4KOCvRv7I4EFWXvqngGfeohZbbeHPBga2DwuebWR/E/1uWrMKEOF2pvh4b6ZSN2
pdr7ZHMiL1cZt+p+2gwWoqDWyD93u2lTC7Gmo3Vom+meH7eaQ79obXEN541aiQ04
CYhjkwuW5uNGUWCO/Xsfn5gqICeB1G5A/aBHQlAyVgUGia8jukL1jn3ga4AQgKrN
h9aTmvrQs17PjMVtq81ZS0xm0ztW0Y6t2A9fRgGcnOOw+uy5tHMbJaKSMy8x97NT
gUyXtoyu47tjjMrzsQcma2t6/+iCEDuW1P1LybSmv/v59gro9uveCdl0busgM9GS
M5bpWK/qYQS1HYmYeTKMRynmD8ntRbflYoUP/SpijHsz+56rgyeJO12WyltyT32f
j5fgnKaznW/UPtgmK0wnPIG9XEj3Nzs4C4cypO5t8OiuLEli4wRdb6MYlvEjq4la
R3lnCzmTd9sg+K6cod2qWWSYdsdEwizcpQDp7M9lRqomiANLqJ4=
=MXma
-----END PGP SIGNATURE-----

146
share/security/advisories/FreeBSD-SA-19:04.ntp.asc Normal file
View file

@ -0,0 +1,146 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-19:04.ntp Security Advisory
The FreeBSD Project
Topic: Authenticated denial of service in ntpd
Category: contrib
Module: ntp
Announced: 2019-05-14
Credits: Magnus Stubman
Affects: All supported versions of FreeBSD
Corrected: 2019-03-07 13:45:36 UTC (stable/12, 12.0-STABLE)
2019-05-14 23:02:56 UTC (releng/12.0, 12.0-RELEASE-p4)
2019-03-07 13:45:36 UTC (stable/11, 11.3-PRERELEASE)
2019-05-14 23:06:26 UTC (releng/11.2, 11.2-RELEASE-p10)
CVE Name: CVE-2019-8936
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The ntpd(8) daemon is an implementation of the Network Time Protocol
(NTP) used to synchronize the time of a computer system to a reference
time source. The ntpd(8) daemon uses a protocol called mode 6 to both get
status information from the running ntpd(8) daemon and configure it on the
fly. This protocol is typically used by the ntpq(8) program, among others.
II. Problem Description
A crafted malicious authenticated mode 6 packet from a permitted network
address can trigger a NULL pointer dereference.
Note for this attack to work, the sending system must be on an address from
which the target ntpd(8) accepts mode 6 packets, and must use a private key
that is specifically listed as being used for mode 6 authorization.
III. Impact
The ntpd daemon can crash due to the NULL pointer dereference, causing a
denial of service.
IV. Workaround
Use 'restrict noquery' in the ntpd configuration to limit addresses that
can send mode 6 queries.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Afterwards, restart the ntpd service:
# service ntpd restart
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 12.0]
# fetch https://security.FreeBSD.org/patches/SA-19:04/ntp.patch
# fetch https://security.FreeBSD.org/patches/SA-19:04/ntp.patch.asc
# gpg --verify ntp.patch.asc
[FreeBSD 11.2-RELEASE/11.3-PRERELEASE]
# fetch https://security.FreeBSD.org/patches/SA-19:04/ntp-11.2.patch
# fetch https://security.FreeBSD.org/patches/SA-19:04/ntp-11.2.patch.asc
# gpg --verify ntp-11.2.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the ntpd service, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r344884
releng/12.0/ r347589
stable/11/ r344884
releng/11.2/ r347590
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:http://support.ntp.org/bin/view/Main/SecurityNotice#March_2019_ntp_4_2_8p13_NTP_Rele>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8936>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTrdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cLGtw/8CNAYnLxARrMUK1QeC9sE7EaboYInSOgaunfK2Uw5tJk9b4GwWWjCSE0C
hSWg4a9xv3pks2ppfEJzRuy0eoYmiU0MYblnAnCwCmE2d3WYlExO7hZJa1iK3uPO
WvHre5q80kF8TJhS9rbph+6oyLaPun8f9PDIo4Oc2knTppNfrfzbB/HEuzP27KMp
gCXD/Nk/5tHbXjkIGamWCf9wgYuw/typYRV3W6sWDuPhug2sAvWk1TMo0cMJ4BHL
wL7Qh00rZ+nHWdk5GKFslga9gNjVPqD2DzRKCQO2bj4o+7ly2d+yk4jUpMKBq2r4
eQcQQnk9xj60NQ5cHGprOv6xwulBYycugF57iouNAP241cvVf+XZd4b/GthJODgz
fhP0aquusmtkawida3ZWWIVCjkM5NmHQsY5VTQLvTudtemb3kdmRMy3dFDN7oyXZ
PqP6JJUqamxNHilxRVytNCZLiSuy1P2MnJamyLZIqcDiT6yvMVBqwuGdQrSTSKyu
g/sR+vUohuJrP2i3pCCEfGtH5Nfq6GpY6Swxec81wUoqReGVCGmSFSEaas21TFYf
ZzAEAhywveGegkhqvsGP9A1zrTs6ZTCRzun32MhSo4xH/YZaArMvRa6JiSWTA1fG
ctwXEwIBj0XNEWBsCPgVvaF9bglmQZ2Iqn4iOiHlRGT7KxgjT7w=
=o9t5
-----END PGP SIGNATURE-----

134
share/security/advisories/FreeBSD-SA-19:05.pf.asc Normal file
View file

@ -0,0 +1,134 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-19:05.pf Security Advisory
The FreeBSD Project
Topic: IPv6 fragment reassembly panic in pf(4)
Category: contrib
Module: pf
Announced: 2019-05-14
Credits: Synacktiv
Affects: All supported versions of FreeBSD
Corrected: 2019-03-01 18:12:05 UTC (stable/12, 12.0-STABLE)
2019-05-14 23:10:21 UTC (releng/12.0, 12.0-RELEASE-p4)
2019-03-01 18:12:07 UTC (stable/11, 11.3-PRERELEASE)
2019-05-14 23:10:21 UTC (releng/11.2, 11.2-RELEASE-p10)
CVE Name: CVE-2019-5597
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
pf(4) is an Internet Protocol packet filter originally written for OpenBSD.
In addition to filtering packets, it also has packet normalization
capabilities.
II. Problem Description
A bug in the pf(4) IPv6 fragment reassembly logic incorrectly uses the last
extension header offset from the last received packet instead of from the
first packet.
III. Impact
Malicious IPv6 packets with different IPv6 extensions could cause a kernel
panic or potentially a filtering rule bypass.
IV. Workaround
Only systems leveraging the pf(4) firewall and include packet scrubbing using
the recommended 'scrub all in' or similar are affected.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
Afterwards, reboot the system.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Afterwards, reboot the system.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-19:05/pf.patch
# fetch https://security.FreeBSD.org/patches/SA-19:05/pf.patch.asc
# gpg --verify pf.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r344706
releng/12.0/ r347591
stable/11/ r344707
releng/11.2/ r347591
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5597>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTsNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cL1cxAAjYy90WBfuBkU/FddQWMJkXOn2YqABFxY/BfFpJEbGrnXXuxz9YJByK3b
6ikWq5HcxgL/9ek6QULwEOoNvms8tT4m4waJOLa3hZPoPlgD2ArgvdcEI00R/8T9
Z+k1YlT0oLOY4XbVynPGNmiFNTAcsg7Ognp9yam3kmPZTMGYm6cKIBy1idrzCCmI
nj0SscyoL4Z09kSWe3UOitjh8cpxqGuvGosCb7YGPl6yTSalBUgP44Lyg7jS4nrZ
xjZxqhAfp7tk9peF4rov8apZIsrBF5GMaahnIGIwZzmRn/E1pND9qx1lB1Uh7rfR
nb8OmwbshJTWdnS1GXyLxRGJOd0zmh+YZ10ygZAQTM5sNaxfn6pWJFmr2S/mR+kN
RG/Bhj+lN7jh1eUNdwk/pAm0aZZ+J8GX4/QOrqPfGDko/s/S7YwJB/DKR/14uPY7
Fwcgv4tvgoRstSKHdIe45d7/N0SgQCS/EfzVIO5XPQtkrk9/zalQubionijObr1Q
ARVl7H5M7m7kP8PJz/vRNvhar0c0xTk9ov2JDxKHKTd+7D78LQEAFvEGPIFREBsY
VBW8BqZbuVcsgrhr/YWFE3TEw4O0YbnY5g9wmVv+d/pdDngLuTsfbNEsAQewWcu/
dYefeBMKBukyLUKtLYHjVAhUlL3hF3j/aBu498F6LRCzFcaoIOQ=
=0alQ
-----END PGP SIGNATURE-----

134
share/security/advisories/FreeBSD-SA-19:06.pf.asc Normal file
View file

@ -0,0 +1,134 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-19:06.pf Security Advisory
The FreeBSD Project
Topic: ICMP/ICMP6 packet filter bypass in pf
Category: contrib
Module: pf
Announced: 2019-05-14
Credits: Synacktiv
Affects: All supported versions of FreeBSD
Corrected: 2019-03-21 14:17:10 UTC (stable/12, 12.0-STABLE)
2019-05-14 23:12:22 UTC (releng/12.0, 12.0-RELEASE-p4)
2019-03-21 14:17:12 UTC (stable/11, 11.3-PRERELEASE)
2019-05-14 23:12:22 UTC (releng/11.2, 11.2-RELEASE-p10)
CVE Name: CVE-2019-5598
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
pf(4) is an Internet Protocol packet filter originally written for OpenBSD.
In addition to filtering packets, it also has packet normalization
capabilities.
II. Problem Description
States in pf(4) let ICMP and ICMP6 packets pass if they have a packet in
their payload matching an existing condition. pf(4) does not check if the
outer ICMP or ICMP6 packet has the same destination IP as the source IP of
the inner protocol packet.
III. Impact
A maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules
and be passed to a host that would otherwise be unavailable.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
Afterwards, reboot the system.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Afterwards, reboot the system.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-19:06/pf.patch
# fetch https://security.FreeBSD.org/patches/SA-19:06/pf.patch.asc
# gpg --verify pf.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r345377
releng/12.0/ r347593
stable/11/ r345378
releng/11.2/ r347593
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://www.synacktiv.com/posts/systems/icmp-reachable.html>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5598>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTsdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cIjXA/9FevC+Ygihzb0J9MN0znEM883dk5sPCSvMwiivsNRkDMXreYqPXU+Fkt0
iV1OZ8tKwKAihm+iGJ5mzS5l40wWF1oDcqJrC0myICdvreraoJKZvTLhgGIBqKkE
b8yIuzPueWdnnudoAzTV38RhyaP2aOb44OMUNPQZsEB/6hHsNvp9m6yAua/F+x9+
N9J38Y/C6udsNfhqDeuCI4G8yiN33XfFiRbF+31rt3s0rUm6KGNsJanJe8dNAEvE
DN4tA4+MORnQ7QTLgOobGuLFhWJ2urC6psH8duO72hcSTzSkTZpxrC3f6SW8RlZ+
Pbr4LZ6FA3bZp/sCmWPOot94hotBDr03MZwrxURokeDHZU1nUBsw0rmTG4aypujl
JrGPOAp89TtqrR0zV8DhpGO/RWoBeMDf7ZGvIplOIEF5rijQWEyC5pnYlBKPfSdm
UTxcN9RoJCfz7O4KLAAqhHiuu6xc+CqlQH1dvyLbqGVv9LzUQlziTNsbQ4cGryuj
g1TztU0VfpvHDkAKBh0iHwkoUqDSut3K19rFAQ3zkM/EodqSTkE1OG77pmsjYaVq
AfcnN/se8lklq0lKi3BwNvVIWTjhMAwY63otVxvVD4wrJrgQH8NKgOeYuGBreXeW
Uv569bIhR0/vsyGJK/SMKxBiAGfzkE7LqDMJqdXLsompX97nOwI=
=m3as
-----END PGP SIGNATURE-----

198
share/security/advisories/FreeBSD-SA-19:07.mds.asc Normal file
View file

@ -0,0 +1,198 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-19:07.mds Security Advisory
The FreeBSD Project
Topic: Microarchitectural Data Sampling (MDS)
Category: core
Module: kernel
Announced: 2019-05-14
Credits: Refer to Intel's security advisory at the URL below for
detailed acknowledgements.
Affects: All supported versions of FreeBSD.
Corrected: 2019-05-14 17:04:00 UTC (stable/12, 12.0-STABLE)
2019-05-14 23:19:08 UTC (releng/12.0, 12.0-RELEASE-p4)
2019-05-14 17:05:02 UTC (stable/11, 11.3-PRERELEASE)
2019-05-14 23:20:16 UTC (releng/11.2, 11.2-RELEASE-p10)
CVE Name: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
CVE-2019-11091
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
Modern processors make use of speculative execution, an optimization
technique which performs some action in advance of knowing whether the
result will actually be used.
II. Problem Description
On some Intel processors utilizing speculative execution a local process may
be able to infer stale information from microarchitectural buffers to obtain
a memory disclosure.
III. Impact
An attacker may be able to read secret data from the kernel or from a
process when executing untrusted code (for example, in a web browser).
IV. Workaround
No workaround is available.
Systems with users or processors in different trust domains should disable
Hyper-Threading by setting the machdep.hyperthreading_allowed tunable to 0:
# echo 'machdep.hyperthreading_allowed=0 >> /boot/loader.conf'
# shutdown
V. Solution
Perform one of the following:
Update CPU microcode, upgrade your vulnerable system to a supported FreeBSD
stable or release / security branch (releng) dated after the correction date,
evaluate mitigation and Hyper Threading controls, and reboot the system.
New CPU microcode may be available in a BIOS update from your system vendor,
or by installing the devcpu-data package or sysutils/devcpu-data port.
Ensure that the BIOS update or devcpu-data package is dated after 2014-05-14.
If using the package or port the microcode update can be applied at boot time
by adding the following lines to the system's /boot/loader.conf:
cpu_microcode_load="YES"
cpu_microcode_name="/boot/firmware/intel-ucode.bin"
Microcode updates can also be applied while the system is running. See
cpucontrol(8) for details.
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Follow additional details under "Mitigation Configuration" below.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 12.0-STABLE]
# fetch https://security.FreeBSD.org/patches/SA-19:07/mds.12-stable.patch
# fetch https://security.FreeBSD.org/patches/SA-19:07/mds.12-stable.patch.asc
# gpg --verify mds.12-stable.patch.asc
[FreeBSD 12.0-RELEASE]
# fetch https://security.FreeBSD.org/patches/SA-19:07/mds.12.0.patch
# fetch https://security.FreeBSD.org/patches/SA-19:07/mds.12.0.patch.asc
# gpg --verify mds.12.0.patch.asc
[FreeBSD 11.3-PRERELEASE]
# fetch https://security.FreeBSD.org/patches/SA-19:07/mds.11-stable.patch
# fetch https://security.FreeBSD.org/patches/SA-19:07/mds.11-stable.patch.asc
# gpg --verify mds.11-stable.patch.asc
[FreeBSD 11.2-RELEASE]
# fetch https://security.FreeBSD.org/patches/SA-19:07/mds.11.2.patch
# fetch https://security.FreeBSD.org/patches/SA-19:07/mds.11.2.patch.asc
# gpg --verify mds.11.2.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>.
Mitigation Configuration
Systems with users, processes, or virtual machines in different trust
domains should disable Hyper-Threading by setting the
machdep.hyperthreading_allowed tunable to 0:
# echo machdep.hyperthreading_allowed=0 >> /boot/loader.conf
To activate the MDS mitigation set the hw.mds_disable sysctl. The settings
are:
0 - mitigation disabled
1 - VERW instruction (microcode) mitigation enabled
2 - Software sequence mitigation enabled (not recommended)
3 - Automatic VERW or Software selection
Automatic mode uses the VERW instruction if supported by the CPU / microcode,
or software sequences if not. To enable automatic mode at boot:
# echo hw.mds_disable=3 >> /etc/sysctl.conf
Reboot the system:
# shutdown -r +10min "Security update"
Check the mitigation status:
# sysctl hw.mds_disable_state
hw.mds_disable_state: software Silvermont
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r347567
releng/12.0/ r346594
stable/11/ r347568
releng/11.2/ r347595
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html>
<URL:https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:07.mds.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTspfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKcyA//ZlJa5eoNt0L2pcWAjukf1X+/iTjHv/t3wWclEfuPv2S9lO5SDlwxUV5x
woGkxcIj7Tp51HJZRBjn62x/cwd6CjbpxsYPUvRs1Nkruj82/p6Yj5nSYrDCqqj1
k84hyCj0Y6V2NwbBEPTNXqqPbOmid0R3GrQJk1JXZ1zTf8VHGxrquXp1xP7PIPSX
GWYup0k4edMCY2mbBb8QQQmQSg6S2k6eZnvF9AZUga5pM7FGYLo0rPHNVHx+te83
THvmnrJXnCR5AEjqmsubxwF/p+HneJke7HJxj1GjokzFgzTz3C9X3vUWHedwlVoD
BzeqSgWD0icgJMYl8xGabeRzXj49tIzrC+twdXMtTLiDIKGxaRxqGVTMHYHgh44h
GilgZ60X4m8e4Nuzf8xcQ1X2/QLvfWwZR+zUzQwOiKVoNp7nPJ5m8nr1s9anqDdl
n1fJw3tqw+8ant58k71IKD5lCV0KhJXgD/Kd3TZWu9a4mnMlvuJWYbEKEvxSlvTh
ghORCSg+OBEgN//t9a/3UaAOzqKijkN6Iau1JpMrFNtBOXgOO17B1jQGz1R2VKKb
mu5gotDQqkdQocN+94sB8T3fouSa6ub2cUox34+DngqxuFeMv6Ffg1o/Z4C0mRUu
bVdzPrsUai/Z7O/kBpUF6ddsBGsDXWElfo9flfbJonLcYndWyWc=
=QUYl
-----END PGP SIGNATURE-----

