From eugen@grosbein.net Thu Jun 29 21:01:45 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QsW9s2B6nz4kG1G for ; Thu, 29 Jun 2023 21:02:41 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QsW9r485tz3vYc; Thu, 29 Jun 2023 21:02:40 +0000 (UTC) (envelope-from eugen@grosbein.net) Authentication-Results: mx1.freebsd.org; dkim=none; spf=fail (mx1.freebsd.org: domain of eugen@grosbein.net does not designate 2a01:4f8:c2c:26d8::2 as permitted sender) smtp.mailfrom=eugen@grosbein.net; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=grosbein.net (policy=none) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.17.1/8.17.1) with ESMTPS id 35TL2Vs2024311 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 29 Jun 2023 21:02:32 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: freebsd-security@freebsd.org Received: from [10.58.0.11] (dadvw [10.58.0.11] (may be forged)) by eg.sd.rdtc.ru (8.16.1/8.16.1) with ESMTPS id 35TL2Twl039069 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Fri, 30 Jun 2023 04:02:29 +0700 (+07) (envelope-from eugen@grosbein.net) To: freebsd-security Cc: brnrd@FreeBSD.org From: Eugene Grosbein Subject: ENGINESDIR for security/openssl30 Message-ID: <4f985310-6b7e-0f91-0310-9d1f48b990db@grosbein.net> Date: Fri, 30 Jun 2023 04:01:45 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT autolearn=disabled version=3.4.6 X-Spam-Report: * -0.0 SHORTCIRCUIT No description available. * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on hz.grosbein.net X-Spamd-Result: default: False [-1.98 / 15.00]; R_SPF_FAIL(1.00)[-all]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-0.999]; NEURAL_HAM_SHORT(-0.99)[-0.986]; MIME_GOOD(-0.10)[text/plain]; DMARC_POLICY_SOFTFAIL(0.10)[grosbein.net : No valid SPF, No valid DKIM,none]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/32, country:DE]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; RCVD_COUNT_THREE(0.00)[3]; MID_RHS_MATCH_FROM(0.00)[]; FREEFALL_USER(0.00)[eugen]; RCPT_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_SOME(0.00)[]; ARC_NA(0.00)[] X-Rspamd-Queue-Id: 4QsW9r485tz3vYc X-Spamd-Bar: - X-ThisMailContainsUnwantedMimeParts: N Hi! If I install openssl30-3.0.9 package using official FreeBSD package repository, I get this: # /usr/local/bin/openssl version -e -v OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023) ENGINESDIR: "/usr/local/lib/engines-12" FreeBSD 14.0-CURRENT got it in base recently and ENGINESDIR differs: # openssl version -e -v OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023) ENGINESDIR: "/usr/lib/engines-3" I wonder where such difference comes from. Should we change the port to use ${PREFIX}/lib/engines-3 ? From nobody Wed Jul 26 12:15:34 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R9tD016NNz4p6Nc for ; Wed, 26 Jul 2023 12:16:16 +0000 (UTC) (envelope-from freebsdlists@bsdunix.ch) Received: from mail-4323.proton.ch (mail-4323.proton.ch [185.70.43.23]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "protonmail.com", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4R9tCx2rJrz3R0B for ; Wed, 26 Jul 2023 12:16:12 +0000 (UTC) (envelope-from