590
share/security/patches/EN-19:08/tzdata-2019a.patch Normal file
View file

@ -0,0 +1,590 @@
--- contrib/tzdata/Makefile.orig
+++ contrib/tzdata/Makefile
@@ -12,7 +12,10 @@
# Email address for bug reports.
BUGEMAIL= tz@iana.org
-# Choose source data features. To get new features right away, use:
+# DATAFORM selects the data format.
+# Available formats represent essentially the same data, albeit
+# possibly with minor discrepancies that users are not likely to notice.
+# To get new features and the best data right away, use:
# DATAFORM= vanguard
# To wait a while before using new features, to give downstream users
# time to upgrade zic (the default), use:
@@ -33,11 +36,11 @@
LOCALTIME= GMT
# If you want something other than Eastern United States time as a template
-# for handling POSIX-style timezone environment variables,
+# for handling ruleless POSIX-style timezone environment variables,
# change the line below (after finding the timezone you want in the
# one of the $(TDATA) source files, or adding it to a source file).
-# When a POSIX-style environment variable is handled, the rules in the
-# template file are used to determine "spring forward" and "fall back" days and
+# A ruleless environment setting like TZ='CST6CDT' uses the rules in the
+# template file to determine "spring forward" and "fall back" days and
# times; the environment variable itself specifies UT offsets of standard and
# daylight saving time.
# Alternatively, if you discover you've got the wrong timezone, you can just
@@ -46,7 +49,6 @@
# Use the command
# make zonenames
# to get a list of the values you can use for POSIXRULES.
-# If you want POSIX compatibility, use "America/New_York".
POSIXRULES= America/New_York
@@ -113,8 +115,8 @@
TIME_T_ALTERNATIVES_HEAD = int64_t
TIME_T_ALTERNATIVES_TAIL = int32_t uint32_t uint64_t
-# What kind of TZif data files to generate.
-# (TZif is the binary time zone data format that zic generates.)
+# What kind of TZif data files to generate. (TZif is the binary time
+# zone data format that zic generates; see Internet RFC 8536.)
# If you want only POSIX time, with time values interpreted as
# seconds since the epoch (not counting leap seconds), use
# REDO= posix_only
@@ -360,6 +362,9 @@
zic= ./zic
ZIC= $(zic) $(ZFLAGS)
+# To shrink the size of installed TZif files,
+# append "-r @N" to omit data before N-seconds-after-the-Epoch.
+# See the zic man page for more about -r.
ZFLAGS=
# How to use zic to install TZif files.
@@ -491,7 +496,8 @@
COMMON= calendars CONTRIBUTING LICENSE Makefile \
NEWS README theory.html version
WEB_PAGES= tz-art.html tz-how-to.html tz-link.html
-CHECK_WEB_PAGES=check_tz-art.html check_tz-how-to.html check_tz-link.html
+CHECK_WEB_PAGES=check_theory.html check_tz-art.html \
+ check_tz-how-to.html check_tz-link.html
DOCS= $(MANS) date.1 $(MANTXTS) $(WEB_PAGES)
PRIMARY_YDATA= africa antarctica asia australasia \
europe northamerica southamerica
@@ -804,9 +810,10 @@
touch $@
check_web: $(CHECK_WEB_PAGES)
+check_theory.html: theory.html
check_tz-art.html: tz-art.html
check_tz-link.html: tz-link.html
-check_tz-art.html check_tz-link.html:
+check_theory.html check_tz-art.html check_tz-link.html:
$(CURL) -sS --url https://validator.w3.org/nu/ -F out=gnu \
-F file=@$$(expr $@ : 'check_\(.*\)') -o $@.out && \
test ! -s $@.out || { cat $@.out; exit 1; }
@@ -840,11 +847,13 @@
touch $@
clean_misc:
+ rm -fr check_*.dir
rm -f *.o *.out $(TIME_T_ALTERNATIVES) \
check_* core typecheck_* \
date tzselect version.h zdump zic yearistype libtz.a
clean: clean_misc
- rm -fr *.dir *.zi tzdb-*/ $(TZS_NEW)
+ rm -fr *.dir tzdb-*/
+ rm -f *.zi $(TZS_NEW)
maintainer-clean: clean
@echo 'This command is intended for maintainers to use; it'
--- contrib/tzdata/NEWS.orig
+++ contrib/tzdata/NEWS
@@ -1,5 +1,53 @@
News for the tz database
+Release 20198 - 2019-03-25 22:01:33 -0700
+
+ Briefly:
+ Palestine "springs forward" on 2019-03-30 instead of 2019-03-23.
+ Metlakatla "fell back" to rejoin Alaska Time on 2019-01-20 at 02:00.
+
+ Changes to past and future timestamps
+
+ Palestine will not start DST until 2019-03-30, instead of 2019-03-23 as
+ previously predicted. Adjust our prediction by guessing that spring
+ transitions will be between 24 and 30 March, which matches recent practice
+ since 2016. (Thanks to Even Scharning and Tim Parenti.)
+
+ Metlakatla ended its observance of Pacific standard time,
+ rejoining Alaska Time, on 2019-01-20 at 02:00. (Thanks to Ryan
+ Stanley and Tim Parenti.)
+
+ Changes to past timestamps
+
+ Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25).
+ (Thanks to Alois Treindl and Isaac Starkman.)
+
+ Changes to time zone abbreviations
+
+ Etc/UCT is now a backward-compatibility link to Etc/UTC, instead
+ of being a separate zone that generates the abbreviation "UCT",
+ which nowadays is typically a typo. (Problem reported by Isiah
+ Meadows.)
+
+ Changes to code
+
+ zic now has an -r option to limit the time range of output data.
+ For example, 'zic -r @1000000000' limits the output data to
+ timestamps starting 1000000000 seconds after the Epoch.
+ This helps shrink output size and can be useful for applications
+ not needing the full timestamp history, such as TZDIST truncation;
+ see Internet RFC 8536 section 5.1. (Inspired by a feature request
+ from Christopher Wong, helped along by bug reports from Wong and
+ from Tim Parenti.)
+
+ Changes to documentation
+
+ Mention Internet RFC 8536 (February 2019), which documents TZif.
+
+ tz-link.html now cites tzdata-meta
+ <https://tzdata-meta.timtimeonline.com/>.
+
+
Release 2018i - 2018-12-30 11:05:43 -0800
Briefly:
@@ -400,8 +448,9 @@
downstream parsers do not support it.
* The build procedure constructs three files vanguard.zi, main.zi,
- and rearguard.zi, one for each format. The files represent the
- same data as closely as the formats allow. These three files
+ and rearguard.zi, one for each format. Although the files
+ represent essentially the same data, they may have minor
+ discrepancies that users are not likely to notice. The files
are intended for downstream data consumers and are not
installed. Zoneinfo parsers that do not support negative SAVE values
should start using rearguard.zi, so that they will be unaffected
--- contrib/tzdata/README.orig
+++ contrib/tzdata/README
@@ -1,7 +1,7 @@
README for the tz distribution
-"What time is it?" -- Richard Deacon as The King
-"Any time you want it to be." -- Frank Baxter as The Scientist
+"Where do I set the hands of the clock?" -- Les Tremayne as The King
+"Oh that--you can set them any place you want." -- Frank Baxter as The Scientist
(from the Bell System film "About Time")
The Time Zone Database (called tz, tzdb or zoneinfo) contains code and
--- contrib/tzdata/africa.orig
+++ contrib/tzdata/africa
@@ -364,6 +364,11 @@
# See Africa/Lagos.
# Eritrea
+# See Africa/Nairobi.
+
+# Eswatini (formerly Swaziland)
+# See Africa/Johannesburg.
+
# Ethiopia
# See Africa/Nairobi.
#
@@ -1188,7 +1193,7 @@
1:30 - SAST 1903 Mar
2:00 SA SAST
Link Africa/Johannesburg Africa/Maseru # Lesotho
-Link Africa/Johannesburg Africa/Mbabane # Swaziland
+Link Africa/Johannesburg Africa/Mbabane # Eswatini
#
# Marion and Prince Edward Is
# scientific station since 1947
@@ -1230,9 +1235,6 @@
2:00 Sudan CA%sT 2000 Jan 15 12:00
3:00 - EAT
-# Swaziland
-# See Africa/Johannesburg.
-
# Tanzania
# See Africa/Nairobi.
--- contrib/tzdata/asia.orig
+++ contrib/tzdata/asia
@@ -1620,6 +1620,24 @@
Rule Zion 1974 only - Oct 13 0:00 0 S
Rule Zion 1975 only - Apr 20 0:00 1:00 D
Rule Zion 1975 only - Aug 31 0:00 0 S
+
+# From Alois Treindl (2019-03-06):
+# http://www.moin.gov.il/Documents/שעון קיץ/clock-50-years-7-2014.pdf
+# From Isaac Starkman (2019-03-06):
+# Summer time was in that period in 1980 and 1984, see
+# https://www.ynet.co.il/articles/0,7340,L-3951073,00.html
+# You can of course read it in translation.
+# I checked the local newspapers for that years.
+# It started on midnight and end at 01.00 am.
+# From Paul Eggert (2019-03-06):
+# Also see this thread about the moin.gov.il URL:
+# https://mm.icann.org/pipermail/tz/2018-November/027194.html
+Rule Zion 1980 only - Aug 2 0:00 1:00 D
+Rule Zion 1980 only - Sep 13 1:00 0 S
+Rule Zion 1984 only - May 5 0:00 1:00 D
+Rule Zion 1984 only - Aug 25 1:00 0 S
+
+# From Shanks & Pottenger:
Rule Zion 1985 only - Apr 14 0:00 1:00 D
Rule Zion 1985 only - Sep 15 0:00 0 S
Rule Zion 1986 only - May 18 0:00 1:00 D
@@ -3071,9 +3089,15 @@
# the official website, though the decree did not specify the exact
# time of the time shift.
# http://www.palestinecabinet.gov.ps/Website/AR/NDecrees/ViewFile.ashx?ID=e7a42ab7-ee23-435a-b9c8-a4f7e81f3817
+
+# From Even Scharning (2019-03-23):
+# DST in Palestine will start on 30 March this year, not 23 March as the time
+# zone database predicted.
+# https://ramallah.news/post/123610
#
-# From Paul Eggert (2018-03-16):
-# For 2016 on, predict spring transitions on March's fourth Saturday at 01:00.
+# From Tim Parenti (2019-03-23):
+# Combining this with the rules observed since 2016, adjust our spring
+# transition guess to Mar Sat>=24.
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule EgyptAsia 1957 only - May 10 0:00 1:00 S
@@ -3104,7 +3128,7 @@
Rule Palestine 2013 only - Sep Fri>=21 0:00 0 -
Rule Palestine 2014 2015 - Oct Fri>=21 0:00 0 -
Rule Palestine 2015 only - Mar lastFri 24:00 1:00 S
-Rule Palestine 2016 max - Mar Sat>=22 1:00 1:00 S
+Rule Palestine 2016 max - Mar Sat>=24 1:00 1:00 S
Rule Palestine 2016 max - Oct lastSat 1:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
@@ -3596,5 +3620,17 @@
8:00 - +08 1975 Jun 13
7:00 - +07
+# From Paul Eggert (2019-02-19):
+#
+# The Ho Chi Minh entry suffices for most purposes as it agrees with all of
+# Vietnam since 1975-06-13. Presumably clocks often changed in south Vietnam
+# in the early 1970s as locations changed hands during the war; however the
+# details are unknown and would likely be too voluminous for this database.
+#
+# For timestamps in north Vietnam back to 1970 (the tzdb cutoff),
+# use Asia/Bangkok; see the VN entries in the file zone1970.tab.
+# For timestamps before 1970, see Asia/Hanoi in the file 'backzone'.
+
+
# Yemen
# See Asia/Riyadh.
--- contrib/tzdata/backward.orig
+++ contrib/tzdata/backward
@@ -77,6 +77,7 @@
Link America/Havana Cuba
Link Africa/Cairo Egypt
Link Europe/Dublin Eire
+Link Etc/UTC Etc/UCT
Link Europe/London Europe/Belfast
Link Europe/Chisinau Europe/Tiraspol
Link Europe/London GB
@@ -111,7 +112,7 @@
Link Asia/Seoul ROK
Link Asia/Singapore Singapore
Link Europe/Istanbul Turkey
-Link Etc/UCT UCT
+Link Etc/UTC UCT
Link America/Anchorage US/Alaska
Link America/Adak US/Aleutian
Link America/Phoenix US/Arizona
--- contrib/tzdata/backzone.orig
+++ contrib/tzdata/backzone
@@ -204,7 +204,7 @@
2:00 1:00 SAST 1944 Mar 19 2:00
2:00 - SAST
-# Swaziland
+# Eswatini (formerly Swaziland)
Zone Africa/Mbabane 2:04:24 - LMT 1903 Mar
2:00 - SAST
@@ -625,7 +625,7 @@
1:00 - CET 1982 Nov 27
1:00 EU CE%sT
-# Macedonia
+# North Macedonia
Zone Europe/Skopje 1:25:44 - LMT 1884
1:00 - CET 1941 Apr 18 23:00
1:00 C-Eur CE%sT 1945 May 8 2:00s
--- contrib/tzdata/etcetera.orig
+++ contrib/tzdata/etcetera
@@ -19,7 +19,6 @@
Zone Etc/GMT 0 - GMT
Zone Etc/UTC 0 - UTC
-Zone Etc/UCT 0 - UCT
# The following link uses older naming conventions,
# but it belongs here, not in the file 'backward',
--- contrib/tzdata/europe.orig
+++ contrib/tzdata/europe
@@ -1855,7 +1855,7 @@
1:00 Belgium CE%sT 1977
1:00 EU CE%sT
-# Macedonia
+# North Macedonia
# See Europe/Belgrade.
# Malta
@@ -3359,7 +3359,7 @@
Link Europe/Belgrade Europe/Ljubljana # Slovenia
Link Europe/Belgrade Europe/Podgorica # Montenegro
Link Europe/Belgrade Europe/Sarajevo # Bosnia and Herzegovina
-Link Europe/Belgrade Europe/Skopje # Macedonia
+Link Europe/Belgrade Europe/Skopje # North Macedonia
Link Europe/Belgrade Europe/Zagreb # Croatia
# Slovakia
--- contrib/tzdata/leap-seconds.list.orig
+++ contrib/tzdata/leap-seconds.list
@@ -204,10 +204,10 @@
# current -- the update time stamp, the data and the name of the file
# will not change.
#
-# Updated through IERS Bulletin C56
-# File expires on: 28 June 2019
+# Updated through IERS Bulletin C57
+# File expires on: 28 December 2019
#
-#@ 3770668800
+#@ 3786480000
#
2272060800 10 # 1 Jan 1972
2287785600 11 # 1 Jul 1972
@@ -252,4 +252,4 @@
# the hash line is also ignored in the
# computation.
#
-#h 62ca19f6 96a4ae0a 3708451c 9f8693f4 016604eb
+#h 83c68138 d3650221 07dbbbcd 11fcc859 ced1106a
--- contrib/tzdata/leapseconds.orig
+++ contrib/tzdata/leapseconds
@@ -63,7 +63,7 @@
# POSIX timestamps for the data in this file:
#updated 1467936000
-#expires 1561680000
+#expires 1577491200
-# Updated through IERS Bulletin C56
-# File expires on: 28 June 2019
+# Updated through IERS Bulletin C57
+# File expires on: 28 December 2019
--- contrib/tzdata/northamerica.orig
+++ contrib/tzdata/northamerica
@@ -609,6 +609,15 @@
# In a 2018-12-11 special election, Metlakatla voted to go back to
# Alaska time (including daylight saving time) starting next year.
# https://www.krbd.org/2018/12/12/metlakatla-to-follow-alaska-standard-time-allow-liquor-sales/
+#
+# From Ryan Stanley (2019-01-11):
+# The community will be changing back on the 20th of this month...
+# From Tim Parenti (2019-01-11):
+# Per an announcement on the Metlakatla community's official Facebook page, the
+# "fall back" will be on Sunday 2019-01-20 at 02:00:
+# https://www.facebook.com/141055983004923/photos/607150969728753/
+# So they won't be waiting for Alaska to join them on 2019-03-10, but will
+# rather change their clocks twice in seven weeks.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone America/Juneau 15:02:19 - LMT 1867 Oct 19 15:33:32
@@ -637,7 +646,7 @@
-8:00 US P%sT 1983 Oct 30 2:00
-8:00 - PST 2015 Nov 1 2:00
-9:00 US AK%sT 2018 Nov 4 2:00
- -8:00 - PST 2019 Mar Sun>=8 3:00
+ -8:00 - PST 2019 Jan 20 2:00
-9:00 US AK%sT
Zone America/Yakutat 14:41:05 - LMT 1867 Oct 19 15:12:18
-9:18:55 - LMT 1900 Aug 20 12:00
--- contrib/tzdata/theory.html.orig
+++ contrib/tzdata/theory.html
@@ -15,7 +15,7 @@
<ul>
<li><a href="#scope">Scope of the <code><abbr>tz</abbr></code>
database</a></li>
- <li><a href="#naming">Names of timezones</a></li>
+ <li><a href="#naming">Timezone identifiers</a></li>
<li><a href="#abbreviations">Time zone abbreviations</a></li>
<li><a href="#accuracy">Accuracy of the <code><abbr>tz</abbr></code>
database</a></li>
@@ -107,9 +107,9 @@
</section>
<section>
- <h2 id="naming">Names of timezones</h2>
+ <h2 id="naming">Timezone identifiers</h2>
<p>
-Each timezone has a unique name.
+Each timezone has a name that uniquely identifies the timezone.
Inexperienced users are not expected to select these names unaided.
Distributors should provide documentation and/or a simple selection
interface that explains each name via a map or via descriptive text like
@@ -142,10 +142,12 @@
</li>
<li>
Be robust in the presence of political changes.
- For example, names of countries are ordinarily not used, to avoid
+ For example, names are typically not tied to countries, to avoid
incompatibilities when countries change their name (e.g.,
- Zaire&rarr;Congo) or when locations change countries (e.g., Hong
+ Swaziland&rarr;Eswatini) or when locations change countries (e.g., Hong
Kong from UK colony to China).
+ There is no requirement that every country or national
+ capital must have a timezone name.
</li>
<li>
Be portable to a wide variety of implementations.
@@ -215,13 +217,6 @@
do not need locations, since local time is not defined there.
</li>
<li>
- There should typically be at least one name for each <a
- href="https://en.wikipedia.org/wiki/ISO_3166-1"><abbr
- title="International Organization for Standardization">ISO</abbr>
- 3166-1</a> officially assigned two-letter code for an inhabited
- country or territory.
- </li>
- <li>
If all the clocks in a timezone have agreed since 1970,
do not bother to include more than one timezone
even if some of the clocks disagreed before 1970.
@@ -228,6 +223,12 @@
Otherwise these tables would become annoyingly large.
</li>
<li>
+ If boundaries between regions are fluid, such as during a war or
+ insurrection, do not bother to create a new timezone merely
+ because of yet another boundary change. This helps prevent table
+ bloat and simplifies maintenance.
+ </li>
+ <li>
If a name is ambiguous, use a less ambiguous alternative;
e.g., many cities are named San José and Georgetown, so
prefer <code>America/Costa_Rica</code> to
@@ -299,29 +300,23 @@
</ul>
<p>
-The file '<code>zone1970.tab</code>' lists geographical locations used
-to name timezones.
-It is intended to be an exhaustive list of names for geographic
-regions as described above; this is a subset of the timezones in the data.
-Although a '<code>zone1970.tab</code>' location's
-<a href="https://en.wikipedia.org/wiki/Longitude">longitude</a>
-corresponds to
-its <a href="https://en.wikipedia.org/wiki/Local_mean_time">local mean
-time (<abbr>LMT</abbr>)</a> offset with one hour for every 15&deg;
-east longitude, this relationship is not exact.
+Guidelines have evolved with time, and names following old versions of
+this guideline might not follow the current version. When guidelines
+have changed, old names continue to be supported. Guideline changes
+have included the following:
</p>
-<p>
-Older versions of this package used a different naming scheme,
-and these older names are still supported.
+<ul>
+<li>
+Older versions of this package used a different naming scheme.
See the file '<code>backward</code>' for most of these older names
(e.g., '<code>US/Eastern</code>' instead of '<code>America/New_York</code>').
The other old-fashioned names still supported are
'<code>WET</code>', '<code>CET</code>', '<code>MET</code>', and
'<code>EET</code>' (see the file '<code>europe</code>').
-</p>
+</li>
-<p>
+<li>
Older versions of this package defined legacy names that are
incompatible with the first guideline of location names, but which are
still supported.
@@ -332,6 +327,31 @@
and the file '<code>northamerica</code>' defines the legacy names
'<code>EST5EDT</code>', '<code>CST6CDT</code>',
'<code>MST7MDT</code>', and '<code>PST8PDT</code>'.
+</li>
+
+<li>
+Older versions of this guideline said that
+there should typically be at least one name for each <a
+href="https://en.wikipedia.org/wiki/ISO_3166-1"><abbr
+title="International Organization for Standardization">ISO</abbr>
+3166-1</a> officially assigned two-letter code for an inhabited
+country or territory.
+This old guideline has been dropped, as it was not needed to handle
+timestamps correctly and it increased maintenance burden.
+</li>
+</ul>
+
+<p>
+The file '<code>zone1970.tab</code>' lists geographical locations used
+to name timezones.
+It is intended to be an exhaustive list of names for geographic
+regions as described above; this is a subset of the timezones in the data.
+Although a '<code>zone1970.tab</code>' location's
+<a href="https://en.wikipedia.org/wiki/Longitude">longitude</a>
+corresponds to
+its <a href="https://en.wikipedia.org/wiki/Local_mean_time">local mean
+time (<abbr>LMT</abbr>)</a> offset with one hour for every 15&deg;
+east longitude, this relationship is not exact.
</p>
<p>
@@ -983,7 +1003,9 @@
constrained to be a string containing abbreviations
and numeric data as described <a href="#POSIX">above</a>.
The file's format is <dfn><abbr>TZif</abbr></dfn>,
- a timezone information format that contains binary data.
+ a timezone information format that contains binary data; see
+ <a href="https://tools.ietf.org/html/8536">Internet
+ <abbr>RFC</abbr> 8536</a>.
The daylight saving time rules to be used for a
particular timezone are encoded in the
<abbr>TZif</abbr> file; the format of the file allows <abbr>US</abbr>,
@@ -1166,7 +1188,7 @@
<ul>
<li>
A set of timezone names as per
- "<a href="#naming">Names of timezones</a>" above.
+ "<a href="#naming">Timezone identifiers</a>" above.
</li>
<li>
Library functions described in "<a href="#functions">Time and date
@@ -1213,6 +1235,17 @@
offsets or abbreviations for timestamps, as data entries are often
based on guesswork and these guesses may be corrected or improved.
</p>
+
+<p>
+Timezone boundaries are not part of the stable interface.
+For example, even though the <samp>Asia/Bangkok</samp> timezone
+currently includes Chang Mai, Hanoi, and Phnom Penh, this is not part
+of the stable interface and the timezone can split at any time.
+If a calendar application records a future event in some location other
+than Bangkok by putting "<samp>Asia/Bangkok</samp>" in the event's record,
+the application should be robust in the presence of timezone splits
+between now and the future time.
+</p>
</section>
<section>
--- contrib/tzdata/version.orig
+++ contrib/tzdata/version
@@ -1 +1 @@
-2018i
+2019a

18
share/security/patches/EN-19:08/tzdata-2019a.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTt9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cLylBAAnxBCTvmO6feqKS+TKuC7duoJ/46iaEss1qLU3Co+C53djVU/tGqdHpaV
ZP69xexBkxSthV+Hkifps8LIaD1rF3KYXWEe7icbVvBeSe5mBX079VgTkGtQFaJm
UgSY7aY7fDh5phDF5XjRIl3XgEbKyBTd8f+pDO0rJ3+LehoAqR5F3UXJEGtNvqXm
ZOGZVZoOxD7+8OqJFH7Zb7O70iLhN5U+FEFnfIPGrYywwDn04BVh0pYMryBcp4sr
SiENYNxoByEpN2oNDWq+JkWfi3woZmQHAMc5xhQgDCNiMma7eIAmANdMkz1Q0Hdy
9Tt5Dt7vYkhbfXLqsmUqGXKqGwasWm5jSUT8sXsJ9+DkMnzAGIg8FrZygYIIn/XO
aO5SLRQujKEltnCTEBJygVsjDQB0ZZUIGBER9njasnedlqBJPPG3Yf16aU6kO/LS
jq8xi/ymskE/kYrl9L1G2yiyR83p6BeZu8L8Y68dH9xGpLPmfcVYLs3yYB1Yb7AN
L3eDPfkF/PFN2rTB41m8NoEwQqkqABaIGDaolU5z/Cvs3sUvdpOhJ1PWLzJTeCYV
eDNbu7NqrbKSa79oE6atLSb+JKyv1zWtqivPVJ47LaL3+LYfwTnRHVBcgmb1RFfO
qvSENI9vGNkYrobxlglSi/av8P9TaD5nAk8xJRk6zn3F6cXLHto=
=6OYE
-----END PGP SIGNATURE-----

71
share/security/patches/EN-19:09/xinstall.patch Normal file
View file

@ -0,0 +1,71 @@
--- usr.bin/xinstall/tests/install_test.sh.orig
+++ usr.bin/xinstall/tests/install_test.sh
@@ -377,6 +377,29 @@
atf_check install -d dir1/dir2/dir3
}
+atf_test_case symbolic_link_relative_absolute_common
+symbolic_link_relative_absolute_common_head() {
+ atf_set "descr" "Verify -l rs with absolute paths having common components"
+}
+symbolic_link_relative_absolute_common_body() {
+ filename=foo.so
+ src_path=lib
+ src_path_prefixed=$PWD/$src_path
+ dest_path=$PWD/libexec/
+ src_file=$src_path_prefixed/$filename
+ dest_file=$dest_path/$filename
+
+ atf_check mkdir $src_path_prefixed $dest_path
+ atf_check touch $src_file
+ atf_check install -l sr $src_file $dest_path
+
+ dest_path_relative=$(readlink $dest_file)
+ src_path_relative="../lib/$filename"
+ if [ "$src_path_relative" != "$dest_path_relative" ]; then
+ atf_fail "unexpected symlink contents ('$src_path_relative' != '$dest_path_relative')"
+ fi
+}
+
atf_init_test_cases() {
atf_add_test_case copy_to_nonexistent
atf_add_test_case copy_to_nonexistent_safe
@@ -415,5 +438,6 @@
atf_add_test_case symbolic_link_relative_absolute_source_and_dest1
atf_add_test_case symbolic_link_relative_absolute_source_and_dest1_double_slash
atf_add_test_case symbolic_link_relative_absolute_source_and_dest2
+ atf_add_test_case symbolic_link_relative_absolute_common
atf_add_test_case mkdir_simple
}
--- usr.bin/xinstall/xinstall.c.orig
+++ usr.bin/xinstall/xinstall.c
@@ -673,7 +673,7 @@
}
if (dolink & LN_RELATIVE) {
- char *to_name_copy, *cp, *d, *s;
+ char *to_name_copy, *cp, *d, *ld, *ls, *s;
if (*from_name != '/') {
/* this is already a relative link */
@@ -709,8 +709,19 @@
free(to_name_copy);
/* Trim common path components. */
- for (s = src, d = dst; *s == *d; s++, d++)
+ ls = ld = NULL;
+ for (s = src, d = dst; *s == *d; ls = s, ld = d, s++, d++)
continue;
+ /*
+ * If we didn't end after a directory separator, then we've
+ * falsely matched the last component. For example, if one
+ * invoked install -lrs /lib/foo.so /libexec/ then the source
+ * would terminate just after the separator while the
+ * destination would terminate in the middle of 'libexec',
+ * leading to a full directory getting falsely eaten.
+ */
+ if ((ls != NULL && *ls != '/') || (ld != NULL && *ld != '/'))
+ s--, d--;
while (*s != '/')
s--, d--;

18
share/security/patches/EN-19:09/xinstall.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTulfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cLCnhAApUMnH4ylN0QvYr/1DvbRVYXXijKJ6BgmHb93wXO1hlA+6lt9rvitx6Vy
uhId9HDbb4p2Mt4G9mJS8oV1Sb+DKJ0l9cqtvKqLWqtlrwaNWf5Wnnksh0eE5aH/
44L6ei4jbX6akDhdHhlhvrtwUupZ5MmlbdL5iM/hxtv8yWim4gV+GD4g0wIKCCEu
sZ4cRSmlVO673e1jGYZ5bTtvP24SSDUKivijjswLXoS3mBmWp4n00o0qVR8WIRqJ
95Dy/RKMOnkPDEpbSj6Gnv4GIO/4W/kHhpD/2Su3ga9dUq7fpwYqJKY9wOrF8qz1
Mc8UTk3uZyfjmd05Kz7R9uTuv7GbYeWFIwTdLyAo3ImwfZIqPMYZqxE8M815Wvlo
V1PBlkj7v4ZTEm4Z7SsjWUTHz7ILHxChGoBRzQkjS3VcItJniz5XIwh8JvQjYRtv
Oco1N7zhuPHE7AHTo8huH/saGjlv4CgzZlgWpfj8zWNPttKKMgPjei+Wle5AToLH
6Zx4AIYU5RdhG6gLxnjdRaj6xF6+PuRSzrym+2sRy89s0ksCtDLJYK2Ehzz5Uocu
d+UMDsYIzE1bNA1Blj1oEulU7yWBsLAq5WznuoP5WeXaLx8PWcIgUHgtbnlPIIES
vG+WFBxOrB9bW6VjfbHQNFf07/rQQ2M7Q6AB/ycbUrUz3/STfxE=
=qyyv
-----END PGP SIGNATURE-----

462
share/security/patches/EN-19:10/scp.patch Normal file
View file

@ -0,0 +1,462 @@
--- crypto/openssh/scp.1.orig
+++ crypto/openssh/scp.1
@@ -18,7 +18,7 @@
.Nd secure copy (remote file copy program)
.Sh SYNOPSIS
.Nm scp
-.Op Fl 346BCpqrv
+.Op Fl 346BCpqrTv
.Op Fl c Ar cipher
.Op Fl F Ar ssh_config
.Op Fl i Ar identity_file
@@ -207,6 +207,16 @@
The program must understand
.Xr ssh 1
options.
+.It Fl T
+Disable strict filename checking.
+By default when copying files from a remote host to a local directory
+.Nm
+checks that the received filenames match those requested on the command-line
+to prevent the remote end from sending unexpected or unwanted files.
+Because of differences in how various operating systems and shells interpret
+filename wildcards, these checks may cause wanted files to be rejected.
+This option disables these checks at the expense of fully trusting that
+the server will not send unexpected filenames.
.It Fl v
Verbose mode.
Causes
--- crypto/openssh/scp.c.orig
+++ crypto/openssh/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.197 2018/06/01 04:31:48 dtucker Exp $ */
+/* $OpenBSD: scp.c,v 1.204 2019/02/10 11:15:52 djm Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@@ -94,6 +94,7 @@
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
+#include <fnmatch.h>
#include <limits.h>
#include <locale.h>
#include <pwd.h>
@@ -375,7 +376,7 @@
struct passwd *pwd;
uid_t userid;
int errs, remin, remout;
-int pflag, iamremote, iamrecursive, targetshouldbedirectory;
+int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory;
#define CMDNEEDS 64
char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */
@@ -382,7 +383,7 @@
int response(void);
void rsource(char *, struct stat *);
-void sink(int, char *[]);
+void sink(int, char *[], const char *);
void source(int, char *[]);
void tolocal(int, char *[]);
void toremote(int, char *[]);
@@ -421,8 +422,9 @@
addargs(&args, "-oRemoteCommand=none");
addargs(&args, "-oRequestTTY=no");
- fflag = tflag = 0;
- while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1)
+ fflag = Tflag = tflag = 0;
+ while ((ch = getopt(argc, argv,
+ "dfl:prtTvBCc:i:P:q12346S:o:F:")) != -1) {
switch (ch) {
/* User-visible flags. */
case '1':
@@ -501,9 +503,13 @@
setmode(0, O_BINARY);
#endif
break;
+ case 'T':
+ Tflag = 1;
+ break;
default:
usage();
}
+ }
argc -= optind;
argv += optind;
@@ -534,7 +540,7 @@
}
if (tflag) {
/* Receive data. */
- sink(argc, argv);
+ sink(argc, argv, NULL);
exit(errs != 0);
}
if (argc < 2)
@@ -620,6 +626,253 @@
return r;
}
+/* Appends a string to an array; returns 0 on success, -1 on alloc failure */
+static int
+append(char *cp, char ***ap, size_t *np)
+{
+ char **tmp;
+
+ if ((tmp = reallocarray(*ap, *np + 1, sizeof(*tmp))) == NULL)
+ return -1;
+ tmp[(*np)] = cp;
+ (*np)++;
+ *ap = tmp;
+ return 0;
+}
+
+/*
+ * Finds the start and end of the first brace pair in the pattern.
+ * returns 0 on success or -1 for invalid patterns.
+ */
+static int
+find_brace(const char *pattern, int *startp, int *endp)
+{
+ int i;
+ int in_bracket, brace_level;
+
+ *startp = *endp = -1;
+ in_bracket = brace_level = 0;
+ for (i = 0; i < INT_MAX && *endp < 0 && pattern[i] != '\0'; i++) {
+ switch (pattern[i]) {
+ case '\\':
+ /* skip next character */
+ if (pattern[i + 1] != '\0')
+ i++;
+ break;
+ case '[':
+ in_bracket = 1;
+ break;
+ case ']':
+ in_bracket = 0;
+ break;
+ case '{':
+ if (in_bracket)
+ break;
+ if (pattern[i + 1] == '}') {
+ /* Protect a single {}, for find(1), like csh */
+ i++; /* skip */
+ break;
+ }
+ if (*startp == -1)
+ *startp = i;
+ brace_level++;
+ break;
+ case '}':
+ if (in_bracket)
+ break;
+ if (*startp < 0) {
+ /* Unbalanced brace */
+ return -1;
+ }
+ if (--brace_level <= 0)
+ *endp = i;
+ break;
+ }
+ }
+ /* unbalanced brackets/braces */
+ if (*endp < 0 && (*startp >= 0 || in_bracket))
+ return -1;
+ return 0;
+}
+
+/*
+ * Assembles and records a successfully-expanded pattern, returns -1 on
+ * alloc failure.
+ */
+static int
+emit_expansion(const char *pattern, int brace_start, int brace_end,
+ int sel_start, int sel_end, char ***patternsp, size_t *npatternsp)
+{
+ char *cp;
+ int o = 0, tail_len = strlen(pattern + brace_end + 1);
+
+ if ((cp = malloc(brace_start + (sel_end - sel_start) +
+ tail_len + 1)) == NULL)
+ return -1;
+
+ /* Pattern before initial brace */
+ if (brace_start > 0) {
+ memcpy(cp, pattern, brace_start);
+ o = brace_start;
+ }
+ /* Current braced selection */
+ if (sel_end - sel_start > 0) {
+ memcpy(cp + o, pattern + sel_start,
+ sel_end - sel_start);
+ o += sel_end - sel_start;
+ }
+ /* Remainder of pattern after closing brace */
+ if (tail_len > 0) {
+ memcpy(cp + o, pattern + brace_end + 1, tail_len);
+ o += tail_len;
+ }
+ cp[o] = '\0';
+ if (append(cp, patternsp, npatternsp) != 0) {
+ free(cp);
+ return -1;
+ }
+ return 0;
+}
+
+/*
+ * Expand the first encountered brace in pattern, appending the expanded
+ * patterns it yielded to the *patternsp array.
+ *
+ * Returns 0 on success or -1 on allocation failure.
+ *
+ * Signals whether expansion was performed via *expanded and whether
+ * pattern was invalid via *invalid.
+ */
+static int
+brace_expand_one(const char *pattern, char ***patternsp, size_t *npatternsp,
+ int *expanded, int *invalid)
+{
+ int i;
+ int in_bracket, brace_start, brace_end, brace_level;
+ int sel_start, sel_end;
+
+ *invalid = *expanded = 0;
+
+ if (find_brace(pattern, &brace_start, &brace_end) != 0) {
+ *invalid = 1;
+ return 0;
+ } else if (brace_start == -1)
+ return 0;
+
+ in_bracket = brace_level = 0;
+ for (i = sel_start = brace_start + 1; i < brace_end; i++) {
+ switch (pattern[i]) {
+ case '{':
+ if (in_bracket)
+ break;
+ brace_level++;
+ break;
+ case '}':
+ if (in_bracket)
+ break;
+ brace_level--;
+ break;
+ case '[':
+ in_bracket = 1;
+ break;
+ case ']':
+ in_bracket = 0;
+ break;
+ case '\\':
+ if (i < brace_end - 1)
+ i++; /* skip */
+ break;
+ }
+ if (pattern[i] == ',' || i == brace_end - 1) {
+ if (in_bracket || brace_level > 0)
+ continue;
+ /* End of a selection, emit an expanded pattern */
+
+ /* Adjust end index for last selection */
+ sel_end = (i == brace_end - 1) ? brace_end : i;
+ if (emit_expansion(pattern, brace_start, brace_end,
+ sel_start, sel_end, patternsp, npatternsp) != 0)
+ return -1;
+ /* move on to the next selection */
+ sel_start = i + 1;
+ continue;
+ }
+ }
+ if (in_bracket || brace_level > 0) {
+ *invalid = 1;
+ return 0;
+ }
+ /* success */
+ *expanded = 1;
+ return 0;
+}
+
+/* Expand braces from pattern. Returns 0 on success, -1 on failure */
+static int
+brace_expand(const char *pattern, char ***patternsp, size_t *npatternsp)
+{
+ char *cp, *cp2, **active = NULL, **done = NULL;
+ size_t i, nactive = 0, ndone = 0;
+ int ret = -1, invalid = 0, expanded = 0;
+
+ *patternsp = NULL;
+ *npatternsp = 0;
+
+ /* Start the worklist with the original pattern */
+ if ((cp = strdup(pattern)) == NULL)
+ return -1;
+ if (append(cp, &active, &nactive) != 0) {
+ free(cp);
+ return -1;
+ }
+ while (nactive > 0) {
+ cp = active[nactive - 1];
+ nactive--;
+ if (brace_expand_one(cp, &active, &nactive,
+ &expanded, &invalid) == -1) {
+ free(cp);
+ goto fail;
+ }
+ if (invalid)
+ fatal("%s: invalid brace pattern \"%s\"", __func__, cp);
+ if (expanded) {
+ /*
+ * Current entry expanded to new entries on the
+ * active list; discard the progenitor pattern.
+ */
+ free(cp);
+ continue;
+ }
+ /*
+ * Pattern did not expand; append the finename component to
+ * the completed list
+ */
+ if ((cp2 = strrchr(cp, '/')) != NULL)
+ *cp2++ = '\0';
+ else
+ cp2 = cp;
+ if (append(xstrdup(cp2), &done, &ndone) != 0) {
+ free(cp);
+ goto fail;
+ }
+ free(cp);
+ }
+ /* success */
+ *patternsp = done;
+ *npatternsp = ndone;
+ done = NULL;
+ ndone = 0;
+ ret = 0;
+ fail:
+ for (i = 0; i < nactive; i++)
+ free(active[i]);
+ free(active);
+ for (i = 0; i < ndone; i++)
+ free(done[i]);
+ free(done);
+ return ret;
+}
+
void
toremote(int argc, char **argv)
{
@@ -791,7 +1044,7 @@
continue;
}
free(bp);
- sink(1, argv + argc - 1);
+ sink(1, argv + argc - 1, src);
(void) close(remin);
remin = remout = -1;
}
@@ -967,7 +1220,7 @@
(sizeof(type) != 4 && sizeof(type) != 8))
void
-sink(int argc, char **argv)
+sink(int argc, char **argv, const char *src)
{
static BUF buffer;
struct stat stb;
@@ -983,6 +1236,8 @@
unsigned long long ull;
int setimes, targisdir, wrerrno = 0;
char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048];
+ char **patterns = NULL;
+ size_t n, npatterns = 0;
struct timeval tv[2];
#define atime tv[0]
@@ -1007,10 +1262,18 @@
(void) atomicio(vwrite, remout, "", 1);
if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
targisdir = 1;
+ if (src != NULL && !iamrecursive && !Tflag) {
+ /*
+ * Prepare to try to restrict incoming filenames to match
+ * the requested destination file glob.
+ */
+ if (brace_expand(src, &patterns, &npatterns) != 0)
+ fatal("%s: could not expand pattern", __func__);
+ }
for (first = 1;; first = 0) {
cp = buf;
if (atomicio(read, remin, cp, 1) != 1)
- return;
+ goto done;
if (*cp++ == '\n')
SCREWUP("unexpected <newline>");
do {
@@ -1036,7 +1299,7 @@
}
if (buf[0] == 'E') {
(void) atomicio(vwrite, remout, "", 1);
- return;
+ goto done;
}
if (ch == '\n')
*--cp = 0;
@@ -1106,10 +1369,19 @@
SCREWUP("size out of range");
size = (off_t)ull;
- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
+ if (*cp == '\0' || strchr(cp, '/') != NULL ||
+ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
run_err("error: unexpected filename: %s", cp);
exit(1);
}
+ if (npatterns > 0) {
+ for (n = 0; n < npatterns; n++) {
+ if (fnmatch(patterns[n], cp, 0) == 0)
+ break;
+ }
+ if (n >= npatterns)
+ SCREWUP("filename does not match request");
+ }
if (targisdir) {
static char *namebuf;
static size_t cursize;
@@ -1147,7 +1419,7 @@
goto bad;
}
vect[0] = xstrdup(np);
- sink(1, vect);
+ sink(1, vect, src);
if (setimes) {
setimes = 0;
if (utimes(vect[0], tv) < 0)
@@ -1268,7 +1540,15 @@
break;
}
}
+done:
+ for (n = 0; n < npatterns; n++)
+ free(patterns[n]);
+ free(patterns);
+ return;
screwup:
+ for (n = 0; n < npatterns; n++)
+ free(patterns[n]);
+ free(patterns);
run_err("protocol error: %s", why);
exit(1);
}
@@ -1315,7 +1595,7 @@
usage(void)
{
(void) fprintf(stderr,
- "usage: scp [-346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
+ "usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
" [-l limit] [-o ssh_option] [-P port] [-S program] source ... target\n");
exit(1);
}

18
share/security/patches/EN-19:10/scp.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTvVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKO+Q//TGSAM8N0dqIAi8AsD08fyJqsza70mF0PUq3w4Why0Se6Lm/XvBddR04N
oCP0dDELlcklB3OAj/TFO0IqnozL5FHsRPuE376bjy8i3mK85LvHbC9vxHPGD69A
OoKTgHAe62TqoSSkmJL66FIxbZlb9hh75k4KP2jyhhyD3o9YwuXPjF4vDbjD04s0
JW2CjDhv+KnTfhjhL/iM/GTHDUl6upv7rWd/6gaH5hr6XDnfiXkcl0fLvOCndw9l
asyXI/MjwkxxK25PKOX3/SixbiVR7oJTfafo6X/Jmw0ROACn3gxo3jaA9Rp/oGSJ
v5BmH9iimAC3o5B9/r2/NIeY0qfZ2DGA8SxOabeVUSppcfc9IvYFyf0FQB6A5Kb3
otWga6EGg9LutRGT3MX8DMjJ1CMIUIjWlC/szLMLHXGjw6XzL/VSA8W4A+X017eK
6IKs/EVxK7NIrxl2HX3hRC1Slx0MSqWGB3a9eQ4NY3n3C0medadUolKG6whfx7ru
qqBRavYT1C7JPKgNjWd+1x+fngslxlbBJCn8sSSk3pszvL7qcfJJAJbgwGYg+0t1
c9VdsdsKZBU+Eqe7rVdDxtiI80AR0j7AN8Ph0j2Zm4Ecd5HIj5DsVAwOB6aXz7Kv
+3dbvvrpkFWIpXtOMQ+Qs6YsuneeMIwl2wZ1bXhLBmEtWk94rro=
=rWoT
-----END PGP SIGNATURE-----

192652
share/security/patches/SA-19:03/wpa-11.patch Normal file
View file

File diff suppressed because it is too large Load diff

18
share/security/patches/SA-19:03/wpa-11.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTwNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJ2HQ//bJNllYuKVgeZ0ThrQL94Bmv7SV6VoIrzqsmPebv+4y9SqrVX980Q4TSI
bEZJA7lECANZfTLWH6r3z0ZdAZh/NN8wlj53mt0gLBl3v5hV+jznsKjNXKwvJJxw
m43XlMjfkOZzWn86d8mluGb0tjW0ymMaBEPA+izsopJHLS6Dz0MpKK0B5Jv/qVUp
T7cgE+GEm0JVUDyvS3GmQJLyHshk4MfZ25bCAmr0Ew88Ccrt4RB4YOTYLwWlcvv7
B7dN5Oxuj/bqF3hIZF16lNB2Pa+M7HM05hvniTlBIiBMovVD/XcC2gJIUAQw1s+J
9tPQ7WbWnLsAZAOZ4Wdjzm5xaQItHe+X2b0mrmnSPnMoGQ/knTrhPVx9lcO9kJPi
i5K++TTWEbmHtRwBcK8K7oVjTTHvA+UJsjFbWxsLfFHJXZzen7YrQL4zZUMUGIkt
VbwAsQYTk5nYCBm11OpzUw9GUkjwqk8SSIQ/6107Fe7//hbfjnJe8fBlqf71vfdc
z8F2rI60YXKEXyZtTnJKWse4WwCCi3f7Lqw0zSQPleeBX76Y+RaWELMsX0GbsdVf
JjrbjmJ+XBaDClUDM7H2HKUMA7seBrWBMrymDQCX9dU/94FX2r39EHV5v//Ox1Ha
4gxqsZd/BCu1RmYOZNwiKiSL7xnzWJ2a/Cr6A590UsyLbHH7nrs=
=D5Zr
-----END PGP SIGNATURE-----

133835
share/security/patches/SA-19:03/wpa-12.patch Normal file
View file

File diff suppressed because it is too large Load diff

18
share/security/patches/SA-19:03/wpa-12.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTwZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cK67g//c89FjYP8LEdMVzmW0PDsYz7+KBZS8LapC4aolnGSTCHTY5nqrr6Or/+x
dRUvWUvSCH+SHQSu2UIc3B6GAZYXu+ItirJKyscawU4gzGYqzcVK5/nPMRtkU8ui
XUpE8CV99lMdhtEAQqaUyxPlw3osWy8xltZ+bJwoKfkFmLs7ak8UAS0WDEw8UNKd
H6ufDuROMa53tSnMR0JXNndjFuBPdut1SOhkvfiKR/ExZEJWDS1U/sGWowbkuzg3
rkng1hIZap6o41Rb4CLMJP0IfsZ8nBUGnp1ig28D2+f2hovpT9iHGtVPgsteRFN4
+h6U4/pcKzHAyNK/zN8FTp0xiSwCJLzTuF/XXblihZqdXRZcRihUoDjtilGnUbEX
MDU+cTpYqS6QOtrNCOq/EZCaaD9egaf9eSAY5UVyaWfGozIxzUlW5rrK1f1yvwf5
GGHhRUvsIeBdT7EBPwX19IBZ7feMXicgSoMSH4/pNVOQg3znvmgCLFCOj6j+scOU
gssLecY/UteoAJYEHOXeptdLniRlFeuN6u5Y0XNCNQIQcSyVtj2i7fAGBy2Y4sBw
R7necUSEMKLJupUic4bXPRNsev9Y+KEYBVkY+5syukNtGupIzO3vFzkNmhZN1Xev
bfOk1ju+yA75eMpqYInu3IUo7tzs3F+FbO/NtFHq2miTI2LqBls=
=cZ62
-----END PGP SIGNATURE-----

43036
share/security/patches/SA-19:04/ntp-11.2.patch Normal file
View file

File diff suppressed because it is too large Load diff

18
share/security/patches/SA-19:04/ntp-11.2.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTw1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cIoLA/+P9GyS7gLig16g1RcAYBvG52tCtCT8DvF5TqJn5ZjveLdgKkrUstS8ij9
q9fDDplReMb4bFTq9ciYR1biamFdbI7H7ah/ezYjjEO2ql3TD+jfXtCLniQtzzOq
+bAVYpvTiJOoA9bchPd8SYya9JBm1EmH092o6XGTdfq8uiapTiCnMXEE0Aq24sgG
7MtX1udt1JWHUY4SrICtO/0u+kmeuRWFQPy8qQow87+o1W9Pkhzoq/xAuCWzOBUx
zNl7UsNdPL/p32Wlg5soEDLCNlvt9zOk1aIOLrYhnFjv6q+dYxyrKghcpTowZmnZ
Cz3Xu31sXxyQ6OX8fnkGRB5HOpUj0iqjGlghtA66G2nYX8qcujBkrtlUkuw9XPZf
EwoWZnZ12yqcHpEi9EOTmGSXbybUSeczPCpi/CDniSBArzITa7KmBgq4BdtC1JSp
P/SAhFCWqMCzP5oSx2GQImvPS2qc0S/kbduNJxqfW7nQrpd07CTXhnMBU1qEK3xE
1rEBtB9ng9APqKGwNGNfRyjJp2Uf8Vk9dzWfGbTxESfhlwSKONFr+EqndLo4b9H4
hF9RNSqS8Xxm/ovopHWrBGxyj2xvhgpLPYVbQNPhkJLvSaaSUByxWF3L3hucaU4/
wswCOG8+fexdyzOUta3s+Zv6Cjt/0taVJnyI8mo6Jf5tjACywFM=
=XR9r
-----END PGP SIGNATURE-----

35712
share/security/patches/SA-19:04/ntp.patch Normal file
View file

File diff suppressed because it is too large Load diff

18
share/security/patches/SA-19:04/ntp.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTxRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cLlOA/8DpGOB64ytjNABnEpIOrZjO5NXIonhLLuOqn+LyBP2+lygAqarh98NMxF
uz3BYLN4u6TVkKJigw+szeDrJYPqcIynW5WoHYiuh3HguG6Ha/8qQhJZXFmHxKk3
v4XBXvtEWFtTt39h+OnWg/pebHbt6Y+BCIELp4ecsNOi6rWw1pU5jezG2hGCXVAu
yvBTkRwv0d4b27vl4vxZsbfbySgCwDZc3pCn2lmRJO8zUA1g9sxt1S3K+OGcwn6c
bUQI8ZsYzc0K28ywQGnux95/BCFiIZp/9IXKlYhn8yb/GhhOibpCQXr2q8oOsjh+
IxibU5biHj+RfQXx3xDHVIh171Zqo/wnX9dn7Y4p0qMk2XkSm0kB/EKXZnspVGkq
NxToj3sfSr3ccZzAKghMVuAKhpOChFFCgppkAPLQzzpIKMTR+FmD9JyuYSeiMztG
tJUidNRQT+OZipIrN4sFowJQlNUjfY+qZBgxbdmyRkcNtdf+2rSu3w137A8Dg5BM
pVCvbKudRthYXVxCwbO04jK8MIaVa8Ign7mkixtnNeSbJzpmpgQP4/iFfPqQgp7/
XVugq2pOQljc9hk9ua263heu22UW0Cl962Fa3vhZrGipQKoME9JkSS/o1DDPLGkj
hQR3eFD+GVHyzCP9y2cRCQRjZ/mbM/KZxIlLsWjFh1n6BFsxvMo=
=RCQb
-----END PGP SIGNATURE-----

16
share/security/patches/SA-19:05/pf.patch Normal file
View file

@ -0,0 +1,16 @@
--- sys/netpfil/pf/pf_norm.c.orig
+++ sys/netpfil/pf/pf_norm.c
@@ -668,11 +668,11 @@
}
/* We have all the data. */
+ frent = TAILQ_FIRST(&frag->fr_queue);
+ KASSERT(frent != NULL, ("frent != NULL"));
extoff = frent->fe_extoff;
maxlen = frag->fr_maxlen;
frag_id = frag->fr_id;
- frent = TAILQ_FIRST(&frag->fr_queue);
- KASSERT(frent != NULL, ("frent != NULL"));
total = TAILQ_LAST(&frag->fr_queue, pf_fragq)->fe_off +
TAILQ_LAST(&frag->fr_queue, pf_fragq)->fe_len;
hdrlen = frent->fe_hdrlen - sizeof(struct ip6_frag);

18
share/security/patches/SA-19:05/pf.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTyFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cL0eg//VoJTYhvimbushS5esl8YNR+uVCBrum/Pbfl+983zAY3U4mN/JC2VdHC6
DGwA/DKWpYsIXdop+W/+zxuik0XS79BLj9AVCGWGhRAGUBQjR75JHOV9sdnSIW9i
TX+wS+DHQKHJCyDWDReQ/7NiluRa0vMl1AZHYOdmZux5npUWpAhaj/pImPl0GJ9x
UUlB75CKtli0uP8pDFatibf2k+4DfonA+MrV0KKcHajOu1tkwZeFS9mZ28f7ogFh
aYerNnjStw9sg0b2gv7HgseJ9tewq54W8mL9VU7xrwuxPCQXaaZ7ZdYoXCpUk7Bf
VV2kOKxXU+Z+GxTPbsMAPlRTiOCtPx5/rdhEmDkJ/uBSmC3k/ttHHEXIvovAHN0+
e2cHXwrDnfkjkcjPJyrrPgi6D2FdS2p9CpQmLWFDdDLAagbplDHqcXgu3FWgaFHh
lNp5REzyMii52KS8WKiIqA5ArmBMFhtrjqZRVppEuLddzan2D78i6HJrISPODHaE
MtGTTMWHGj9ecGqibofIlP2pymH2/vUoXRcVmHjFTF65Upy270Pt2sl003RojQCL
l1+4CGnr9J2nPmFgXSwBcQCjcWmefx5DbKDcNsUI43Ozp03Il9Oio2VKKsBlPSP0
+TKhlzUSpcwxPG1MS5o3ca9vB9dNa4gv1F6ehRR76+ukPJ3JS6A=
=Gu+c
-----END PGP SIGNATURE-----