freebsdlists@bsdunix.ch) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=bsdunix.ch header.s=protonmail2 header.b=TNq6YdOl; spf=permerror (mx1.freebsd.org: domain of freebsdlists@bsdunix.ch uses mechanism not recognized by this client) smtp.mailfrom=freebsdlists@bsdunix.ch; dmarc=none Date: Wed, 26 Jul 2023 12:15:34 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdunix.ch; s=protonmail2; t=1690373769; x=1690632969; bh=NqS25lLv6PYMKZRJqCAuOrSC1Nntu0HcBYNI/Bg0OJk=; h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=TNq6YdOlwzXPsxoZc88WbKCVDOeBiZEESw3eAh9LIpsMqME+S4ifi+857o4hcp+sn 56zdJYEw9t/x24RtVLYWyakGTFSLj9uqDt17DDDogNbYvfNgrpV4YkkEk0Ylwr+QEz Gj8qOmPCbzyJ1l9n6iZkOTaQkJKuClGXikgd8NBkOuNJgtPgqUhdK3zBpz8Be6Xy+c Lj/9QL7rhBT0BPvFONYEAR41Q7sJ60716vt2zuL92tMUbD6ukEgpzycR2X4tupsToW MIR9E6fyJ3NABr7esqd5E7Lttdwd7PFrcsFxyFGynkSN9KCB63NnrVaowWq/iUT1hy oWhF3w8+Sc0ag== To: freebsd-security@freebsd.org From: freebsdlists Subject: OpenSSH 9.3p2 security fix? Message-ID: <0iiOWQTOK7b8U9u2fZUS1QL9TrS8avXIxsh_QqA_zE_0tnNsmaEytsCfFopXygHxiAYRG0GgjVUfe8kNKet-xWzqKquH92yZp0TnlibtzoE=@bsdunix.ch> Feedback-ID: 62840563:user:proton List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha512; boundary="------8aa1bd26090850a01b9bdf913c23e4c95be603106216a27a0aef923acecb3e52"; charset=utf-8 X-Spamd-Result: default: False [-3.16 / 15.00]; SIGNED_PGP(-2.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.98)[-0.975]; NEURAL_SPAM_MEDIUM(0.62)[0.620]; RWL_MAILSPIKE_EXCELLENT(-0.40)[185.70.43.23:from]; R_DKIM_ALLOW(-0.20)[bsdunix.ch:s=protonmail2]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; ARC_NA(0.00)[]; R_SPF_PERMFAIL(0.00)[empty SPF record]; ASN(0.00)[asn:62371, ipnet:185.70.43.0/24, country:CH]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[bsdunix.ch:+]; HAS_ATTACHMENT(0.00)[]; DMARC_NA(0.00)[bsdunix.ch: no valid DMARC record]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Queue-Id: 4R9tCx2rJrz3R0B X-Spamd-Bar: --- This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------8aa1bd26090850a01b9bdf913c23e4c95be603106216a27a0aef923acecb3e52 Content-Type: multipart/mixed;boundary=---------------------4932dd6cdfff98550f90705394163049 -----------------------4932dd6cdfff98550f90705394163049 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain;charset=utf-8 Hi, Any plans to release OpenSSH 9.3p2 Security Patch for FreeBSD 13.2? https://www.openssh.com/releasenotes.html#9.3p2 Regards, Tom -----------------------4932dd6cdfff98550f90705394163049-- --------8aa1bd26090850a01b9bdf913c23e4c95be603106216a27a0aef923acecb3e52 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: ProtonMail wnUEARYKACcFgmTBDkoJkG8qHLHq3jeuFiEEG4uPE1VVAHbJHrlBbyocsere N64AAN5NAP9YPOkIcFPJu8SkjVrBpR1pQVI2sZeCjqQ70ptOQp8f0gD/fKvW 3AXLqTCGViv2GZO74e2gw5S0zXFeT12EJxOThgA= =9u6l -----END PGP SIGNATURE----- --------8aa1bd26090850a01b9bdf913c23e4c95be603106216a27a0aef923acecb3e52-- From nobody Wed Jul 26 20:34:56 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RB5HW4hXlz4pnR4 for ; Wed, 26 Jul 2023 20:35:03 +0000 (UTC) (envelope-from 0x1eef@protonmail.com) Received: from mail-40131.protonmail.ch (mail-40131.protonmail.ch [185.70.40.