69
share/security/patches/SA-19:06/pf.patch Normal file
View file

@ -0,0 +1,69 @@
--- sys/netpfil/pf/pf.c.orig
+++ sys/netpfil/pf/pf.c
@@ -4588,7 +4588,7 @@
{
struct pf_addr *saddr = pd->src, *daddr = pd->dst;
u_int16_t icmpid = 0, *icmpsum;
- u_int8_t icmptype;
+ u_int8_t icmptype, icmpcode;
int state_icmp = 0;
struct pf_state_key_cmp key;
@@ -4597,6 +4597,7 @@
#ifdef INET
case IPPROTO_ICMP:
icmptype = pd->hdr.icmp->icmp_type;
+ icmpcode = pd->hdr.icmp->icmp_code;
icmpid = pd->hdr.icmp->icmp_id;
icmpsum = &pd->hdr.icmp->icmp_cksum;
@@ -4611,6 +4612,7 @@
#ifdef INET6
case IPPROTO_ICMPV6:
icmptype = pd->hdr.icmp6->icmp6_type;
+ icmpcode = pd->hdr.icmp6->icmp6_code;
icmpid = pd->hdr.icmp6->icmp6_id;
icmpsum = &pd->hdr.icmp6->icmp6_cksum;
@@ -4809,6 +4811,23 @@
#endif /* INET6 */
}
+ if (PF_ANEQ(pd->dst, pd2.src, pd->af)) {
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+ printf("pf: BAD ICMP %d:%d outer dst: ",
+ icmptype, icmpcode);
+ pf_print_host(pd->src, 0, pd->af);
+ printf(" -> ");
+ pf_print_host(pd->dst, 0, pd->af);
+ printf(" inner src: ");
+ pf_print_host(pd2.src, 0, pd2.af);
+ printf(" -> ");
+ pf_print_host(pd2.dst, 0, pd2.af);
+ printf("\n");
+ }
+ REASON_SET(reason, PFRES_BADSTATE);
+ return (PF_DROP);
+ }
+
switch (pd2.proto) {
case IPPROTO_TCP: {
struct tcphdr th;
@@ -4865,7 +4884,7 @@
!SEQ_GEQ(seq, src->seqlo - (dst->max_win << dws)))) {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
printf("pf: BAD ICMP %d:%d ",
- icmptype, pd->hdr.icmp->icmp_code);
+ icmptype, icmpcode);
pf_print_host(pd->src, 0, pd->af);
printf(" -> ");
pf_print_host(pd->dst, 0, pd->af);
@@ -4878,7 +4897,7 @@
} else {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
printf("pf: OK ICMP %d:%d ",
- icmptype, pd->hdr.icmp->icmp_code);
+ icmptype, icmpcode);
pf_print_host(pd->src, 0, pd->af);
printf(" -> ");
pf_print_host(pd->dst, 0, pd->af);

18
share/security/patches/SA-19:06/pf.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTyVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cLs9g//QQMnRbFNXFGIPXdRWlGzVuFgUU+7zAA2gWk7nnpiwJPvGXeCTxhRShJF
E9qT/YDVO4D4kx2IqQsJl14IjN+VsujCUAAXyf9XXsapq/ka17in1SOk11/Sz6LO
6YdcZ9OS4PGrexxE6hk4S7QWNM5z6wDnufsLYVQcdE+KA/OWlrVqNEJmWDq7+Cfi
5IU6r+UVO3vwV42ns9EjoHOLDi2C0s2FK+1EKewAs9fAe2L+TSlPNjBncWoAlsL4
dC+pNJbRigwRHM5YkAxs3X0GI+vytp5KI5IJtNavQJJGhp4ApyfLBG4JjlI2OYeI
BSHilewab94Po2fEKbUfts6Y3ZsHO17BeYvKxbkN9nFMi8LpSE/yvnVS/dCYOHPR
2jRQa86OFfgyVfXUIqPYMp0tCyYH5IT5VL03M827ipZD19TJJ6MH6Mlbg03q/2Gb
6QCBLBg2BaINCh+4VjY4TVGV1NfqMGfEWfbkNIRlg7xCGFzWU2dJYcIbfVmjJ/aB
qPcQPPr+WHFW7kMWcqXkI7koueF47W+2at3m6miUzEzEQHNLgf8lXsNGqpIsXa4b
X6OjEz1BpdkbdQLD8nEe2fcVm5z3LDhNZnOS4aeKQH4E7UxHuvFkESxj03fyLsAF
oDGWZ62LwbO4+dToHUlObCoUjjIzetESuldZTbJ/4Z0NB5R3rf4=
=GLeX
-----END PGP SIGNATURE-----

835
share/security/patches/SA-19:07/mds.11-stable.patch Normal file
View file

@ -0,0 +1,835 @@
Index: sys/amd64/amd64/exception.S
===================================================================
--- sys/amd64/amd64/exception.S (revision 347462)
+++ sys/amd64/amd64/exception.S (working copy)
@@ -502,6 +502,7 @@ fast_syscall_common:
testl $TDF_ASTPENDING | TDF_NEEDRESCHED,TD_FLAGS(%rax)
jne 3f
call handle_ibrs_exit
+ callq *mds_handler
/* Restore preserved registers. */
MEXITCOUNT
movq TF_RDI(%rsp),%rdi /* bonus; preserve arg 1 */
@@ -1139,6 +1140,7 @@ ld_regs:
jz 2f /* keep running with kernel GS.base */
cli
call handle_ibrs_exit_rs
+ callq *mds_handler
cmpq $~0,PCPU(UCR3)
je 1f
pushq %rdx
Index: sys/amd64/amd64/genassym.c
===================================================================
--- sys/amd64/amd64/genassym.c (revision 347462)
+++ sys/amd64/amd64/genassym.c (working copy)
@@ -231,6 +231,9 @@ ASSYM(PC_PTI_STACK, offsetof(struct pcpu, pc_pti_s
ASSYM(PC_PTI_STACK_SZ, PC_PTI_STACK_SZ);
ASSYM(PC_PTI_RSP0, offsetof(struct pcpu, pc_pti_rsp0));
ASSYM(PC_IBPB_SET, offsetof(struct pcpu, pc_ibpb_set));
+ASSYM(PC_MDS_TMP, offsetof(struct pcpu, pc_mds_tmp));
+ASSYM(PC_MDS_BUF, offsetof(struct pcpu, pc_mds_buf));
+ASSYM(PC_MDS_BUF64, offsetof(struct pcpu, pc_mds_buf64));
ASSYM(LA_EOI, LAPIC_EOI * LAPIC_MEM_MUL);
ASSYM(LA_ISR, LAPIC_ISR0 * LAPIC_MEM_MUL);
Index: sys/amd64/amd64/initcpu.c
===================================================================
--- sys/amd64/amd64/initcpu.c (revision 347462)
+++ sys/amd64/amd64/initcpu.c (working copy)
@@ -247,6 +247,7 @@ initializecpu(void)
}
hw_ibrs_recalculate();
hw_ssb_recalculate(false);
+ hw_mds_recalculate();
switch (cpu_vendor_id) {
case CPU_VENDOR_AMD:
init_amd();
Index: sys/amd64/amd64/machdep.c
===================================================================
--- sys/amd64/amd64/machdep.c (revision 347462)
+++ sys/amd64/amd64/machdep.c (working copy)
@@ -1864,6 +1864,7 @@ hammer_time(u_int64_t modulep, u_int64_t physfree)
TUNABLE_INT_FETCH("hw.ibrs_disable", &hw_ibrs_disable);
TUNABLE_INT_FETCH("hw.spec_store_bypass_disable", &hw_ssb_disable);
+ TUNABLE_INT_FETCH("hw.mds_disable", &hw_mds_disable);
/* Location of kernel stack for locore */
return ((u_int64_t)thread0.td_pcb);
Index: sys/amd64/amd64/support.S
===================================================================
--- sys/amd64/amd64/support.S (revision 347462)
+++ sys/amd64/amd64/support.S (working copy)
@@ -1,8 +1,13 @@
/*-
+ * Copyright (c) 2018-2019 The FreeBSD Foundation
* Copyright (c) 2003 Peter Wemm.
* Copyright (c) 1993 The Regents of the University of California.
* All rights reserved.
*
+ * Portions of this software were developed by
+ * Konstantin Belousov <kib@FreeBSD.org> under sponsorship from
+ * the FreeBSD Foundation.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -925,3 +930,239 @@ ENTRY(flush_l1d_sw)
ret
#undef L1D_FLUSH_SIZE
END(flush_l1d_sw)
+
+ENTRY(mds_handler_void)
+ retq
+END(mds_handler_void)
+
+ENTRY(mds_handler_verw)
+ subq $8, %rsp
+ movw %ds, (%rsp)
+ verw (%rsp)
+ addq $8, %rsp
+ retq
+END(mds_handler_verw)
+
+ENTRY(mds_handler_ivb)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ lfence
+ orpd (%rdx), %xmm0
+ orpd (%rdx), %xmm0
+ mfence
+ movl $40, %ecx
+ addq $16, %rdx
+2: movntdq %xmm0, (%rdx)
+ addq $16, %rdx
+ decl %ecx
+ jnz 2b
+ mfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_ivb)
+
+ENTRY(mds_handler_bdw)
+ pushq %rax
+ pushq %rbx
+ pushq %rcx
+ pushq %rdi
+ pushq %rsi
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rbx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ movq %rbx, %rdi
+ movq %rbx, %rsi
+ movl $40, %ecx
+2: movntdq %xmm0, (%rbx)
+ addq $16, %rbx
+ decl %ecx
+ jnz 2b
+ mfence
+ movl $1536, %ecx
+ rep; movsb
+ lfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rsi
+ popq %rdi
+ popq %rcx
+ popq %rbx
+ popq %rax
+ retq
+END(mds_handler_bdw)
+
+ENTRY(mds_handler_skl_sse)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+ pushq %rdi
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdi
+ movq PCPU(MDS_BUF64), %rdx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ lfence
+ orpd (%rdx), %xmm0
+ orpd (%rdx), %xmm0
+ xorl %eax, %eax
+2: clflushopt 5376(%rdi, %rax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ movdqa PCPU(MDS_TMP), %xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rdi
+ popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_skl_sse)
+
+ENTRY(mds_handler_skl_avx)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+ pushq %rdi
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdi
+ movq PCPU(MDS_BUF64), %rdx
+ vmovdqa %ymm0, PCPU(MDS_TMP)
+ vpxor %ymm0, %ymm0, %ymm0
+
+ lfence
+ vorpd (%rdx), %ymm0, %ymm0
+ vorpd (%rdx), %ymm0, %ymm0
+ xorl %eax, %eax
+2: clflushopt 5376(%rdi, %rax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ vmovdqa PCPU(MDS_TMP), %ymm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rdi
+ popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_skl_avx)
+
+ENTRY(mds_handler_skl_avx512)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+ pushq %rdi
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdi
+ movq PCPU(MDS_BUF64), %rdx
+ vmovdqa64 %zmm0, PCPU(MDS_TMP)
+ vpxor %zmm0, %zmm0, %zmm0
+
+ lfence
+ vorpd (%rdx), %zmm0, %zmm0
+ vorpd (%rdx), %zmm0, %zmm0
+ xorl %eax, %eax
+2: clflushopt 5376(%rdi, %rax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ vmovdqa64 PCPU(MDS_TMP), %zmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rdi
+ popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_skl_avx512)
+
+ENTRY(mds_handler_silvermont)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ movl $16, %ecx
+2: movntdq %xmm0, (%rdx)
+ addq $16, %rdx
+ decl %ecx
+ jnz 2b
+ mfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_silvermont)
Index: sys/amd64/include/pcpu.h
===================================================================
--- sys/amd64/include/pcpu.h (revision 347462)
+++ sys/amd64/include/pcpu.h (working copy)
@@ -74,7 +74,11 @@
uint32_t pc_pcid_gen; \
uint32_t pc_smp_tlb_done; /* TLB op acknowledgement */ \
uint32_t pc_ibpb_set; \
- char __pad[88] /* be divisor of PAGE_SIZE \
+ void *pc_mds_buf; \
+ void *pc_mds_buf64; \
+ uint32_t pc_pad[2]; \
+ uint8_t pc_mds_tmp[64]; \
+ char __pad[1024] /* be divisor of PAGE_SIZE \
after cache alignment */
#define PC_DBREG_CMD_NONE 0
Index: sys/dev/cpuctl/cpuctl.c
===================================================================
--- sys/dev/cpuctl/cpuctl.c (revision 347462)
+++ sys/dev/cpuctl/cpuctl.c (working copy)
@@ -530,6 +530,7 @@ cpuctl_do_eval_cpu_features(int cpu, struct thread
hw_ibrs_recalculate();
restore_cpu(oldcpu, is_bound, td);
hw_ssb_recalculate(true);
+ hw_mds_recalculate();
printcpuinfo();
return (0);
}
Index: sys/i386/i386/exception.s
===================================================================
--- sys/i386/i386/exception.s (revision 347462)
+++ sys/i386/i386/exception.s (working copy)
@@ -406,6 +406,7 @@ doreti_ast:
*/
doreti_exit:
MEXITCOUNT
+ call *mds_handler
.globl doreti_popl_fs
doreti_popl_fs:
Index: sys/i386/i386/genassym.c
===================================================================
--- sys/i386/i386/genassym.c (revision 347462)
+++ sys/i386/i386/genassym.c (working copy)
@@ -217,6 +217,9 @@ ASSYM(PC_CURRENTLDT, offsetof(struct pcpu, pc_curr
ASSYM(PC_CPUID, offsetof(struct pcpu, pc_cpuid));
ASSYM(PC_CURPMAP, offsetof(struct pcpu, pc_curpmap));
ASSYM(PC_PRIVATE_TSS, offsetof(struct pcpu, pc_private_tss));
+ASSYM(PC_MDS_TMP, offsetof(struct pcpu, pc_mds_tmp));
+ASSYM(PC_MDS_BUF, offsetof(struct pcpu, pc_mds_buf));
+ASSYM(PC_MDS_BUF64, offsetof(struct pcpu, pc_mds_buf64));
#ifdef DEV_APIC
ASSYM(LA_EOI, LAPIC_EOI * LAPIC_MEM_MUL);
Index: sys/i386/i386/initcpu.c
===================================================================
--- sys/i386/i386/initcpu.c (revision 347462)
+++ sys/i386/i386/initcpu.c (working copy)
@@ -769,6 +769,7 @@ initializecpu(void)
elf32_nxstack = 1;
}
#endif
+ hw_mds_recalculate();
if ((amd_feature & AMDID_RDTSCP) != 0 ||
(cpu_stdext_feature2 & CPUID_STDEXT2_RDPID) != 0)
wrmsr(MSR_TSC_AUX, PCPU_GET(cpuid));
Index: sys/i386/i386/support.s
===================================================================
--- sys/i386/i386/support.s (revision 347462)
+++ sys/i386/i386/support.s (working copy)
@@ -826,3 +826,187 @@ END(handle_ibrs_entry)
ENTRY(handle_ibrs_exit)
ret
END(handle_ibrs_exit)
+
+ENTRY(mds_handler_void)
+ ret
+END(mds_handler_void)
+
+ENTRY(mds_handler_verw)
+ subl $4, %esp
+ movw %ds, (%esp)
+ verw (%esp)
+ addl $4, %esp
+ ret
+END(mds_handler_verw)
+
+ENTRY(mds_handler_ivb)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ lfence
+ orpd (%edx), %xmm0
+ orpd (%edx), %xmm0
+ mfence
+ movl $40, %ecx
+ addl $16, %edx
+2: movntdq %xmm0, (%edx)
+ addl $16, %edx
+ decl %ecx
+ jnz 2b
+ mfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_ivb)
+
+ENTRY(mds_handler_bdw)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %ebx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ movl %ebx, %edi
+ movl %ebx, %esi
+ movl $40, %ecx
+2: movntdq %xmm0, (%ebx)
+ addl $16, %ebx
+ decl %ecx
+ jnz 2b
+ mfence
+ movl $1536, %ecx
+ rep; movsb
+ lfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_bdw)
+
+ENTRY(mds_handler_skl_sse)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edi
+ movl PCPU(MDS_BUF64), %edx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ lfence
+ orpd (%edx), %xmm0
+ orpd (%edx), %xmm0
+ xorl %eax, %eax
+2: clflushopt 5376(%edi, %eax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ movdqa PCPU(MDS_TMP), %xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_skl_sse)
+
+ENTRY(mds_handler_skl_avx)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edi
+ movl PCPU(MDS_BUF64), %edx
+ vmovdqa %ymm0, PCPU(MDS_TMP)
+ vpxor %ymm0, %ymm0, %ymm0
+
+ lfence
+ vorpd (%edx), %ymm0, %ymm0
+ vorpd (%edx), %ymm0, %ymm0
+ xorl %eax, %eax
+2: clflushopt 5376(%edi, %eax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ vmovdqa PCPU(MDS_TMP), %ymm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_skl_avx)
+
+ENTRY(mds_handler_skl_avx512)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edi
+ movl PCPU(MDS_BUF64), %edx
+ vmovdqa64 %zmm0, PCPU(MDS_TMP)
+ vpxor %zmm0, %zmm0, %zmm0
+
+ lfence
+ vorpd (%edx), %zmm0, %zmm0
+ vorpd (%edx), %zmm0, %zmm0
+ xorl %eax, %eax
+2: clflushopt 5376(%edi, %eax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ vmovdqa64 PCPU(MDS_TMP), %zmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_skl_avx512)
+
+ENTRY(mds_handler_silvermont)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ movl $16, %ecx
+2: movntdq %xmm0, (%edx)
+ addl $16, %edx
+ decl %ecx
+ jnz 2b
+ mfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_silvermont)
Index: sys/i386/include/pcpu.h
===================================================================
--- sys/i386/include/pcpu.h (revision 347462)
+++ sys/i386/include/pcpu.h (working copy)
@@ -69,7 +69,11 @@
vm_offset_t pc_qmap_addr; /* KVA for temporary mappings */\
uint32_t pc_smp_tlb_done; /* TLB op acknowledgement */ \
uint32_t pc_ibpb_set; \
- char __pad[185]
+ void *pc_mds_buf; \
+ void *pc_mds_buf64; \
+ uint32_t pc_pad[12]; \
+ uint8_t pc_mds_tmp[64]; \
+ char __pad[153]
#ifdef _KERNEL
Index: sys/x86/include/specialreg.h
===================================================================
--- sys/x86/include/specialreg.h (revision 347462)
+++ sys/x86/include/specialreg.h (working copy)
@@ -390,6 +390,7 @@
/*
* CPUID instruction 7 Structured Extended Features, leaf 0 edx info
*/
+#define CPUID_STDEXT3_MD_CLEAR 0x00000400
#define CPUID_STDEXT3_TSXFA 0x00002000
#define CPUID_STDEXT3_IBPB 0x04000000
#define CPUID_STDEXT3_STIBP 0x08000000
@@ -404,6 +405,7 @@
#define IA32_ARCH_CAP_RSBA 0x00000004
#define IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY 0x00000008
#define IA32_ARCH_CAP_SSB_NO 0x00000010
+#define IA32_ARCH_CAP_MDS_NO 0x00000020
/*
* CPUID manufacturers identifiers
Index: sys/x86/include/x86_var.h
===================================================================
--- sys/x86/include/x86_var.h (revision 347462)
+++ sys/x86/include/x86_var.h (working copy)
@@ -83,6 +83,7 @@ extern int use_xsave;
extern uint64_t xsave_mask;
extern int pti;
extern int hw_ibrs_active;
+extern int hw_mds_disable;
extern int hw_ssb_active;
struct pcb;
@@ -134,6 +135,7 @@ int isa_nmi(int cd);
void handle_ibrs_entry(void);
void handle_ibrs_exit(void);
void hw_ibrs_recalculate(void);
+void hw_mds_recalculate(void);
void hw_ssb_recalculate(bool all_cpus);
void nmi_call_kdb(u_int cpu, u_int type, struct trapframe *frame);
void nmi_call_kdb_smp(u_int type, struct trapframe *frame);
Index: sys/x86/x86/cpu_machdep.c
===================================================================
--- sys/x86/x86/cpu_machdep.c (revision 347462)
+++ sys/x86/x86/cpu_machdep.c (working copy)
@@ -945,3 +945,198 @@ SYSCTL_PROC(_hw, OID_AUTO, spec_store_bypass_disab
hw_ssb_disable_handler, "I",
"Speculative Store Bypass Disable (0 - off, 1 - on, 2 - auto");
+int hw_mds_disable;
+
+/*
+ * Handler for Microarchitectural Data Sampling issues. Really not a
+ * pointer to C function: on amd64 the code must not change any CPU
+ * architectural state except possibly %rflags. Also, it is always
+ * called with interrupts disabled.
+ */
+void (*mds_handler)(void);
+void mds_handler_void(void);
+void mds_handler_verw(void);
+void mds_handler_ivb(void);
+void mds_handler_bdw(void);
+void mds_handler_skl_sse(void);
+void mds_handler_skl_avx(void);
+void mds_handler_skl_avx512(void);
+void mds_handler_silvermont(void);
+
+static int
+sysctl_hw_mds_disable_state_handler(SYSCTL_HANDLER_ARGS)
+{
+ const char *state;
+
+ if (mds_handler == mds_handler_void)
+ state = "inactive";
+ else if (mds_handler == mds_handler_verw)
+ state = "VERW";
+ else if (mds_handler == mds_handler_ivb)
+ state = "software IvyBridge";
+ else if (mds_handler == mds_handler_bdw)
+ state = "software Broadwell";
+ else if (mds_handler == mds_handler_skl_sse)
+ state = "software Skylake SSE";
+ else if (mds_handler == mds_handler_skl_avx)
+ state = "software Skylake AVX";
+ else if (mds_handler == mds_handler_skl_avx512)
+ state = "software Skylake AVX512";
+ else if (mds_handler == mds_handler_silvermont)
+ state = "software Silvermont";
+ else
+ state = "unknown";
+ return (SYSCTL_OUT(req, state, strlen(state)));
+}
+
+SYSCTL_PROC(_hw, OID_AUTO, mds_disable_state,
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
+ sysctl_hw_mds_disable_state_handler, "A",
+ "Microarchitectural Data Sampling Mitigation state");
+
+_Static_assert(__offsetof(struct pcpu, pc_mds_tmp) % 64 == 0, "MDS AVX512");
+
+void
+hw_mds_recalculate(void)
+{
+ struct pcpu *pc;
+ vm_offset_t b64;
+ u_long xcr0;
+ int i;
+
+ /*
+ * Allow user to force VERW variant even if MD_CLEAR is not
+ * reported. For instance, hypervisor might unknowingly
+ * filter the cap out.
+ * For the similar reasons, and for testing, allow to enable
+ * mitigation even for RDCL_NO or MDS_NO caps.
+ */
+ if (cpu_vendor_id != CPU_VENDOR_INTEL || hw_mds_disable == 0 ||
+ ((cpu_ia32_arch_caps & (IA32_ARCH_CAP_RDCL_NO |
+ IA32_ARCH_CAP_MDS_NO)) != 0 && hw_mds_disable == 3)) {
+ mds_handler = mds_handler_void;
+ } else if (((cpu_stdext_feature3 & CPUID_STDEXT3_MD_CLEAR) != 0 &&
+ hw_mds_disable == 3) || hw_mds_disable == 1) {
+ mds_handler = mds_handler_verw;
+ } else if (CPUID_TO_FAMILY(cpu_id) == 0x6 &&
+ (CPUID_TO_MODEL(cpu_id) == 0x2e || CPUID_TO_MODEL(cpu_id) == 0x1e ||
+ CPUID_TO_MODEL(cpu_id) == 0x1f || CPUID_TO_MODEL(cpu_id) == 0x1a ||
+ CPUID_TO_MODEL(cpu_id) == 0x2f || CPUID_TO_MODEL(cpu_id) == 0x25 ||
+ CPUID_TO_MODEL(cpu_id) == 0x2c || CPUID_TO_MODEL(cpu_id) == 0x2d ||
+ CPUID_TO_MODEL(cpu_id) == 0x2a || CPUID_TO_MODEL(cpu_id) == 0x3e ||
+ CPUID_TO_MODEL(cpu_id) == 0x3a) &&
+ (hw_mds_disable == 2 || hw_mds_disable == 3)) {
+ /*
+ * Nehalem, SandyBridge, IvyBridge
+ */
+ CPU_FOREACH(i) {
+ pc = pcpu_find(i);
+ if (pc->pc_mds_buf == NULL) {
+ pc->pc_mds_buf = malloc(672, M_TEMP,
+ M_WAITOK);
+ bzero(pc->pc_mds_buf, 16);
+ }
+ }
+ mds_handler = mds_handler_ivb;
+ } else if (CPUID_TO_FAMILY(cpu_id) == 0x6 &&
+ (CPUID_TO_MODEL(cpu_id) == 0x3f || CPUID_TO_MODEL(cpu_id) == 0x3c ||
+ CPUID_TO_MODEL(cpu_id) == 0x45 || CPUID_TO_MODEL(cpu_id) == 0x46 ||
+ CPUID_TO_MODEL(cpu_id) == 0x56 || CPUID_TO_MODEL(cpu_id) == 0x4f ||
+ CPUID_TO_MODEL(cpu_id) == 0x47 || CPUID_TO_MODEL(cpu_id) == 0x3d) &&
+ (hw_mds_disable == 2 || hw_mds_disable == 3)) {
+ /*
+ * Haswell, Broadwell
+ */
+ CPU_FOREACH(i) {
+ pc = pcpu_find(i);
+ if (pc->pc_mds_buf == NULL) {
+ pc->pc_mds_buf = malloc(1536, M_TEMP,
+ M_WAITOK);
+ bzero(pc->pc_mds_buf, 16);
+ }
+ }
+ mds_handler = mds_handler_bdw;
+ } else if (CPUID_TO_FAMILY(cpu_id) == 0x6 &&
+ ((CPUID_TO_MODEL(cpu_id) == 0x55 && (cpu_id &
+ CPUID_STEPPING) <= 5) ||
+ CPUID_TO_MODEL(cpu_id) == 0x4e || CPUID_TO_MODEL(cpu_id) == 0x5e ||
+ (CPUID_TO_MODEL(cpu_id) == 0x8e && (cpu_id &
+ CPUID_STEPPING) <= 0xb) ||
+ (CPUID_TO_MODEL(cpu_id) == 0x9e && (cpu_id &
+ CPUID_STEPPING) <= 0xc)) &&
+ (hw_mds_disable == 2 || hw_mds_disable == 3)) {
+ /*
+ * Skylake, KabyLake, CoffeeLake, WhiskeyLake,
+ * CascadeLake
+ */
+ CPU_FOREACH(i) {
+ pc = pcpu_find(i);
+ if (pc->pc_mds_buf == NULL) {
+ pc->pc_mds_buf = malloc(6 * 1024,
+ M_TEMP, M_WAITOK);
+ b64 = (vm_offset_t)malloc(64 + 63,
+ M_TEMP, M_WAITOK);
+ pc->pc_mds_buf64 = (void *)roundup2(b64, 64);
+ bzero(pc->pc_mds_buf64, 64);
+ }
+ }
+ xcr0 = rxcr(0);
+ if ((xcr0 & XFEATURE_ENABLED_ZMM_HI256) != 0 &&
+ (cpu_stdext_feature2 & CPUID_STDEXT_AVX512DQ) != 0)
+ mds_handler = mds_handler_skl_avx512;
+ else if ((xcr0 & XFEATURE_ENABLED_AVX) != 0 &&
+ (cpu_feature2 & CPUID2_AVX) != 0)
+ mds_handler = mds_handler_skl_avx;
+ else
+ mds_handler = mds_handler_skl_sse;
+ } else if (CPUID_TO_FAMILY(cpu_id) == 0x6 &&
+ ((CPUID_TO_MODEL(cpu_id) == 0x37 ||
+ CPUID_TO_MODEL(cpu_id) == 0x4a ||
+ CPUID_TO_MODEL(cpu_id) == 0x4c ||
+ CPUID_TO_MODEL(cpu_id) == 0x4d ||
+ CPUID_TO_MODEL(cpu_id) == 0x5a ||
+ CPUID_TO_MODEL(cpu_id) == 0x5d ||
+ CPUID_TO_MODEL(cpu_id) == 0x6e ||
+ CPUID_TO_MODEL(cpu_id) == 0x65 ||
+ CPUID_TO_MODEL(cpu_id) == 0x75 ||
+ CPUID_TO_MODEL(cpu_id) == 0x1c ||
+ CPUID_TO_MODEL(cpu_id) == 0x26 ||
+ CPUID_TO_MODEL(cpu_id) == 0x27 ||
+ CPUID_TO_MODEL(cpu_id) == 0x35 ||
+ CPUID_TO_MODEL(cpu_id) == 0x36 ||
+ CPUID_TO_MODEL(cpu_id) == 0x7a))) {
+ /* Silvermont, Airmont */
+ CPU_FOREACH(i) {
+ pc = pcpu_find(i);
+ if (pc->pc_mds_buf == NULL)
+ pc->pc_mds_buf = malloc(256, M_TEMP, M_WAITOK);
+ }
+ mds_handler = mds_handler_silvermont;
+ } else {
+ hw_mds_disable = 0;
+ mds_handler = mds_handler_void;
+ }
+}
+
+static int
+sysctl_mds_disable_handler(SYSCTL_HANDLER_ARGS)
+{
+ int error, val;
+
+ val = hw_mds_disable;
+ error = sysctl_handle_int(oidp, &val, 0, req);
+ if (error != 0 || req->newptr == NULL)
+ return (error);
+ if (val < 0 || val > 3)
+ return (EINVAL);
+ hw_mds_disable = val;
+ hw_mds_recalculate();
+ return (0);
+}
+
+SYSCTL_PROC(_hw, OID_AUTO, mds_disable, CTLTYPE_INT |
+ CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_MPSAFE, NULL, 0,
+ sysctl_mds_disable_handler, "I",
+ "Microarchitectural Data Sampling Mitigation "
+ "(0 - off, 1 - on VERW, 2 - on SW, 3 - on AUTO");
+

18
share/security/patches/SA-19:07/mds.11-stable.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTy9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJZhxAAlrxr7GJc0T1yKC/HqKRMfpDw1rQyhJfBz5/qJ/iOCrEE7wTNON6ER+z/
KyzXLsiJ0w6hec16OZuWuaYx3eM3y0Xd5NZ7T+swCd+LHgdKmoeDa1RLIRV6516w
zUoqGtg9Sg3YklLeZKQVtyFzsrRvkda1v6fEZ6/jnV2MVfhKtjswx4YEP5OsLB0Z
jcw4AyIafmmpI76q8ZCCn+FFPIcGv08brBwkJ2D5WMKRfIJMQeBzat2E8JoFknEn
JAdDAvYwpepQnP9jDVEJU7TVU8ihdv1BBDOct8gk+dSAoaPyYdZKy44LVOlSJc9e
YXgBZvWiH+fgaH9tkHj5L98V1IiGU1hZ7lKl9zXK+fMJNNJ3JUuc2PNR5gLsKgmV
u5X5Fz+wQ9GwJIR4W9vFfCVMAnOiAahnrvs0EsoU8GOh87X6QTWrr5sfPmBRyWTl
3wtM5Q3VthUqheNh15jASB5On9WP6I6rReCFFpe8YVMARpcf2WyDlV6EEFQvd4uS
ThqlKtXyYBKcn5iEE8B2MHAlATW5S0NeZA/IEeOwfRyM21Lec0Y8oxBVGcCTSH63
xlpycj6uo+owK0XTPNyHmvFMnHXzgzOUflo8C/H1NRP+cj+fbb3k2bSldUPY5sEu
7i2Iy39trv5NoH1aNfxURv4yDTz61LTXNhh9RyTsFRNMfcjLyTo=
=r13C
-----END PGP SIGNATURE-----

849
share/security/patches/SA-19:07/mds.11.2.patch Normal file
View file

@ -0,0 +1,849 @@
Index: sys/amd64/amd64/exception.S
===================================================================
--- sys/amd64/amd64/exception.S (revision 347486)
+++ sys/amd64/amd64/exception.S (working copy)
@@ -487,6 +487,7 @@ fast_syscall_common:
testl $TDF_ASTPENDING | TDF_NEEDRESCHED,TD_FLAGS(%rax)
jne 3f
call handle_ibrs_exit
+ callq *mds_handler
/* Restore preserved registers. */
MEXITCOUNT
movq TF_RDI(%rsp),%rdi /* bonus; preserve arg 1 */
@@ -1121,6 +1122,7 @@ ld_regs:
jz 2f /* keep running with kernel GS.base */
cli
call handle_ibrs_exit_rs
+ callq *mds_handler
cmpb $0,pti
je 1f
pushq %rdx
Index: sys/amd64/amd64/genassym.c
===================================================================
--- sys/amd64/amd64/genassym.c (revision 347486)
+++ sys/amd64/amd64/genassym.c (working copy)
@@ -230,6 +230,9 @@ ASSYM(PC_SAVED_UCR3, offsetof(struct pcpu, pc_save
ASSYM(PC_PTI_STACK, offsetof(struct pcpu, pc_pti_stack));
ASSYM(PC_PTI_STACK_SZ, PC_PTI_STACK_SZ);
ASSYM(PC_IBPB_SET, offsetof(struct pcpu, pc_ibpb_set));
+ASSYM(PC_MDS_TMP, offsetof(struct pcpu, pc_mds_tmp));
+ASSYM(PC_MDS_BUF, offsetof(struct pcpu, pc_mds_buf));
+ASSYM(PC_MDS_BUF64, offsetof(struct pcpu, pc_mds_buf64));
ASSYM(LA_EOI, LAPIC_EOI * LAPIC_MEM_MUL);
ASSYM(LA_ISR, LAPIC_ISR0 * LAPIC_MEM_MUL);
Index: sys/amd64/amd64/initcpu.c
===================================================================
--- sys/amd64/amd64/initcpu.c (revision 347486)
+++ sys/amd64/amd64/initcpu.c (working copy)
@@ -223,6 +223,7 @@ initializecpu(void)
}
hw_ibrs_recalculate();
hw_ssb_recalculate(false);
+ hw_mds_recalculate();
switch (cpu_vendor_id) {
case CPU_VENDOR_AMD:
init_amd();
Index: sys/amd64/amd64/machdep.c
===================================================================
--- sys/amd64/amd64/machdep.c (revision 347486)
+++ sys/amd64/amd64/machdep.c (working copy)
@@ -1851,6 +1851,7 @@ hammer_time(u_int64_t modulep, u_int64_t physfree)
TUNABLE_INT_FETCH("hw.ibrs_disable", &hw_ibrs_disable);
TUNABLE_INT_FETCH("hw.spec_store_bypass_disable", &hw_ssb_disable);
+ TUNABLE_INT_FETCH("hw.mds_disable", &hw_mds_disable);
/* Location of kernel stack for locore */
return ((u_int64_t)thread0.td_pcb);
Index: sys/amd64/amd64/support.S
===================================================================
--- sys/amd64/amd64/support.S (revision 347486)
+++ sys/amd64/amd64/support.S (working copy)
@@ -1,8 +1,13 @@
/*-
+ * Copyright (c) 2018-2019 The FreeBSD Foundation
* Copyright (c) 2003 Peter Wemm.
* Copyright (c) 1993 The Regents of the University of California.
* All rights reserved.
*
+ * Portions of this software were developed by
+ * Konstantin Belousov <kib@FreeBSD.org> under sponsorship from
+ * the FreeBSD Foundation.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -892,3 +897,246 @@ ENTRY(handle_ibrs_exit_rs)
END(handle_ibrs_exit_rs)
.noaltmacro
+
+ENTRY(mds_handler_void)
+ retq
+END(mds_handler_void)
+
+ENTRY(mds_handler_verw)
+ subq $8, %rsp
+ movw %ds, (%rsp)
+ verw (%rsp)
+ addq $8, %rsp
+ retq
+END(mds_handler_verw)
+
+ENTRY(mds_handler_ivb)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ lfence
+ orpd (%rdx), %xmm0
+ orpd (%rdx), %xmm0
+ mfence
+ movl $40, %ecx
+ addq $16, %rdx
+2: movntdq %xmm0, (%rdx)
+ addq $16, %rdx
+ decl %ecx
+ jnz 2b
+ mfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_ivb)
+
+ENTRY(mds_handler_bdw)
+ pushq %rax
+ pushq %rbx
+ pushq %rcx
+ pushq %rdi
+ pushq %rsi
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rbx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ movq %rbx, %rdi
+ movq %rbx, %rsi
+ movl $40, %ecx
+2: movntdq %xmm0, (%rbx)
+ addq $16, %rbx
+ decl %ecx
+ jnz 2b
+ mfence
+ movl $1536, %ecx
+ rep; movsb
+ lfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rsi
+ popq %rdi
+ popq %rcx
+ popq %rbx
+ popq %rax
+ retq
+END(mds_handler_bdw)
+
+ENTRY(mds_handler_skl_sse)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+ pushq %rdi
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdi
+ movq PCPU(MDS_BUF64), %rdx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ lfence
+ orpd (%rdx), %xmm0
+ orpd (%rdx), %xmm0
+ xorl %eax, %eax
+2: clflushopt 5376(%rdi, %rax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ movdqa PCPU(MDS_TMP), %xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rdi
+ popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_skl_sse)
+
+ENTRY(mds_handler_skl_avx)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+ pushq %rdi
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdi
+ movq PCPU(MDS_BUF64), %rdx
+ vmovdqa %ymm0, PCPU(MDS_TMP)
+ vpxor %ymm0, %ymm0, %ymm0
+
+ lfence
+ vorpd (%rdx), %ymm0, %ymm0
+ vorpd (%rdx), %ymm0, %ymm0
+ xorl %eax, %eax
+2: clflushopt 5376(%rdi, %rax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ vmovdqa PCPU(MDS_TMP), %ymm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rdi
+ popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_skl_avx)
+
+ENTRY(mds_handler_skl_avx512)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+ pushq %rdi
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdi
+ movq PCPU(MDS_BUF64), %rdx
+/* vmovdqa64 %zmm0, PCPU(MDS_TMP) */
+ .byte 0x65, 0x62, 0xf1, 0xfd, 0x48, 0x7f, 0x04, 0x25
+ .long PC_MDS_TMP
+/* vpxor %zmm0, %zmm0, %zmm0 */
+ .byte 0x62, 0xf1, 0xfd, 0x48, 0xef, 0xc0
+
+ lfence
+/* vorpd (%rdx), %zmm0, %zmm0 */
+ .byte 0x62, 0xf1, 0xfd, 0x48, 0x56, 0x02
+/* vorpd (%rdx), %zmm0, %zmm0 */
+ .byte 0x62, 0xf1, 0xfd, 0x48, 0x56, 0x02
+ xorl %eax, %eax
+2: clflushopt 5376(%rdi, %rax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+/* vmovdqa64 PCPU(MDS_TMP), %zmm0 */
+ .byte 0x65, 0x62, 0xf1, 0xfd, 0x48, 0x6f, 0x04, 0x25
+ .long PC_MDS_TMP
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rdi
+ popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_skl_avx512)
+
+ENTRY(mds_handler_silvermont)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ movl $16, %ecx
+2: movntdq %xmm0, (%rdx)
+ addq $16, %rdx
+ decl %ecx
+ jnz 2b
+ mfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_silvermont)
Index: sys/amd64/include/pcpu.h
===================================================================
--- sys/amd64/include/pcpu.h (revision 347486)
+++ sys/amd64/include/pcpu.h (working copy)
@@ -73,7 +73,11 @@
uint32_t pc_pcid_gen; \
uint32_t pc_smp_tlb_done; /* TLB op acknowledgement */ \
uint32_t pc_ibpb_set; \
- char __pad[96] /* be divisor of PAGE_SIZE \
+ void *pc_mds_buf; \
+ void *pc_mds_buf64; \
+ uint32_t pc_pad[20]; \
+ uint8_t pc_mds_tmp[64]; \
+ char __pad[960] /* be divisor of PAGE_SIZE \
after cache alignment */
#define PC_DBREG_CMD_NONE 0
Index: sys/dev/cpuctl/cpuctl.c
===================================================================
--- sys/dev/cpuctl/cpuctl.c (revision 347486)
+++ sys/dev/cpuctl/cpuctl.c (working copy)
@@ -530,6 +530,7 @@ cpuctl_do_eval_cpu_features(int cpu, struct thread
hw_ibrs_recalculate();
restore_cpu(oldcpu, is_bound, td);
hw_ssb_recalculate(true);
+ hw_mds_recalculate();
printcpuinfo();
return (0);
}
Index: sys/i386/i386/exception.s
===================================================================
--- sys/i386/i386/exception.s (revision 347486)
+++ sys/i386/i386/exception.s (working copy)
@@ -406,6 +406,7 @@ doreti_ast:
*/
doreti_exit:
MEXITCOUNT
+ call *mds_handler
.globl doreti_popl_fs
doreti_popl_fs:
Index: sys/i386/i386/genassym.c
===================================================================
--- sys/i386/i386/genassym.c (revision 347486)
+++ sys/i386/i386/genassym.c (working copy)
@@ -217,6 +217,9 @@ ASSYM(PC_CURRENTLDT, offsetof(struct pcpu, pc_curr
ASSYM(PC_CPUID, offsetof(struct pcpu, pc_cpuid));
ASSYM(PC_CURPMAP, offsetof(struct pcpu, pc_curpmap));
ASSYM(PC_PRIVATE_TSS, offsetof(struct pcpu, pc_private_tss));
+ASSYM(PC_MDS_TMP, offsetof(struct pcpu, pc_mds_tmp));
+ASSYM(PC_MDS_BUF, offsetof(struct pcpu, pc_mds_buf));
+ASSYM(PC_MDS_BUF64, offsetof(struct pcpu, pc_mds_buf64));
#ifdef DEV_APIC
ASSYM(LA_EOI, LAPIC_EOI * LAPIC_MEM_MUL);
Index: sys/i386/i386/initcpu.c
===================================================================
--- sys/i386/i386/initcpu.c (revision 347486)
+++ sys/i386/i386/initcpu.c (working copy)
@@ -768,6 +768,7 @@ initializecpu(void)
elf32_nxstack = 1;
}
#endif
+ hw_mds_recalculate();
}
void
Index: sys/i386/i386/support.s
===================================================================
--- sys/i386/i386/support.s (revision 347486)
+++ sys/i386/i386/support.s (working copy)
@@ -826,3 +826,194 @@ END(handle_ibrs_entry)
ENTRY(handle_ibrs_exit)
ret
END(handle_ibrs_exit)
+
+ENTRY(mds_handler_void)
+ ret
+END(mds_handler_void)
+
+ENTRY(mds_handler_verw)
+ subl $4, %esp
+ movw %ds, (%esp)
+ verw (%esp)
+ addl $4, %esp
+ ret
+END(mds_handler_verw)
+
+ENTRY(mds_handler_ivb)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ lfence
+ orpd (%edx), %xmm0
+ orpd (%edx), %xmm0
+ mfence
+ movl $40, %ecx
+ addl $16, %edx
+2: movntdq %xmm0, (%edx)
+ addl $16, %edx
+ decl %ecx
+ jnz 2b
+ mfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_ivb)
+
+ENTRY(mds_handler_bdw)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %ebx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ movl %ebx, %edi
+ movl %ebx, %esi
+ movl $40, %ecx
+2: movntdq %xmm0, (%ebx)
+ addl $16, %ebx
+ decl %ecx
+ jnz 2b
+ mfence
+ movl $1536, %ecx
+ rep; movsb
+ lfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_bdw)
+
+ENTRY(mds_handler_skl_sse)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edi
+ movl PCPU(MDS_BUF64), %edx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ lfence
+ orpd (%edx), %xmm0
+ orpd (%edx), %xmm0
+ xorl %eax, %eax
+2: clflushopt 5376(%edi, %eax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ movdqa PCPU(MDS_TMP), %xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_skl_sse)
+
+ENTRY(mds_handler_skl_avx)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edi
+ movl PCPU(MDS_BUF64), %edx
+ vmovdqa %ymm0, PCPU(MDS_TMP)
+ vpxor %ymm0, %ymm0, %ymm0
+
+ lfence
+ vorpd (%edx), %ymm0, %ymm0
+ vorpd (%edx), %ymm0, %ymm0
+ xorl %eax, %eax
+2: clflushopt 5376(%edi, %eax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ vmovdqa PCPU(MDS_TMP), %ymm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_skl_avx)
+
+ENTRY(mds_handler_skl_avx512)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edi
+ movl PCPU(MDS_BUF64), %edx
+/* vmovdqa64 %zmm0, PCPU(MDS_TMP) */
+ .byte 0x64, 0x62, 0xf1, 0xfd, 0x48, 0x7f, 0x05
+ .long PC_MDS_TMP
+/* vpxor %zmm0, %zmm0, %zmm0 */
+ .byte 0x62, 0xf1, 0xfd, 0x48, 0xef, 0xc0
+
+ lfence
+/* vorpd (%edx), %zmm0, %zmm0 */
+ .byte 0x62, 0xf1, 0xfd, 0x48, 0x56, 0x02
+/* vorpd (%edx), %zmm0, %zmm0 */
+ .byte 0x62, 0xf1, 0xfd, 0x48, 0x56, 0x02
+ xorl %eax, %eax
+2: clflushopt 5376(%edi, %eax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+/* vmovdqa64 PCPU(MDS_TMP), %zmm0 */
+ .byte 0x64, 0x62, 0xf1, 0xfd, 0x48, 0x6f, 0x05
+ .long PC_MDS_TMP
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_skl_avx512)
+
+ENTRY(mds_handler_silvermont)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ movl $16, %ecx
+2: movntdq %xmm0, (%edx)
+ addl $16, %edx
+ decl %ecx
+ jnz 2b
+ mfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_silvermont)
Index: sys/i386/include/pcpu.h
===================================================================
--- sys/i386/include/pcpu.h (revision 347486)
+++ sys/i386/include/pcpu.h (working copy)
@@ -69,7 +69,11 @@
vm_offset_t pc_qmap_addr; /* KVA for temporary mappings */\
uint32_t pc_smp_tlb_done; /* TLB op acknowledgement */ \
uint32_t pc_ibpb_set; \
- char __pad[185]
+ void *pc_mds_buf; \
+ void *pc_mds_buf64; \
+ uint32_t pc_pad[12]; \
+ uint8_t pc_mds_tmp[64]; \
+ char __pad[153]
#ifdef _KERNEL
Index: sys/x86/include/specialreg.h
===================================================================
--- sys/x86/include/specialreg.h (revision 347486)
+++ sys/x86/include/specialreg.h (working copy)
@@ -385,6 +385,7 @@
/*
* CPUID instruction 7 Structured Extended Features, leaf 0 edx info
*/
+#define CPUID_STDEXT3_MD_CLEAR 0x00000400
#define CPUID_STDEXT3_IBPB 0x04000000
#define CPUID_STDEXT3_STIBP 0x08000000
#define CPUID_STDEXT3_L1D_FLUSH 0x10000000
@@ -395,6 +396,7 @@
#define IA32_ARCH_CAP_RDCL_NO 0x00000001
#define IA32_ARCH_CAP_IBRS_ALL 0x00000002
#define IA32_ARCH_CAP_SSBD_NO 0x00000004
+#define IA32_ARCH_CAP_MDS_NO 0x00000020
/*
* CPUID manufacturers identifiers
Index: sys/x86/include/x86_var.h
===================================================================
--- sys/x86/include/x86_var.h (revision 347486)
+++ sys/x86/include/x86_var.h (working copy)
@@ -83,6 +83,7 @@ extern int use_xsave;
extern uint64_t xsave_mask;
extern int pti;
extern int hw_ibrs_active;
+extern int hw_mds_disable;
extern int hw_ssb_active;
struct pcb;
@@ -134,6 +135,7 @@ int isa_nmi(int cd);
void handle_ibrs_entry(void);
void handle_ibrs_exit(void);
void hw_ibrs_recalculate(void);
+void hw_mds_recalculate(void);
void hw_ssb_recalculate(bool all_cpus);
void nmi_call_kdb(u_int cpu, u_int type, struct trapframe *frame);
void nmi_call_kdb_smp(u_int type, struct trapframe *frame);
Index: sys/x86/x86/cpu_machdep.c
===================================================================
--- sys/x86/x86/cpu_machdep.c (revision 347486)
+++ sys/x86/x86/cpu_machdep.c (working copy)
@@ -938,3 +938,198 @@ SYSCTL_PROC(_hw, OID_AUTO, spec_store_bypass_disab
hw_ssb_disable_handler, "I",
"Speculative Store Bypass Disable (0 - off, 1 - on, 2 - auto");
+int hw_mds_disable;
+
+/*
+ * Handler for Microarchitectural Data Sampling issues. Really not a
+ * pointer to C function: on amd64 the code must not change any CPU
+ * architectural state except possibly %rflags. Also, it is always
+ * called with interrupts disabled.
+ */
+void (*mds_handler)(void);
+void mds_handler_void(void);
+void mds_handler_verw(void);
+void mds_handler_ivb(void);
+void mds_handler_bdw(void);
+void mds_handler_skl_sse(void);
+void mds_handler_skl_avx(void);
+void mds_handler_skl_avx512(void);
+void mds_handler_silvermont(void);
+
+static int
+sysctl_hw_mds_disable_state_handler(SYSCTL_HANDLER_ARGS)
+{
+ const char *state;
+
+ if (mds_handler == mds_handler_void)
+ state = "inactive";
+ else if (mds_handler == mds_handler_verw)
+ state = "VERW";
+ else if (mds_handler == mds_handler_ivb)
+ state = "software IvyBridge";
+ else if (mds_handler == mds_handler_bdw)
+ state = "software Broadwell";
+ else if (mds_handler == mds_handler_skl_sse)
+ state = "software Skylake SSE";
+ else if (mds_handler == mds_handler_skl_avx)
+ state = "software Skylake AVX";
+ else if (mds_handler == mds_handler_skl_avx512)
+ state = "software Skylake AVX512";
+ else if (mds_handler == mds_handler_silvermont)
+ state = "software Silvermont";
+ else
+ state = "unknown";
+ return (SYSCTL_OUT(req, state, strlen(state)));
+}
+
+SYSCTL_PROC(_hw, OID_AUTO, mds_disable_state,
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
+ sysctl_hw_mds_disable_state_handler, "A",
+ "Microarchitectural Data Sampling Mitigation state");
+
+_Static_assert(__offsetof(struct pcpu, pc_mds_tmp) % 64 == 0, "MDS AVX512");
+
+void
+hw_mds_recalculate(void)
+{
+ struct pcpu *pc;
+ vm_offset_t b64;
+ u_long xcr0;
+ int i;
+
+ /*
+ * Allow user to force VERW variant even if MD_CLEAR is not
+ * reported. For instance, hypervisor might unknowingly
+ * filter the cap out.
+ * For the similar reasons, and for testing, allow to enable
+ * mitigation even for RDCL_NO or MDS_NO caps.
+ */
+ if (cpu_vendor_id != CPU_VENDOR_INTEL || hw_mds_disable == 0 ||
+ ((cpu_ia32_arch_caps & (IA32_ARCH_CAP_RDCL_NO |
+ IA32_ARCH_CAP_MDS_NO)) != 0 && hw_mds_disable == 3)) {
+ mds_handler = mds_handler_void;
+ } else if (((cpu_stdext_feature3 & CPUID_STDEXT3_MD_CLEAR) != 0 &&
+ hw_mds_disable == 3) || hw_mds_disable == 1) {
+ mds_handler = mds_handler_verw;
+ } else if (CPUID_TO_FAMILY(cpu_id) == 0x6 &&
+ (CPUID_TO_MODEL(cpu_id) == 0x2e || CPUID_TO_MODEL(cpu_id) == 0x1e ||
+ CPUID_TO_MODEL(cpu_id) == 0x1f || CPUID_TO_MODEL(cpu_id) == 0x1a ||
+ CPUID_TO_MODEL(cpu_id) == 0x2f || CPUID_TO_MODEL(cpu_id) == 0x25 ||
+ CPUID_TO_MODEL(cpu_id) == 0x2c || CPUID_TO_MODEL(cpu_id) == 0x2d ||
+ CPUID_TO_MODEL(cpu_id) == 0x2a || CPUID_TO_MODEL(cpu_id) == 0x3e ||
+ CPUID_TO_MODEL(cpu_id) == 0x3a) &&
+ (hw_mds_disable == 2 || hw_mds_disable == 3)) {
+ /*
+ * Nehalem, SandyBridge, IvyBridge
+ */
+ CPU_FOREACH(i) {
+ pc = pcpu_find(i);
+ if (pc->pc_mds_buf == NULL) {
+ pc->pc_mds_buf = malloc(672, M_TEMP,
+ M_WAITOK);
+ bzero(pc->pc_mds_buf, 16);
+ }
+ }
+ mds_handler = mds_handler_ivb;
+ } else if (CPUID_TO_FAMILY(cpu_id) == 0x6 &&
+ (CPUID_TO_MODEL(cpu_id) == 0x3f || CPUID_TO_MODEL(cpu_id) == 0x3c ||
+ CPUID_TO_MODEL(cpu_id) == 0x45 || CPUID_TO_MODEL(cpu_id) == 0x46 ||
+ CPUID_TO_MODEL(cpu_id) == 0x56 || CPUID_TO_MODEL(cpu_id) == 0x4f ||
+ CPUID_TO_MODEL(cpu_id) == 0x47 || CPUID_TO_MODEL(cpu_id) == 0x3d) &&
+ (hw_mds_disable == 2 || hw_mds_disable == 3)) {
+ /*
+ * Haswell, Broadwell
+ */
+ CPU_FOREACH(i) {
+ pc = pcpu_find(i);
+ if (pc->pc_mds_buf == NULL) {
+ pc->pc_mds_buf = malloc(1536, M_TEMP,
+ M_WAITOK);
+ bzero(pc->pc_mds_buf, 16);
+ }
+ }
+ mds_handler = mds_handler_bdw;
+ } else if (CPUID_TO_FAMILY(cpu_id) == 0x6 &&
+ ((CPUID_TO_MODEL(cpu_id) == 0x55 && (cpu_id &
+ CPUID_STEPPING) <= 5) ||
+ CPUID_TO_MODEL(cpu_id) == 0x4e || CPUID_TO_MODEL(cpu_id) == 0x5e ||
+ (CPUID_TO_MODEL(cpu_id) == 0x8e && (cpu_id &
+ CPUID_STEPPING) <= 0xb) ||
+ (CPUID_TO_MODEL(cpu_id) == 0x9e && (cpu_id &
+ CPUID_STEPPING) <= 0xc)) &&
+ (hw_mds_disable == 2 || hw_mds_disable == 3)) {
+ /*
+ * Skylake, KabyLake, CoffeeLake, WhiskeyLake,
+ * CascadeLake
+ */
+ CPU_FOREACH(i) {
+ pc = pcpu_find(i);
+ if (pc->pc_mds_buf == NULL) {
+ pc->pc_mds_buf = malloc(6 * 1024,
+ M_TEMP, M_WAITOK);
+ b64 = (vm_offset_t)malloc(64 + 63,
+ M_TEMP, M_WAITOK);
+ pc->pc_mds_buf64 = (void *)roundup2(b64, 64);
+ bzero(pc->pc_mds_buf64, 64);
+ }
+ }
+ xcr0 = rxcr(0);
+ if ((xcr0 & XFEATURE_ENABLED_ZMM_HI256) != 0 &&
+ (cpu_stdext_feature2 & CPUID_STDEXT_AVX512DQ) != 0)
+ mds_handler = mds_handler_skl_avx512;
+ else if ((xcr0 & XFEATURE_ENABLED_AVX) != 0 &&
+ (cpu_feature2 & CPUID2_AVX) != 0)
+ mds_handler = mds_handler_skl_avx;
+ else
+ mds_handler = mds_handler_skl_sse;
+ } else if (CPUID_TO_FAMILY(cpu_id) == 0x6 &&
+ ((CPUID_TO_MODEL(cpu_id) == 0x37 ||
+ CPUID_TO_MODEL(cpu_id) == 0x4a ||
+ CPUID_TO_MODEL(cpu_id) == 0x4c ||
+ CPUID_TO_MODEL(cpu_id) == 0x4d ||
+ CPUID_TO_MODEL(cpu_id) == 0x5a ||
+ CPUID_TO_MODEL(cpu_id) == 0x5d ||
+ CPUID_TO_MODEL(cpu_id) == 0x6e ||
+ CPUID_TO_MODEL(cpu_id) == 0x65 ||
+ CPUID_TO_MODEL(cpu_id) == 0x75 ||
+ CPUID_TO_MODEL(cpu_id) == 0x1c ||
+ CPUID_TO_MODEL(cpu_id) == 0x26 ||
+ CPUID_TO_MODEL(cpu_id) == 0x27 ||
+ CPUID_TO_MODEL(cpu_id) == 0x35 ||
+ CPUID_TO_MODEL(cpu_id) == 0x36 ||
+ CPUID_TO_MODEL(cpu_id) == 0x7a))) {
+ /* Silvermont, Airmont */
+ CPU_FOREACH(i) {
+ pc = pcpu_find(i);
+ if (pc->pc_mds_buf == NULL)
+ pc->pc_mds_buf = malloc(256, M_TEMP, M_WAITOK);
+ }
+ mds_handler = mds_handler_silvermont;
+ } else {
+ hw_mds_disable = 0;
+ mds_handler = mds_handler_void;
+ }
+}
+
+static int
+sysctl_mds_disable_handler(SYSCTL_HANDLER_ARGS)
+{
+ int error, val;
+
+ val = hw_mds_disable;
+ error = sysctl_handle_int(oidp, &val, 0, req);
+ if (error != 0 || req->newptr == NULL)
+ return (error);
+ if (val < 0 || val > 3)
+ return (EINVAL);
+ hw_mds_disable = val;
+ hw_mds_recalculate();
+ return (0);
+}
+
+SYSCTL_PROC(_hw, OID_AUTO, mds_disable, CTLTYPE_INT |
+ CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_MPSAFE, NULL, 0,
+ sysctl_mds_disable_handler, "I",
+ "Microarchitectural Data Sampling Mitigation "
+ "(0 - off, 1 - on VERW, 2 - on SW, 3 - on AUTO");
+

18
share/security/patches/SA-19:07/mds.11.2.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTzNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cIG2Q/+JdfpjH5DGM0U35C2QN0Py1jfW7loabcnXhvUTICsnXqp7+BUEbwpFf/t
J6Q3dZ6mFKPzuFXLtPHcz6gK6BvGiEZQ8RF8u2aHzib5TJ/h8ZFHvXUM67uKRujN
Jx1CTe7yZNW8JBwbQHgk3L7vVQexRp/UrJpq3xkrpE6o7am1V0zAauky8Ls6sfuc
LtrCkn40sdm7zPm6d4tXumZKFoY78x1jOCz6oC+0JSWETsseARd+3a3jOHjAJbQx
m+ZtCBQvHqvM6h4C1eIWtBaGwwQUui9nB7dZlXlb9PDd632dVux74/zs0V+/YEYj
zSJLwYjh1Pan/Ik/MJd4Xg5uZewZSkNamPBzlcmxLd0CRUMxnB3cimhH8rPeM136
wwi0rq9WwQN4OlhzpV+vKYUOj3dHhmHzPNmG4Ao2m8W/WkadUqRwffSx9DryY8pn
3cVEYOj3TICADRiQ1YFXSmsM+3PMMDxgeKDdAgeNBUEWsz1IB/SKRu5GOMNBbJsx
ixfnfasC3y87c7zrNj/ZnIcF30lyT23QmZxhr3j9hlhi4OkDWhBJzkZIPvR5WunH
AqD0rFDMBbiSwH8VnFZCuXgqqebD/1RV0gM0ZyTUvr7XILH/nhziHnAt5SVIzGkS
W0JTD+laZx+In6Mr7BwRUuR6J9Phe+1M7adLSgqgIn63JEAjZE8=
=1MNG
-----END PGP SIGNATURE-----

854
share/security/patches/SA-19:07/mds.12-stable.patch Normal file
View file

@ -0,0 +1,854 @@
Index: sys/amd64/amd64/exception.S
===================================================================
--- sys/amd64/amd64/exception.S (revision 347548)
+++ sys/amd64/amd64/exception.S (working copy)
@@ -512,6 +512,7 @@ fast_syscall_common:
testl $TDF_ASTPENDING | TDF_NEEDRESCHED,TD_FLAGS(%rax)
jne 3f
call handle_ibrs_exit
+ callq *mds_handler
/* Restore preserved registers. */
MEXITCOUNT
movq TF_RDI(%rsp),%rdi /* bonus; preserve arg 1 */
@@ -1157,6 +1158,7 @@ ld_regs:
jz 2f /* keep running with kernel GS.base */
cli
call handle_ibrs_exit_rs
+ callq *mds_handler
cmpq $~0,PCPU(UCR3)
je 1f
pushq %rdx
Index: sys/amd64/amd64/genassym.c
===================================================================
--- sys/amd64/amd64/genassym.c (revision 347548)
+++ sys/amd64/amd64/genassym.c (working copy)
@@ -233,6 +233,9 @@ ASSYM(PC_PTI_STACK, offsetof(struct pcpu, pc_pti_s
ASSYM(PC_PTI_STACK_SZ, PC_PTI_STACK_SZ);
ASSYM(PC_PTI_RSP0, offsetof(struct pcpu, pc_pti_rsp0));
ASSYM(PC_IBPB_SET, offsetof(struct pcpu, pc_ibpb_set));
+ASSYM(PC_MDS_TMP, offsetof(struct pcpu, pc_mds_tmp));
+ASSYM(PC_MDS_BUF, offsetof(struct pcpu, pc_mds_buf));
+ASSYM(PC_MDS_BUF64, offsetof(struct pcpu, pc_mds_buf64));
ASSYM(LA_EOI, LAPIC_EOI * LAPIC_MEM_MUL);
ASSYM(LA_ISR, LAPIC_ISR0 * LAPIC_MEM_MUL);
Index: sys/amd64/amd64/initcpu.c
===================================================================
--- sys/amd64/amd64/initcpu.c (revision 347548)
+++ sys/amd64/amd64/initcpu.c (working copy)
@@ -257,6 +257,7 @@ initializecpu(void)
hw_ibrs_recalculate();
hw_ssb_recalculate(false);
amd64_syscall_ret_flush_l1d_recalc();
+ hw_mds_recalculate();
switch (cpu_vendor_id) {
case CPU_VENDOR_AMD:
init_amd();
Index: sys/amd64/amd64/machdep.c
===================================================================
--- sys/amd64/amd64/machdep.c (revision 347548)
+++ sys/amd64/amd64/machdep.c (working copy)
@@ -1733,6 +1733,7 @@ hammer_time(u_int64_t modulep, u_int64_t physfree)
TUNABLE_INT_FETCH("hw.spec_store_bypass_disable", &hw_ssb_disable);
TUNABLE_INT_FETCH("machdep.syscall_ret_l1d_flush",
&syscall_ret_l1d_flush_mode);
+ TUNABLE_INT_FETCH("hw.mds_disable", &hw_mds_disable);
finishidentcpu(); /* Final stage of CPU initialization */
initializecpu(); /* Initialize CPU registers */
Index: sys/amd64/amd64/support.S
===================================================================
--- sys/amd64/amd64/support.S (revision 347548)
+++ sys/amd64/amd64/support.S (working copy)
@@ -1,8 +1,13 @@
/*-
+ * Copyright (c) 2018-2019 The FreeBSD Foundation
* Copyright (c) 2003 Peter Wemm.
* Copyright (c) 1993 The Regents of the University of California.
* All rights reserved.
*
+ * Portions of this software were developed by
+ * Konstantin Belousov <kib@FreeBSD.org> under sponsorship from
+ * the FreeBSD Foundation.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -1626,3 +1631,239 @@ ENTRY(flush_l1d_sw_abi)
popq %rbx
ret
END(flush_l1d_sw_abi)
+
+ENTRY(mds_handler_void)
+ retq
+END(mds_handler_void)
+
+ENTRY(mds_handler_verw)
+ subq $8, %rsp
+ movw %ds, (%rsp)
+ verw (%rsp)
+ addq $8, %rsp
+ retq
+END(mds_handler_verw)
+
+ENTRY(mds_handler_ivb)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ lfence
+ orpd (%rdx), %xmm0
+ orpd (%rdx), %xmm0
+ mfence
+ movl $40, %ecx
+ addq $16, %rdx
+2: movntdq %xmm0, (%rdx)
+ addq $16, %rdx
+ decl %ecx
+ jnz 2b
+ mfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_ivb)
+
+ENTRY(mds_handler_bdw)
+ pushq %rax
+ pushq %rbx
+ pushq %rcx
+ pushq %rdi
+ pushq %rsi
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rbx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ movq %rbx, %rdi
+ movq %rbx, %rsi
+ movl $40, %ecx
+2: movntdq %xmm0, (%rbx)
+ addq $16, %rbx
+ decl %ecx
+ jnz 2b
+ mfence
+ movl $1536, %ecx
+ rep; movsb
+ lfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rsi
+ popq %rdi
+ popq %rcx
+ popq %rbx
+ popq %rax
+ retq
+END(mds_handler_bdw)
+
+ENTRY(mds_handler_skl_sse)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+ pushq %rdi
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdi
+ movq PCPU(MDS_BUF64), %rdx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ lfence
+ orpd (%rdx), %xmm0
+ orpd (%rdx), %xmm0
+ xorl %eax, %eax
+2: clflushopt 5376(%rdi, %rax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ movdqa PCPU(MDS_TMP), %xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rdi
+ popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_skl_sse)
+
+ENTRY(mds_handler_skl_avx)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+ pushq %rdi
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdi
+ movq PCPU(MDS_BUF64), %rdx
+ vmovdqa %ymm0, PCPU(MDS_TMP)
+ vpxor %ymm0, %ymm0, %ymm0
+
+ lfence
+ vorpd (%rdx), %ymm0, %ymm0
+ vorpd (%rdx), %ymm0, %ymm0
+ xorl %eax, %eax
+2: clflushopt 5376(%rdi, %rax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ vmovdqa PCPU(MDS_TMP), %ymm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rdi
+ popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_skl_avx)
+
+ENTRY(mds_handler_skl_avx512)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+ pushq %rdi
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdi
+ movq PCPU(MDS_BUF64), %rdx
+ vmovdqa64 %zmm0, PCPU(MDS_TMP)
+ vpxor %zmm0, %zmm0, %zmm0
+
+ lfence
+ vorpd (%rdx), %zmm0, %zmm0
+ vorpd (%rdx), %zmm0, %zmm0
+ xorl %eax, %eax
+2: clflushopt 5376(%rdi, %rax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ vmovdqa64 PCPU(MDS_TMP), %zmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rdi
+ popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_skl_avx512)
+
+ENTRY(mds_handler_silvermont)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ movl $16, %ecx
+2: movntdq %xmm0, (%rdx)
+ addq $16, %rdx
+ decl %ecx
+ jnz 2b
+ mfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_silvermont)
Index: sys/amd64/include/pcpu.h
===================================================================
--- sys/amd64/include/pcpu.h (revision 347548)
+++ sys/amd64/include/pcpu.h (working copy)
@@ -76,7 +76,11 @@
uint32_t pc_pcid_gen; \
uint32_t pc_smp_tlb_done; /* TLB op acknowledgement */ \
uint32_t pc_ibpb_set; \
- char __pad[3288] /* pad to UMA_PCPU_ALLOC_SIZE */
+ void *pc_mds_buf; \
+ void *pc_mds_buf64; \
+ uint32_t pc_pad[2]; \
+ uint8_t pc_mds_tmp[64]; \
+ char __pad[3176] /* pad to UMA_PCPU_ALLOC_SIZE */
#define PC_DBREG_CMD_NONE 0
#define PC_DBREG_CMD_LOAD 1
Index: sys/dev/cpuctl/cpuctl.c
===================================================================
--- sys/dev/cpuctl/cpuctl.c (revision 347548)
+++ sys/dev/cpuctl/cpuctl.c (working copy)
@@ -524,6 +524,7 @@ cpuctl_do_eval_cpu_features(int cpu, struct thread
#ifdef __amd64__
amd64_syscall_ret_flush_l1d_recalc();
#endif
+ hw_mds_recalculate();
printcpuinfo();
return (0);
}
Index: sys/i386/i386/exception.s
===================================================================
--- sys/i386/i386/exception.s (revision 347548)
+++ sys/i386/i386/exception.s (working copy)
@@ -522,6 +522,8 @@ doreti_exit:
2: movl $handle_ibrs_exit,%eax
pushl %ecx /* preserve enough call-used regs */
call *%eax
+ movl mds_handler,%eax
+ call *%eax
popl %ecx
movl %esp, %esi
movl PCPU(TRAMPSTK), %edx
Index: sys/i386/i386/genassym.c
===================================================================
--- sys/i386/i386/genassym.c (revision 347548)
+++ sys/i386/i386/genassym.c (working copy)
@@ -222,6 +222,9 @@ ASSYM(PC_KESP0, offsetof(struct pcpu, pc_kesp0));
ASSYM(PC_TRAMPSTK, offsetof(struct pcpu, pc_trampstk));
ASSYM(PC_COPYOUT_BUF, offsetof(struct pcpu, pc_copyout_buf));
ASSYM(PC_IBPB_SET, offsetof(struct pcpu, pc_ibpb_set));
+ASSYM(PC_MDS_TMP, offsetof(struct pcpu, pc_mds_tmp));
+ASSYM(PC_MDS_BUF, offsetof(struct pcpu, pc_mds_buf));
+ASSYM(PC_MDS_BUF64, offsetof(struct pcpu, pc_mds_buf64));
#ifdef DEV_APIC
ASSYM(LA_EOI, LAPIC_EOI * LAPIC_MEM_MUL);
Index: sys/i386/i386/initcpu.c
===================================================================
--- sys/i386/i386/initcpu.c (revision 347548)
+++ sys/i386/i386/initcpu.c (working copy)
@@ -754,6 +754,7 @@ initializecpu(void)
elf32_nxstack = 1;
}
#endif
+ hw_mds_recalculate();
if ((amd_feature & AMDID_RDTSCP) != 0 ||
(cpu_stdext_feature2 & CPUID_STDEXT2_RDPID) != 0)
wrmsr(MSR_TSC_AUX, PCPU_GET(cpuid));
Index: sys/i386/i386/support.s
===================================================================
--- sys/i386/i386/support.s (revision 347548)
+++ sys/i386/i386/support.s (working copy)
@@ -472,3 +472,187 @@ ENTRY(handle_ibrs_exit)
movb $0,PCPU(IBPB_SET)
1: ret
END(handle_ibrs_exit)
+
+ENTRY(mds_handler_void)
+ ret
+END(mds_handler_void)
+
+ENTRY(mds_handler_verw)
+ subl $4, %esp
+ movw %ds, (%esp)
+ verw (%esp)
+ addl $4, %esp
+ ret
+END(mds_handler_verw)
+
+ENTRY(mds_handler_ivb)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ lfence
+ orpd (%edx), %xmm0
+ orpd (%edx), %xmm0
+ mfence
+ movl $40, %ecx
+ addl $16, %edx
+2: movntdq %xmm0, (%edx)
+ addl $16, %edx
+ decl %ecx
+ jnz 2b
+ mfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_ivb)
+
+ENTRY(mds_handler_bdw)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %ebx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ movl %ebx, %edi
+ movl %ebx, %esi
+ movl $40, %ecx
+2: movntdq %xmm0, (%ebx)
+ addl $16, %ebx
+ decl %ecx
+ jnz 2b
+ mfence
+ movl $1536, %ecx
+ rep; movsb
+ lfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_bdw)
+
+ENTRY(mds_handler_skl_sse)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edi
+ movl PCPU(MDS_BUF64), %edx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ lfence
+ orpd (%edx), %xmm0
+ orpd (%edx), %xmm0
+ xorl %eax, %eax
+2: clflushopt 5376(%edi, %eax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ movdqa PCPU(MDS_TMP), %xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_skl_sse)
+
+ENTRY(mds_handler_skl_avx)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edi
+ movl PCPU(MDS_BUF64), %edx
+ vmovdqa %ymm0, PCPU(MDS_TMP)
+ vpxor %ymm0, %ymm0, %ymm0
+
+ lfence
+ vorpd (%edx), %ymm0, %ymm0
+ vorpd (%edx), %ymm0, %ymm0
+ xorl %eax, %eax
+2: clflushopt 5376(%edi, %eax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ vmovdqa PCPU(MDS_TMP), %ymm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_skl_avx)
+
+ENTRY(mds_handler_skl_avx512)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edi
+ movl PCPU(MDS_BUF64), %edx
+ vmovdqa64 %zmm0, PCPU(MDS_TMP)
+ vpxor %zmm0, %zmm0, %zmm0
+
+ lfence
+ vorpd (%edx), %zmm0, %zmm0
+ vorpd (%edx), %zmm0, %zmm0
+ xorl %eax, %eax
+2: clflushopt 5376(%edi, %eax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ vmovdqa64 PCPU(MDS_TMP), %zmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_skl_avx512)
+
+ENTRY(mds_handler_silvermont)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ movl $16, %ecx
+2: movntdq %xmm0, (%edx)
+ addl $16, %edx
+ decl %ecx
+ jnz 2b
+ mfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_silvermont)
Index: sys/i386/include/pcpu.h
===================================================================
--- sys/i386/include/pcpu.h (revision 347548)
+++ sys/i386/include/pcpu.h (working copy)
@@ -77,10 +77,14 @@
struct sx pc_copyout_slock; \
char *pc_copyout_buf; \
vm_offset_t pc_pmap_eh_va; \
- caddr_t pc_pmap_eh_ptep; \
+ caddr_t pc_pmap_eh_ptep; \
uint32_t pc_smp_tlb_done; /* TLB op acknowledgement */ \
uint32_t pc_ibpb_set; \
- char __pad[3610]
+ void *pc_mds_buf; \
+ void *pc_mds_buf64; \
+ uint32_t pc_pad[4]; \
+ uint8_t pc_mds_tmp[64]; \
+ char __pad[3522]
#ifdef _KERNEL
Index: sys/x86/include/specialreg.h
===================================================================
--- sys/x86/include/specialreg.h (revision 347548)
+++ sys/x86/include/specialreg.h (working copy)
@@ -431,6 +431,7 @@
/*
* CPUID instruction 7 Structured Extended Features, leaf 0 edx info
*/
+#define CPUID_STDEXT3_MD_CLEAR 0x00000400
#define CPUID_STDEXT3_TSXFA 0x00002000
#define CPUID_STDEXT3_IBPB 0x04000000
#define CPUID_STDEXT3_STIBP 0x08000000
@@ -445,6 +446,7 @@
#define IA32_ARCH_CAP_RSBA 0x00000004
#define IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY 0x00000008
#define IA32_ARCH_CAP_SSB_NO 0x00000010
+#define IA32_ARCH_CAP_MDS_NO 0x00000020
/*
* CPUID manufacturers identifiers
Index: sys/x86/include/x86_var.h
===================================================================
--- sys/x86/include/x86_var.h (revision 347548)
+++ sys/x86/include/x86_var.h (working copy)
@@ -85,6 +85,7 @@ extern uint64_t xsave_mask;
extern u_int max_apic_id;
extern int pti;
extern int hw_ibrs_active;
+extern int hw_mds_disable;
extern int hw_ssb_active;
struct pcb;
@@ -140,6 +141,7 @@ int isa_nmi(int cd);
void handle_ibrs_entry(void);
void handle_ibrs_exit(void);
void hw_ibrs_recalculate(void);
+void hw_mds_recalculate(void);
void hw_ssb_recalculate(bool all_cpus);
void nmi_call_kdb(u_int cpu, u_int type, struct trapframe *frame);
void nmi_call_kdb_smp(u_int type, struct trapframe *frame);
Index: sys/x86/x86/cpu_machdep.c
===================================================================
--- sys/x86/x86/cpu_machdep.c (revision 347548)
+++ sys/x86/x86/cpu_machdep.c (working copy)
@@ -61,6 +61,7 @@ __FBSDID("$FreeBSD$");
#include <sys/systm.h>
#include <sys/bus.h>
#include <sys/cpu.h>
+#include <sys/domainset.h>
#include <sys/kdb.h>
#include <sys/kernel.h>
#include <sys/ktr.h>
@@ -915,7 +916,204 @@ SYSCTL_PROC(_hw, OID_AUTO, spec_store_bypass_disab
hw_ssb_disable_handler, "I",
"Speculative Store Bypass Disable (0 - off, 1 - on, 2 - auto");
+int hw_mds_disable;
+
/*
+ * Handler for Microarchitectural Data Sampling issues. Really not a
+ * pointer to C function: on amd64 the code must not change any CPU
+ * architectural state except possibly %rflags. Also, it is always
+ * called with interrupts disabled.
+ */
+void (*mds_handler)(void);
+void mds_handler_void(void);
+void mds_handler_verw(void);
+void mds_handler_ivb(void);
+void mds_handler_bdw(void);
+void mds_handler_skl_sse(void);
+void mds_handler_skl_avx(void);
+void mds_handler_skl_avx512(void);
+void mds_handler_silvermont(void);
+
+static int
+sysctl_hw_mds_disable_state_handler(SYSCTL_HANDLER_ARGS)
+{
+ const char *state;
+
+ if (mds_handler == mds_handler_void)
+ state = "inactive";
+ else if (mds_handler == mds_handler_verw)
+ state = "VERW";
+ else if (mds_handler == mds_handler_ivb)
+ state = "software IvyBridge";
+ else if (mds_handler == mds_handler_bdw)
+ state = "software Broadwell";
+ else if (mds_handler == mds_handler_skl_sse)
+ state = "software Skylake SSE";
+ else if (mds_handler == mds_handler_skl_avx)
+ state = "software Skylake AVX";
+ else if (mds_handler == mds_handler_skl_avx512)
+ state = "software Skylake AVX512";
+ else if (mds_handler == mds_handler_silvermont)
+ state = "software Silvermont";
+ else
+ state = "unknown";
+ return (SYSCTL_OUT(req, state, strlen(state)));
+}
+
+SYSCTL_PROC(_hw, OID_AUTO, mds_disable_state,
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
+ sysctl_hw_mds_disable_state_handler, "A",
+ "Microarchitectural Data Sampling Mitigation state");
+
+_Static_assert(__offsetof(struct pcpu, pc_mds_tmp) % 64 == 0, "MDS AVX512");
+
+void
+hw_mds_recalculate(void)
+{
+ struct pcpu *pc;
+ vm_offset_t b64;
+ u_long xcr0;
+ int i;
+
+ /*
+ * Allow user to force VERW variant even if MD_CLEAR is not
+ * reported. For instance, hypervisor might unknowingly
+ * filter the cap out.
+ * For the similar reasons, and for testing, allow to enable
+ * mitigation even for RDCL_NO or MDS_NO caps.
+ */
+ if (cpu_vendor_id != CPU_VENDOR_INTEL || hw_mds_disable == 0 ||
+ ((cpu_ia32_arch_caps & (IA32_ARCH_CAP_RDCL_NO |
+ IA32_ARCH_CAP_MDS_NO)) != 0 && hw_mds_disable == 3)) {
+ mds_handler = mds_handler_void;
+ } else if (((cpu_stdext_feature3 & CPUID_STDEXT3_MD_CLEAR) != 0 &&
+ hw_mds_disable == 3) || hw_mds_disable == 1) {
+ mds_handler = mds_handler_verw;
+ } else if (CPUID_TO_FAMILY(cpu_id) == 0x6 &&
+ (CPUID_TO_MODEL(cpu_id) == 0x2e || CPUID_TO_MODEL(cpu_id) == 0x1e ||
+ CPUID_TO_MODEL(cpu_id) == 0x1f || CPUID_TO_MODEL(cpu_id) == 0x1a ||
+ CPUID_TO_MODEL(cpu_id) == 0x2f || CPUID_TO_MODEL(cpu_id) == 0x25 ||
+ CPUID_TO_MODEL(cpu_id) == 0x2c || CPUID_TO_MODEL(cpu_id) == 0x2d ||
+ CPUID_TO_MODEL(cpu_id) == 0x2a || CPUID_TO_MODEL(cpu_id) == 0x3e ||
+ CPUID_TO_MODEL(cpu_id) == 0x3a) &&
+ (hw_mds_disable == 2 || hw_mds_disable == 3)) {
+ /*
+ * Nehalem, SandyBridge, IvyBridge
+ */
+ CPU_FOREACH(i) {
+ pc = pcpu_find(i);
+ if (pc->pc_mds_buf == NULL) {
+ pc->pc_mds_buf = malloc_domainset(672, M_TEMP,
+ DOMAINSET_PREF(pc->pc_domain), M_WAITOK);
+ bzero(pc->pc_mds_buf, 16);
+ }
+ }
+ mds_handler = mds_handler_ivb;
+ } else if (CPUID_TO_FAMILY(cpu_id) == 0x6 &&
+ (CPUID_TO_MODEL(cpu_id) == 0x3f || CPUID_TO_MODEL(cpu_id) == 0x3c ||
+ CPUID_TO_MODEL(cpu_id) == 0x45 || CPUID_TO_MODEL(cpu_id) == 0x46 ||
+ CPUID_TO_MODEL(cpu_id) == 0x56 || CPUID_TO_MODEL(cpu_id) == 0x4f ||
+ CPUID_TO_MODEL(cpu_id) == 0x47 || CPUID_TO_MODEL(cpu_id) == 0x3d) &&
+ (hw_mds_disable == 2 || hw_mds_disable == 3)) {
+ /*
+ * Haswell, Broadwell
+ */
+ CPU_FOREACH(i) {
+ pc = pcpu_find(i);
+ if (pc->pc_mds_buf == NULL) {
+ pc->pc_mds_buf = malloc_domainset(1536, M_TEMP,
+ DOMAINSET_PREF(pc->pc_domain), M_WAITOK);
+ bzero(pc->pc_mds_buf, 16);
+ }
+ }
+ mds_handler = mds_handler_bdw;
+ } else if (CPUID_TO_FAMILY(cpu_id) == 0x6 &&
+ ((CPUID_TO_MODEL(cpu_id) == 0x55 && (cpu_id &
+ CPUID_STEPPING) <= 5) ||
+ CPUID_TO_MODEL(cpu_id) == 0x4e || CPUID_TO_MODEL(cpu_id) == 0x5e ||
+ (CPUID_TO_MODEL(cpu_id) == 0x8e && (cpu_id &
+ CPUID_STEPPING) <= 0xb) ||
+ (CPUID_TO_MODEL(cpu_id) == 0x9e && (cpu_id &
+ CPUID_STEPPING) <= 0xc)) &&
+ (hw_mds_disable == 2 || hw_mds_disable == 3)) {
+ /*
+ * Skylake, KabyLake, CoffeeLake, WhiskeyLake,
+ * CascadeLake
+ */
+ CPU_FOREACH(i) {
+ pc = pcpu_find(i);
+ if (pc->pc_mds_buf == NULL) {
+ pc->pc_mds_buf = malloc_domainset(6 * 1024,
+ M_TEMP, DOMAINSET_PREF(pc->pc_domain),
+ M_WAITOK);
+ b64 = (vm_offset_t)malloc_domainset(64 + 63,
+ M_TEMP, DOMAINSET_PREF(pc->pc_domain),
+ M_WAITOK);
+ pc->pc_mds_buf64 = (void *)roundup2(b64, 64);
+ bzero(pc->pc_mds_buf64, 64);
+ }
+ }
+ xcr0 = rxcr(0);
+ if ((xcr0 & XFEATURE_ENABLED_ZMM_HI256) != 0 &&
+ (cpu_stdext_feature2 & CPUID_STDEXT_AVX512DQ) != 0)
+ mds_handler = mds_handler_skl_avx512;
+ else if ((xcr0 & XFEATURE_ENABLED_AVX) != 0 &&
+ (cpu_feature2 & CPUID2_AVX) != 0)
+ mds_handler = mds_handler_skl_avx;
+ else
+ mds_handler = mds_handler_skl_sse;
+ } else if (CPUID_TO_FAMILY(cpu_id) == 0x6 &&
+ ((CPUID_TO_MODEL(cpu_id) == 0x37 ||
+ CPUID_TO_MODEL(cpu_id) == 0x4a ||
+ CPUID_TO_MODEL(cpu_id) == 0x4c ||
+ CPUID_TO_MODEL(cpu_id) == 0x4d ||
+ CPUID_TO_MODEL(cpu_id) == 0x5a ||
+ CPUID_TO_MODEL(cpu_id) == 0x5d ||
+ CPUID_TO_MODEL(cpu_id) == 0x6e ||
+ CPUID_TO_MODEL(cpu_id) == 0x65 ||
+ CPUID_TO_MODEL(cpu_id) == 0x75 ||
+ CPUID_TO_MODEL(cpu_id) == 0x1c ||
+ CPUID_TO_MODEL(cpu_id) == 0x26 ||
+ CPUID_TO_MODEL(cpu_id) == 0x27 ||
+ CPUID_TO_MODEL(cpu_id) == 0x35 ||
+ CPUID_TO_MODEL(cpu_id) == 0x36 ||
+ CPUID_TO_MODEL(cpu_id) == 0x7a))) {
+ /* Silvermont, Airmont */
+ CPU_FOREACH(i) {
+ pc = pcpu_find(i);
+ if (pc->pc_mds_buf == NULL)
+ pc->pc_mds_buf = malloc(256, M_TEMP, M_WAITOK);
+ }
+ mds_handler = mds_handler_silvermont;
+ } else {
+ hw_mds_disable = 0;
+ mds_handler = mds_handler_void;
+ }
+}
+
+static int
+sysctl_mds_disable_handler(SYSCTL_HANDLER_ARGS)
+{
+ int error, val;
+
+ val = hw_mds_disable;
+ error = sysctl_handle_int(oidp, &val, 0, req);
+ if (error != 0 || req->newptr == NULL)
+ return (error);
+ if (val < 0 || val > 3)
+ return (EINVAL);
+ hw_mds_disable = val;
+ hw_mds_recalculate();
+ return (0);
+}
+
+SYSCTL_PROC(_hw, OID_AUTO, mds_disable, CTLTYPE_INT |
+ CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_MPSAFE, NULL, 0,
+ sysctl_mds_disable_handler, "I",
+ "Microarchitectural Data Sampling Mitigation "
+ "(0 - off, 1 - on VERW, 2 - on SW, 3 - on AUTO");
+
+/*
* Enable and restore kernel text write permissions.
* Callers must ensure that disable_wp()/restore_wp() are executed
* without rescheduling on the same core.

18
share/security/patches/SA-19:07/mds.12-stable.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTzhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cIkRA//QiX8/ML00ntYLIPwBBxKfE1zX6ci5zvQyJvnaI7/G+nkBPctcYgEckWj
1E7IJ1YKvKO0MNouP3dsoHXyARIHINnlbrk6XbYLXLbwwDVAfhaBQ7qtMIWPFs32
ditsWJO9KAvnPc3Il65gT1z4Qthow09i+L/oVTxc4ZJAARJQUthB03qxX3HFV8In
jbEENhn5ztT5eTAPODTYa5djVsZ8Rfvs4+pHOZP1EGUDGnfeTBqXtc3W86cYZzTm
M4YzU5n8MBDrgGQTdjP+to2zeftFcLYxt3Ae1/PHZ92S/9Sy0vni5AByN517f3Re
N+shqMXg2hA7fdfmb0wswsyYGVDrKzx4+0wKCmPr1Klg87Vhiaa4j24fAwjQlvIG
sUe2hYYAlvC1vP9FOpewR70dAyUrIpeHfcB2JbVDDcIGtq68vz184UGQbbYQo7Ip
ueQyGTI1EFKLgg8ltzPvTDjNdsv771/pJoTTKyQfGUqvjmnWsBJdGoRPODnjdank
FKHnRKVWNVlxgfHSGFdjFlRxds1W4yc3/dU/sb8t8Ul1okbIklzf+Yh8+De2D67T
NNEe5LjJS9MFtKl2PvjCB66g18wN7BfZRhwA+zmgmOALR/c0sRaVHFMxDgN+H/IT
+EcBSCaikDOlXa4YCUeYYSzVRN+U2LqRp1e9l68js3lrxhs2Vh4=
=U+Q9
-----END PGP SIGNATURE-----

868
share/security/patches/SA-19:07/mds.12.0.patch Normal file
View file

@ -0,0 +1,868 @@
Index: sys/amd64/amd64/exception.S
===================================================================
--- sys/amd64/amd64/exception.S (revision 347487)
+++ sys/amd64/amd64/exception.S (working copy)
@@ -512,6 +512,7 @@ fast_syscall_common:
testl $TDF_ASTPENDING | TDF_NEEDRESCHED,TD_FLAGS(%rax)
jne 3f
call handle_ibrs_exit
+ callq *mds_handler
/* Restore preserved registers. */
MEXITCOUNT
movq TF_RDI(%rsp),%rdi /* bonus; preserve arg 1 */
@@ -1157,6 +1158,7 @@ ld_regs:
jz 2f /* keep running with kernel GS.base */
cli
call handle_ibrs_exit_rs
+ callq *mds_handler
cmpq $~0,PCPU(UCR3)
je 1f
pushq %rdx
Index: sys/amd64/amd64/genassym.c
===================================================================
--- sys/amd64/amd64/genassym.c (revision 347487)
+++ sys/amd64/amd64/genassym.c (working copy)
@@ -233,6 +233,9 @@ ASSYM(PC_PTI_STACK, offsetof(struct pcpu, pc_pti_s
ASSYM(PC_PTI_STACK_SZ, PC_PTI_STACK_SZ);
ASSYM(PC_PTI_RSP0, offsetof(struct pcpu, pc_pti_rsp0));
ASSYM(PC_IBPB_SET, offsetof(struct pcpu, pc_ibpb_set));
+ASSYM(PC_MDS_TMP, offsetof(struct pcpu, pc_mds_tmp));
+ASSYM(PC_MDS_BUF, offsetof(struct pcpu, pc_mds_buf));
+ASSYM(PC_MDS_BUF64, offsetof(struct pcpu, pc_mds_buf64));
ASSYM(LA_EOI, LAPIC_EOI * LAPIC_MEM_MUL);
ASSYM(LA_ISR, LAPIC_ISR0 * LAPIC_MEM_MUL);
Index: sys/amd64/amd64/initcpu.c
===================================================================
--- sys/amd64/amd64/initcpu.c (revision 347487)
+++ sys/amd64/amd64/initcpu.c (working copy)
@@ -253,6 +253,7 @@ initializecpu(void)
}
hw_ibrs_recalculate();
hw_ssb_recalculate(false);
+ hw_mds_recalculate();
switch (cpu_vendor_id) {
case CPU_VENDOR_AMD:
init_amd();
Index: sys/amd64/amd64/machdep.c
===================================================================
--- sys/amd64/amd64/machdep.c (revision 347487)
+++ sys/amd64/amd64/machdep.c (working copy)
@@ -1878,6 +1878,7 @@ hammer_time(u_int64_t modulep, u_int64_t physfree)
TUNABLE_INT_FETCH("hw.ibrs_disable", &hw_ibrs_disable);
TUNABLE_INT_FETCH("hw.spec_store_bypass_disable", &hw_ssb_disable);
+ TUNABLE_INT_FETCH("hw.mds_disable", &hw_mds_disable);
TSEXIT();
Index: sys/amd64/amd64/support.S
===================================================================
--- sys/amd64/amd64/support.S (revision 347487)
+++ sys/amd64/amd64/support.S (working copy)
@@ -1,8 +1,13 @@
/*-
+ * Copyright (c) 2018-2019 The FreeBSD Foundation
* Copyright (c) 2003 Peter Wemm.
* Copyright (c) 1993 The Regents of the University of California.
* All rights reserved.
*
+ * Portions of this software were developed by
+ * Konstantin Belousov <kib@FreeBSD.org> under sponsorship from
+ * the FreeBSD Foundation.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -1586,3 +1591,246 @@ ENTRY(flush_l1d_sw)
ret
#undef L1D_FLUSH_SIZE
END(flush_l1d_sw)
+
+ENTRY(mds_handler_void)
+ retq
+END(mds_handler_void)
+
+ENTRY(mds_handler_verw)
+ subq $8, %rsp
+ movw %ds, (%rsp)
+ verw (%rsp)
+ addq $8, %rsp
+ retq
+END(mds_handler_verw)
+
+ENTRY(mds_handler_ivb)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ lfence
+ orpd (%rdx), %xmm0
+ orpd (%rdx), %xmm0
+ mfence
+ movl $40, %ecx
+ addq $16, %rdx
+2: movntdq %xmm0, (%rdx)
+ addq $16, %rdx
+ decl %ecx
+ jnz 2b
+ mfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_ivb)
+
+ENTRY(mds_handler_bdw)
+ pushq %rax
+ pushq %rbx
+ pushq %rcx
+ pushq %rdi
+ pushq %rsi
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rbx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ movq %rbx, %rdi
+ movq %rbx, %rsi
+ movl $40, %ecx
+2: movntdq %xmm0, (%rbx)
+ addq $16, %rbx
+ decl %ecx
+ jnz 2b
+ mfence
+ movl $1536, %ecx
+ rep; movsb
+ lfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rsi
+ popq %rdi
+ popq %rcx
+ popq %rbx
+ popq %rax
+ retq
+END(mds_handler_bdw)
+
+ENTRY(mds_handler_skl_sse)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+ pushq %rdi
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdi
+ movq PCPU(MDS_BUF64), %rdx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ lfence
+ orpd (%rdx), %xmm0
+ orpd (%rdx), %xmm0
+ xorl %eax, %eax
+2: clflushopt 5376(%rdi, %rax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ movdqa PCPU(MDS_TMP), %xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rdi
+ popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_skl_sse)
+
+ENTRY(mds_handler_skl_avx)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+ pushq %rdi
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdi
+ movq PCPU(MDS_BUF64), %rdx
+ vmovdqa %ymm0, PCPU(MDS_TMP)
+ vpxor %ymm0, %ymm0, %ymm0
+
+ lfence
+ vorpd (%rdx), %ymm0, %ymm0
+ vorpd (%rdx), %ymm0, %ymm0
+ xorl %eax, %eax
+2: clflushopt 5376(%rdi, %rax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ vmovdqa PCPU(MDS_TMP), %ymm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rdi
+ popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_skl_avx)
+
+ENTRY(mds_handler_skl_avx512)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+ pushq %rdi
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdi
+ movq PCPU(MDS_BUF64), %rdx
+/* vmovdqa64 %zmm0, PCPU(MDS_TMP) */
+ .byte 0x65, 0x62, 0xf1, 0xfd, 0x48, 0x7f, 0x04, 0x25
+ .long PC_MDS_TMP
+/* vpxor %zmm0, %zmm0, %zmm0 */
+ .byte 0x62, 0xf1, 0xfd, 0x48, 0xef, 0xc0
+
+ lfence
+/* vorpd (%rdx), %zmm0, %zmm0 */
+ .byte 0x62, 0xf1, 0xfd, 0x48, 0x56, 0x02
+/* vorpd (%rdx), %zmm0, %zmm0 */
+ .byte 0x62, 0xf1, 0xfd, 0x48, 0x56, 0x02
+ xorl %eax, %eax
+2: clflushopt 5376(%rdi, %rax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+/* vmovdqa64 PCPU(MDS_TMP), %zmm0 */
+ .byte 0x65, 0x62, 0xf1, 0xfd, 0x48, 0x6f, 0x04, 0x25
+ .long PC_MDS_TMP
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rdi
+ popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_skl_avx512)
+
+ENTRY(mds_handler_silvermont)
+ pushq %rax
+ pushq %rdx
+ pushq %rcx
+
+ movq %cr0, %rax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movq PCPU(MDS_BUF), %rdx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ movl $16, %ecx
+2: movntdq %xmm0, (%rdx)
+ addq $16, %rdx
+ decl %ecx
+ jnz 2b
+ mfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movq %rax, %cr0
+3: popq %rcx
+ popq %rdx
+ popq %rax
+ retq
+END(mds_handler_silvermont)
Index: sys/amd64/include/pcpu.h
===================================================================
--- sys/amd64/include/pcpu.h (revision 347487)
+++ sys/amd64/include/pcpu.h (working copy)
@@ -76,7 +76,11 @@
uint32_t pc_pcid_gen; \
uint32_t pc_smp_tlb_done; /* TLB op acknowledgement */ \
uint32_t pc_ibpb_set; \
- char __pad[3288] /* pad to UMA_PCPU_ALLOC_SIZE */
+ void *pc_mds_buf; \
+ void *pc_mds_buf64; \
+ uint32_t pc_pad[2]; \
+ uint8_t pc_mds_tmp[64]; \
+ char __pad[3176] /* pad to UMA_PCPU_ALLOC_SIZE */
#define PC_DBREG_CMD_NONE 0
#define PC_DBREG_CMD_LOAD 1
Index: sys/dev/cpuctl/cpuctl.c
===================================================================
--- sys/dev/cpuctl/cpuctl.c (revision 347487)
+++ sys/dev/cpuctl/cpuctl.c (working copy)
@@ -521,6 +521,7 @@ cpuctl_do_eval_cpu_features(int cpu, struct thread
hw_ibrs_recalculate();
restore_cpu(oldcpu, is_bound, td);
hw_ssb_recalculate(true);
+ hw_mds_recalculate();
printcpuinfo();
return (0);
}
Index: sys/i386/i386/exception.s
===================================================================
--- sys/i386/i386/exception.s (revision 347487)
+++ sys/i386/i386/exception.s (working copy)
@@ -518,6 +518,8 @@ doreti_exit:
2: movl $handle_ibrs_exit,%eax
pushl %ecx /* preserve enough call-used regs */
call *%eax
+ movl mds_handler,%eax
+ call *%eax
popl %ecx
movl %esp, %esi
movl PCPU(TRAMPSTK), %edx
Index: sys/i386/i386/genassym.c
===================================================================
--- sys/i386/i386/genassym.c (revision 347487)
+++ sys/i386/i386/genassym.c (working copy)
@@ -222,6 +222,9 @@ ASSYM(PC_KESP0, offsetof(struct pcpu, pc_kesp0));
ASSYM(PC_TRAMPSTK, offsetof(struct pcpu, pc_trampstk));
ASSYM(PC_COPYOUT_BUF, offsetof(struct pcpu, pc_copyout_buf));
ASSYM(PC_IBPB_SET, offsetof(struct pcpu, pc_ibpb_set));
+ASSYM(PC_MDS_TMP, offsetof(struct pcpu, pc_mds_tmp));
+ASSYM(PC_MDS_BUF, offsetof(struct pcpu, pc_mds_buf));
+ASSYM(PC_MDS_BUF64, offsetof(struct pcpu, pc_mds_buf64));
#ifdef DEV_APIC
ASSYM(LA_EOI, LAPIC_EOI * LAPIC_MEM_MUL);
Index: sys/i386/i386/initcpu.c
===================================================================
--- sys/i386/i386/initcpu.c (revision 347487)
+++ sys/i386/i386/initcpu.c (working copy)
@@ -745,6 +745,7 @@ initializecpu(void)
cpu_fxsr = hw_instruction_sse = 1;
}
#if defined(PAE) || defined(PAE_TABLES)
+ hw_mds_recalculate();
if ((amd_feature & AMDID_NX) != 0) {
uint64_t msr;
Index: sys/i386/i386/support.s
===================================================================
--- sys/i386/i386/support.s (revision 347487)
+++ sys/i386/i386/support.s (working copy)
@@ -472,3 +472,194 @@ ENTRY(handle_ibrs_exit)
movb $0,PCPU(IBPB_SET)
1: ret
END(handle_ibrs_exit)
+
+ENTRY(mds_handler_void)
+ ret
+END(mds_handler_void)
+
+ENTRY(mds_handler_verw)
+ subl $4, %esp
+ movw %ds, (%esp)
+ verw (%esp)
+ addl $4, %esp
+ ret
+END(mds_handler_verw)
+
+ENTRY(mds_handler_ivb)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ lfence
+ orpd (%edx), %xmm0
+ orpd (%edx), %xmm0
+ mfence
+ movl $40, %ecx
+ addl $16, %edx
+2: movntdq %xmm0, (%edx)
+ addl $16, %edx
+ decl %ecx
+ jnz 2b
+ mfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_ivb)
+
+ENTRY(mds_handler_bdw)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %ebx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ movl %ebx, %edi
+ movl %ebx, %esi
+ movl $40, %ecx
+2: movntdq %xmm0, (%ebx)
+ addl $16, %ebx
+ decl %ecx
+ jnz 2b
+ mfence
+ movl $1536, %ecx
+ rep; movsb
+ lfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_bdw)
+
+ENTRY(mds_handler_skl_sse)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edi
+ movl PCPU(MDS_BUF64), %edx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ lfence
+ orpd (%edx), %xmm0
+ orpd (%edx), %xmm0
+ xorl %eax, %eax
+2: clflushopt 5376(%edi, %eax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ movdqa PCPU(MDS_TMP), %xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_skl_sse)
+
+ENTRY(mds_handler_skl_avx)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edi
+ movl PCPU(MDS_BUF64), %edx
+ vmovdqa %ymm0, PCPU(MDS_TMP)
+ vpxor %ymm0, %ymm0, %ymm0
+
+ lfence
+ vorpd (%edx), %ymm0, %ymm0
+ vorpd (%edx), %ymm0, %ymm0
+ xorl %eax, %eax
+2: clflushopt 5376(%edi, %eax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+ vmovdqa PCPU(MDS_TMP), %ymm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_skl_avx)
+
+ENTRY(mds_handler_skl_avx512)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edi
+ movl PCPU(MDS_BUF64), %edx
+/* vmovdqa64 %zmm0, PCPU(MDS_TMP) */
+ .byte 0x64, 0x62, 0xf1, 0xfd, 0x48, 0x7f, 0x05
+ .long PC_MDS_TMP
+/* vpxor %zmm0, %zmm0, %zmm0 */
+ .byte 0x62, 0xf1, 0xfd, 0x48, 0xef, 0xc0
+
+ lfence
+/* vorpd (%edx), %zmm0, %zmm0 */
+ .byte 0x62, 0xf1, 0xfd, 0x48, 0x56, 0x02
+/* vorpd (%edx), %zmm0, %zmm0 */
+ .byte 0x62, 0xf1, 0xfd, 0x48, 0x56, 0x02
+ xorl %eax, %eax
+2: clflushopt 5376(%edi, %eax, 8)
+ addl $8, %eax
+ cmpl $8 * 12, %eax
+ jb 2b
+ sfence
+ movl $6144, %ecx
+ xorl %eax, %eax
+ rep; stosb
+ mfence
+
+/* vmovdqa64 PCPU(MDS_TMP), %zmm0 */
+ .byte 0x64, 0x62, 0xf1, 0xfd, 0x48, 0x6f, 0x05
+ .long PC_MDS_TMP
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_skl_avx512)
+
+ENTRY(mds_handler_silvermont)
+ movl %cr0, %eax
+ testb $CR0_TS, %al
+ je 1f
+ clts
+1: movl PCPU(MDS_BUF), %edx
+ movdqa %xmm0, PCPU(MDS_TMP)
+ pxor %xmm0, %xmm0
+
+ movl $16, %ecx
+2: movntdq %xmm0, (%edx)
+ addl $16, %edx
+ decl %ecx
+ jnz 2b
+ mfence
+
+ movdqa PCPU(MDS_TMP),%xmm0
+ testb $CR0_TS, %al
+ je 3f
+ movl %eax, %cr0
+3: ret
+END(mds_handler_silvermont)
Index: sys/i386/include/pcpu.h
===================================================================
--- sys/i386/include/pcpu.h (revision 347487)
+++ sys/i386/include/pcpu.h (working copy)
@@ -77,10 +77,14 @@
struct sx pc_copyout_slock; \
char *pc_copyout_buf; \
vm_offset_t pc_pmap_eh_va; \
- caddr_t pc_pmap_eh_ptep; \
+ caddr_t pc_pmap_eh_ptep; \
uint32_t pc_smp_tlb_done; /* TLB op acknowledgement */ \
uint32_t pc_ibpb_set; \
- char __pad[3610]
+ void *pc_mds_buf; \
+ void *pc_mds_buf64; \
+ uint32_t pc_pad[4]; \
+ uint8_t pc_mds_tmp[64]; \
+ char __pad[3522]
#ifdef _KERNEL
Index: sys/x86/include/specialreg.h
===================================================================
--- sys/x86/include/specialreg.h (revision 347487)
+++ sys/x86/include/specialreg.h (working copy)
@@ -425,6 +425,7 @@
/*
* CPUID instruction 7 Structured Extended Features, leaf 0 edx info
*/
+#define CPUID_STDEXT3_MD_CLEAR 0x00000400
#define CPUID_STDEXT3_IBPB 0x04000000
#define CPUID_STDEXT3_STIBP 0x08000000
#define CPUID_STDEXT3_L1D_FLUSH 0x10000000
@@ -437,6 +438,7 @@
#define IA32_ARCH_CAP_RSBA 0x00000004
#define IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY 0x00000008
#define IA32_ARCH_CAP_SSB_NO 0x00000010
+#define IA32_ARCH_CAP_MDS_NO 0x00000020
/*
* CPUID manufacturers identifiers
Index: sys/x86/include/x86_var.h
===================================================================
--- sys/x86/include/x86_var.h (revision 347487)
+++ sys/x86/include/x86_var.h (working copy)
@@ -85,6 +85,7 @@ extern uint64_t xsave_mask;
extern u_int max_apic_id;
extern int pti;
extern int hw_ibrs_active;
+extern int hw_mds_disable;
extern int hw_ssb_active;
struct pcb;
@@ -139,6 +140,7 @@ int isa_nmi(int cd);
void handle_ibrs_entry(void);
void handle_ibrs_exit(void);
void hw_ibrs_recalculate(void);
+void hw_mds_recalculate(void);
void hw_ssb_recalculate(bool all_cpus);
void nmi_call_kdb(u_int cpu, u_int type, struct trapframe *frame);
void nmi_call_kdb_smp(u_int type, struct trapframe *frame);
Index: sys/x86/x86/cpu_machdep.c
===================================================================
--- sys/x86/x86/cpu_machdep.c (revision 347487)
+++ sys/x86/x86/cpu_machdep.c (working copy)
@@ -61,6 +61,7 @@ __FBSDID("$FreeBSD$");
#include <sys/systm.h>
#include <sys/bus.h>
#include <sys/cpu.h>
+#include <sys/domainset.h>
#include <sys/kdb.h>
#include <sys/kernel.h>
#include <sys/ktr.h>
@@ -915,7 +916,204 @@ SYSCTL_PROC(_hw, OID_AUTO, spec_store_bypass_disab
hw_ssb_disable_handler, "I",
"Speculative Store Bypass Disable (0 - off, 1 - on, 2 - auto");
+int hw_mds_disable;
+
/*
+ * Handler for Microarchitectural Data Sampling issues. Really not a
+ * pointer to C function: on amd64 the code must not change any CPU
+ * architectural state except possibly %rflags. Also, it is always
+ * called with interrupts disabled.
+ */
+void (*mds_handler)(void);
+void mds_handler_void(void);
+void mds_handler_verw(void);
+void mds_handler_ivb(void);
+void mds_handler_bdw(void);
+void mds_handler_skl_sse(void);
+void mds_handler_skl_avx(void);
+void mds_handler_skl_avx512(void);
+void mds_handler_silvermont(void);
+
+static int
+sysctl_hw_mds_disable_state_handler(SYSCTL_HANDLER_ARGS)
+{
+ const char *state;
+
+ if (mds_handler == mds_handler_void)
+ state = "inactive";
+ else if (mds_handler == mds_handler_verw)
+ state = "VERW";
+ else if (mds_handler == mds_handler_ivb)
+ state = "software IvyBridge";
+ else if (mds_handler == mds_handler_bdw)
+ state = "software Broadwell";
+ else if (mds_handler == mds_handler_skl_sse)
+ state = "software Skylake SSE";
+ else if (mds_handler == mds_handler_skl_avx)
+ state = "software Skylake AVX";
+ else if (mds_handler == mds_handler_skl_avx512)
+ state = "software Skylake AVX512";
+ else if (mds_handler == mds_handler_silvermont)
+ state = "software Silvermont";
+ else
+ state = "unknown";
+ return (SYSCTL_OUT(req, state, strlen(state)));
+}
+
+SYSCTL_PROC(_hw, OID_AUTO, mds_disable_state,
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
+ sysctl_hw_mds_disable_state_handler, "A",
+ "Microarchitectural Data Sampling Mitigation state");
+
+_Static_assert(__offsetof(struct pcpu, pc_mds_tmp) % 64 == 0, "MDS AVX512");
+
+void
+hw_mds_recalculate(void)
+{
+ struct pcpu *pc;
+ vm_offset_t b64;
+ u_long xcr0;
+ int i;
+
+ /*
+ * Allow user to force VERW variant even if MD_CLEAR is not
+ * reported. For instance, hypervisor might unknowingly
+ * filter the cap out.
+ * For the similar reasons, and for testing, allow to enable
+ * mitigation even for RDCL_NO or MDS_NO caps.
+ */
+ if (cpu_vendor_id != CPU_VENDOR_INTEL || hw_mds_disable == 0 ||
+ ((cpu_ia32_arch_caps & (IA32_ARCH_CAP_RDCL_NO |
+ IA32_ARCH_CAP_MDS_NO)) != 0 && hw_mds_disable == 3)) {
+ mds_handler = mds_handler_void;
+ } else if (((cpu_stdext_feature3 & CPUID_STDEXT3_MD_CLEAR) != 0 &&
+ hw_mds_disable == 3) || hw_mds_disable == 1) {
+ mds_handler = mds_handler_verw;
+ } else if (CPUID_TO_FAMILY(cpu_id) == 0x6 &&
+ (CPUID_TO_MODEL(cpu_id) == 0x2e || CPUID_TO_MODEL(cpu_id) == 0x1e ||
+ CPUID_TO_MODEL(cpu_id) == 0x1f || CPUID_TO_MODEL(cpu_id) == 0x1a ||
+ CPUID_TO_MODEL(cpu_id) == 0x2f || CPUID_TO_MODEL(cpu_id) == 0x25 ||
+ CPUID_TO_MODEL(cpu_id) == 0x2c || CPUID_TO_MODEL(cpu_id) == 0x2d ||
+ CPUID_TO_MODEL(cpu_id) == 0x2a || CPUID_TO_MODEL(cpu_id) == 0x3e ||
+ CPUID_TO_MODEL(cpu_id) == 0x3a) &&
+ (hw_mds_disable == 2 || hw_mds_disable == 3)) {
+ /*
+ * Nehalem, SandyBridge, IvyBridge
+ */
+ CPU_FOREACH(i) {
+ pc = pcpu_find(i);
+ if (pc->pc_mds_buf == NULL) {
+ pc->pc_mds_buf = malloc_domainset(672, M_TEMP,
+ DOMAINSET_PREF(pc->pc_domain), M_WAITOK);
+ bzero(pc->pc_mds_buf, 16);
+ }
+ }
+ mds_handler = mds_handler_ivb;
+ } else if (CPUID_TO_FAMILY(cpu_id) == 0x6 &&
+ (CPUID_TO_MODEL(cpu_id) == 0x3f || CPUID_TO_MODEL(cpu_id) == 0x3c ||
+ CPUID_TO_MODEL(cpu_id) == 0x45 || CPUID_TO_MODEL(cpu_id) == 0x46 ||
+ CPUID_TO_MODEL(cpu_id) == 0x56 || CPUID_TO_MODEL(cpu_id) == 0x4f ||
+ CPUID_TO_MODEL(cpu_id) == 0x47 || CPUID_TO_MODEL(cpu_id) == 0x3d) &&
+ (hw_mds_disable == 2 || hw_mds_disable == 3)) {
+ /*
+ * Haswell, Broadwell
+ */
+ CPU_FOREACH(i) {
+ pc = pcpu_find(i);
+ if (pc->pc_mds_buf == NULL) {
+ pc->pc_mds_buf = malloc_domainset(1536, M_TEMP,
+ DOMAINSET_PREF(pc->pc_domain), M_WAITOK);
+ bzero(pc->pc_mds_buf, 16);
+ }
+ }
+ mds_handler = mds_handler_bdw;
+ } else if (CPUID_TO_FAMILY(cpu_id) == 0x6 &&
+ ((CPUID_TO_MODEL(cpu_id) == 0x55 && (cpu_id &
+ CPUID_STEPPING) <= 5) ||
+ CPUID_TO_MODEL(cpu_id) == 0x4e || CPUID_TO_MODEL(cpu_id) == 0x5e ||
+ (CPUID_TO_MODEL(cpu_id) == 0x8e && (cpu_id &
+ CPUID_STEPPING) <= 0xb) ||
+ (CPUID_TO_MODEL(cpu_id) == 0x9e && (cpu_id &
+ CPUID_STEPPING) <= 0xc)) &&
+ (hw_mds_disable == 2 || hw_mds_disable == 3)) {
+ /*
+ * Skylake, KabyLake, CoffeeLake, WhiskeyLake,
+ * CascadeLake
+ */
+ CPU_FOREACH(i) {
+ pc = pcpu_find(i);
+ if (pc->pc_mds_buf == NULL) {
+ pc->pc_mds_buf = malloc_domainset(6 * 1024,
+ M_TEMP, DOMAINSET_PREF(pc->pc_domain),
+ M_WAITOK);
+ b64 = (vm_offset_t)malloc_domainset(64 + 63,
+ M_TEMP, DOMAINSET_PREF(pc->pc_domain),
+ M_WAITOK);
+ pc->pc_mds_buf64 = (void *)roundup2(b64, 64);
+ bzero(pc->pc_mds_buf64, 64);
+ }
+ }
+ xcr0 = rxcr(0);
+ if ((xcr0 & XFEATURE_ENABLED_ZMM_HI256) != 0 &&
+ (cpu_stdext_feature2 & CPUID_STDEXT_AVX512DQ) != 0)
+ mds_handler = mds_handler_skl_avx512;
+ else if ((xcr0 & XFEATURE_ENABLED_AVX) != 0 &&
+ (cpu_feature2 & CPUID2_AVX) != 0)
+ mds_handler = mds_handler_skl_avx;
+ else
+ mds_handler = mds_handler_skl_sse;
+ } else if (CPUID_TO_FAMILY(cpu_id) == 0x6 &&
+ ((CPUID_TO_MODEL(cpu_id) == 0x37 ||
+ CPUID_TO_MODEL(cpu_id) == 0x4a ||
+ CPUID_TO_MODEL(cpu_id) == 0x4c ||
+ CPUID_TO_MODEL(cpu_id) == 0x4d ||
+ CPUID_TO_MODEL(cpu_id) == 0x5a ||
+ CPUID_TO_MODEL(cpu_id) == 0x5d ||
+ CPUID_TO_MODEL(cpu_id) == 0x6e ||
+ CPUID_TO_MODEL(cpu_id) == 0x65 ||
+ CPUID_TO_MODEL(cpu_id) == 0x75 ||
+ CPUID_TO_MODEL(cpu_id) == 0x1c ||
+ CPUID_TO_MODEL(cpu_id) == 0x26 ||
+ CPUID_TO_MODEL(cpu_id) == 0x27 ||
+ CPUID_TO_MODEL(cpu_id) == 0x35 ||
+ CPUID_TO_MODEL(cpu_id) == 0x36 ||
+ CPUID_TO_MODEL(cpu_id) == 0x7a))) {
+ /* Silvermont, Airmont */
+ CPU_FOREACH(i) {
+ pc = pcpu_find(i);
+ if (pc->pc_mds_buf == NULL)
+ pc->pc_mds_buf = malloc(256, M_TEMP, M_WAITOK);
+ }
+ mds_handler = mds_handler_silvermont;
+ } else {
+ hw_mds_disable = 0;
+ mds_handler = mds_handler_void;
+ }
+}
+
+static int
+sysctl_mds_disable_handler(SYSCTL_HANDLER_ARGS)
+{
+ int error, val;
+
+ val = hw_mds_disable;
+ error = sysctl_handle_int(oidp, &val, 0, req);
+ if (error != 0 || req->newptr == NULL)
+ return (error);
+ if (val < 0 || val > 3)
+ return (EINVAL);
+ hw_mds_disable = val;
+ hw_mds_recalculate();
+ return (0);
+}
+
+SYSCTL_PROC(_hw, OID_AUTO, mds_disable, CTLTYPE_INT |
+ CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_MPSAFE, NULL, 0,
+ sysctl_mds_disable_handler, "I",
+ "Microarchitectural Data Sampling Mitigation "
+ "(0 - off, 1 - on VERW, 2 - on SW, 3 - on AUTO");
+
+/*
* Enable and restore kernel text write permissions.
* Callers must ensure that disable_wp()/restore_wp() are executed
* without rescheduling on the same core.

18
share/security/patches/SA-19:07/mds.12.0.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTz5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cK7PRAAiK8IWVyHOwKuCTq95qQ7l57bJPeciIthl7qweKeilQy1/k4NnQBN3ix0
ZHBDxUaeu4AyIz7AZR0h38DZtYdDx1lYc7v3F7ydf5GAd2cmzHFDLcj/85LExF2e
8tmMaB/9sXS2aSrqvYkSRpHZRjxZbBNHCGXWboyYXjcgtVij5/2qhKEELxx2IasO
AQU0aOMdgkkKNkWyabGfT2bEObP8CCszymrarOLYHEglYxt4GuRKD88Tlosk7Ks4
4Gzk+sw9zKJzFRBj3kf0gocd6gbesAmPAl+zrx6Uv4m6yfsaX+3LZDG/nOPiLqmq
sEkVNusYC2PtauurrP6PL4IdAy4wyf1Br+9Cfag7ZQBwONZVLIwU+hwnlYJaz64l
pyZ0JP0HWNH668fUsQx+WLADW6JNnMZvK4CsCawcph1CIWzKVUk9LQCrwwz1T66e
r0Kgt4UjAv+k5jIDRaL7k6Cgs15bhDplad4UBz7c7jiBaQVs8nn+XsbzkfhMp1eH
VwQN1x/j0cLWsIiz75jT3pIKqqMeQSD6/l9HT+dMXdlpsESTBubCfahzg4g6hc5K
Bix71M41d30pPhvwXGeEEh3t1YvxigyhbjP6vRGl3w6nCSNriSS4kljXDfOrrKdi
Eutxciow24U8phAeILxbgFthKvvNuEntmfw9Y/vS6u8BvYvKeQQ=
=oWiG
-----END PGP SIGNATURE-----

30
share/xml/advisories.xml
View file

@ -7,6 +7,36 @@
<year>
<name>2019</name>
<month>
<name>5</name>
<day>
<name>14</name>
<advisory>
<name>FreeBSD-SA-19:07.mds</name>
</advisory>
<advisory>
<name>FreeBSD-SA-19:06.pf</name>
</advisory>
<advisory>
<name>FreeBSD-SA-19:05.pf</name>
</advisory>
<advisory>
<name>FreeBSD-SA-19:04.ntp</name>
</advisory>
<advisory>
<name>FreeBSD-SA-19:03.wpa</name>
</advisory>
</day>
</month>
<month>
<name>2</name>

21
share/xml/notices.xml
View file

@ -7,6 +7,27 @@
<year>
<name>2019</name>
<month>
<name>5</name>
<day>
<name>14</name>
<notice>
<name>FreeBSD-EN-19:10.scp</name>
</notice>
<notice>
<name>FreeBSD-EN-19:09.xinstall</name>
</notice>
<notice>
<name>FreeBSD-EN-19:08.tzdata</name>
</notice>
</day>
</month>
<month>
<name>2</name>