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "protonmail.com", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RB5HV3lrLz3v08 for ; Wed, 26 Jul 2023 20:35:02 +0000 (UTC) (envelope-from 0x1eef@protonmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b=a7bONS1o; spf=pass (mx1.freebsd.org: domain of 0x1eef@protonmail.com designates 185.70.40.131 as permitted sender) smtp.mailfrom=0x1eef@protonmail.com; dmarc=pass (policy=quarantine) header.from=protonmail.com Date: Wed, 26 Jul 2023 20:34:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1690403699; x=1690662899; bh=R1Cr72WYPxhTbxc56ZEvR+qVdzw3LMSG0ZcD/Wss49I=; h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=a7bONS1o0aRvXcf9k0/Bm5nDP0WsswszM1CcU0PQeQXPUeSf+W4dOsz/Ve70beewq GpTFHndLfJlncNbXlGiiPpG22aEpci0vYgo+Zi2K3oq9T5d6UCYoqs+BYqINJgl+jm XHmiaZoU84SEJufXxbb/IK/IYR/Kw3twJfo7aZEyl+NXXWUED1YDdDEnPwaZ655Mlg zMXaKvlnFUkn7oHx+b3p+QpWxd8TIvSWmJyYdt34RgGFhZm8Z08Bq0ZmlUFzytdnr9 /uyqQZBn2qYAMx/HJY1Tg7OrKU3p+JmZ+OsGVqmhL6ARpi/8N/crY6Fk8LYcygThMm gwc7Yem+ZzVGg== To: "freebsd-security@freebsd.org" From: 0x1eef <0x1eef@protonmail.com> Subject: Zenbleed Message-ID: Feedback-ID: 39071764:user:proton List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-4.31 / 15.00]; NEURAL_HAM_SHORT(-1.00)[-0.999]; NEURAL_HAM_LONG(-0.98)[-0.982]; NEURAL_HAM_MEDIUM(-0.93)[-0.932]; DMARC_POLICY_ALLOW(-0.50)[protonmail.com,quarantine]; RWL_MAILSPIKE_EXCELLENT(-0.40)[185.70.40.131:from]; R_SPF_ALLOW(-0.20)[+ip4:185.70.40.0/24:c]; R_DKIM_ALLOW(-0.20)[protonmail.com:s=protonmail3]; MIME_GOOD(-0.10)[text/plain]; FREEMAIL_ENVFROM(0.00)[protonmail.com]; TO_DN_EQ_ADDR_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_ZERO(0.00)[0]; ARC_NA(0.00)[]; ASN(0.00)[asn:62371, ipnet:185.70.40.0/24, country:CH]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[protonmail.com:+]; FREEMAIL_FROM(0.00)[protonmail.com]; RCPT_COUNT_ONE(0.00)[1]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Queue-Id: 4RB5HV3lrLz3v08 X-Spamd-Bar: ---- Hello, I was curious if there are plans to apply the "chicken bit"=20 workaround for the Ryzen line of processors. A firmware update is not scheduled to be released until Nov or Dec=20 at the earliest. Thanks. 0x1eef From nobody Wed Jul 26 21:46:36 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RB6t8274kz4pWxG for ; Wed, 26 Jul 2023 21:46:40 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RB6t72DyWz4MHt for ; Wed, 26 Jul 2023 21:46:39 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-il1-x12c.google.com with SMTP id e9e14a558f8ab-348d6bc349eso915475ab.0 for ; Wed, 26 Jul 2023 14:46:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1690407998; x=1691012798; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=ZxHm07oyG7O7UxhrBwGpdiAbfKpvEx1scBoOvDKkONs=; b=kKiKol4dB7SVSZMF3TkJf8D9FqiZ768Ck0bqDm180N3vv/cU+lSlZHwGO/TQPmQjFt JlqIpz5CV7y5Ct8zZ6POK/UnDOwHsF2AgAKav682uPpP4M/91H8xxifUf7XPOXwNILKA hf/3Tqc8oJmuVmIM/YkFGakKNZ/CJXyXY7iYqq2DKbrWUIqkvFUYz7ZwgbTC99TCtIKI 0MxEQEj0tk7W9rM8AYsh1Vpvp/AHWrp8AVsehVaHAunmaqE7QUxGeH1Pby+bRSYS96J7 mAVTGd5kXYijoz9AenSuOwJAzzRKBgvGDoLX5DFQJmfhdYiTI5Y6hi04Kifn50/ftnX7 cVSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690407998; x=1691012798; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ZxHm07oyG7O7UxhrBwGpdiAbfKpvEx1scBoOvDKkONs=; b=czgxYptxE0y/iNWX3eVqpyKqC1a3tR3B5rVJBhsI4U5deVAfW3sdCF0rW0t2iD7Ofh OfqFkxOvfSdOtzbTXj40wb8WLkBHtBmFAq4ZxXOjZPEFvH5WX4Fg6LTziF1ugXvAvwsy imPhTPlbqMx0qf1pNeE3LVP2t4cmTFW7IN0iRlOCUHnqNZ2k/tRytnWLa2rYbLSQRq5n IuPHjxUEc8iYJuJ6PqFi0ciSLwJrFEGpizF1Hb0AaooF4ikk5nhc4P+EGdDHzx5UawO1 6LMNn3y8e3IwTMKvS2e3VxC3u+7Href2PHxERX6sjbcGEmzdpGkdA3VulRch0KWmdQ04 su7w== X-Gm-Message-State: ABy/qLaKxPZNGV2CYbvYqfnbDWcQIGSssR97AYPzKfc6JM+RUeF4zrD9 /plD9qV4rmDkIfE/j7o2NNFbUg== X-Google-Smtp-Source: APBJJlFR4TXwBkAioTypnbhwqgih+ZnGH4ntdNNAeuIB1porGY3BEVp/zoRwmQ8B1PGqHji2gF9EMA== X-Received: by 2002:a05:6e02:1aa7:b0:348:d52a:8f8 with SMTP id l7-20020a056e021aa700b00348d52a08f8mr3881348ilv.25.1690407998052; Wed, 26 Jul 2023 14:46:38 -0700 (PDT) Received: from mutt-hbsd ([98.38.198.52]) by smtp.gmail.com with ESMTPSA id q5-20020a92d405000000b00348edca2abesm64313ilm.47.2023.07.26.14.46.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Jul 2023 14:46:36 -0700 (PDT) Date: Wed, 26 Jul 2023 17:46:36 -0400 From: Shawn Webb To: 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" Subject: Re: Zenbleed Message-ID: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> X-Operating-System: FreeBSD mutt-hbsd 14.0-CURRENT-HBSD FreeBSD 14.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="pz3mje32tk7f4blc" Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 4RB6t72DyWz4MHt X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated --pz3mje32tk7f4blc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 26, 2023 at 08:34:56PM +0000, 0x1eef wrote: > Hello, >=20 > I was curious if there are plans to apply the "chicken bit"=20 > workaround for the Ryzen line of processors. A firmware > update is not scheduled to be released until Nov or Dec=20 > at the earliest. Thanks. For those that would like to test if their systems are affected, this proof-of-concept was reported to work on at least one system: https://git.hardenedbsd.org/shawn.webb/zenbleed/-/tree/shawn.webb/bsd/main Building it depends on gmake and nasm. You'll want to be on the shawn.webb/bsd/main branch. Note that this code is simply Tavis' original PoC, just modified enough to get it to build on FreeBSD and OpenBSD. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --pz3mje32tk7f4blc Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmTBlDMACgkQ/y5nonf4 4fqRCQ//R1NI9N4Ka1hYAMYWsWRHwbBYbt/vWmWnIjFEZjc9HSzt6Vulu+uYerDh stiJZA67VqbQDq9K/0N+eQLhJUCy0RZfWcj3KI2YBRUbxJVvSXYnHgEW+HUeV0WY aq4NSoE+N7NEwz0F12996+W2mPt+YRK3osc29PQcVJ0NdK5AaWb+u0/NlYpgdQzt 2DssXV8/LrvJ+HvkS/K5IIiLjjVAFr+rRQ+UDyK17Tkebdo2EUCJ5Z5OVxQM8rrE US/FhoIoBTTfz6doP8a2MIT5eb0B/iTuHpyxAznC4iQs1iL1Jzt/4fEUpetRZnPR Y76Zmup2F0vTknXhfKI2Eph7ULXhmanixP4aX6kbVsNkUbTpN9wDURUQZbUweoDc C5Z94tBzLpeNTZQkALQlBgMvvJu4ETULdnwa/Rh6SsQ/1A/hQKjzHtTZBlFwjEYc /5RunRwnnRKbzQf0oUpmmorWM1cdwGZovOf0yPo1cfpbBTztULsahm1VIZxbkGEK puXrDKNAQHhwYF48mCfGro4Divk/VebY4anJscqVSO6heIW/hK6G9HFYOfOXTck+ BNlKRS311tW694LaGwC7oodLE2PQo5W2X0nQq25iRuKgiBbkUl1oYau3YuT6LNsV TAcGtSSIWqWhgMwn4INLExVdXL0SQBLSiW2STyU1kSkpZqsj268= =K3Tb -----END PGP SIGNATURE----- --pz3mje32tk7f4blc-- From nobody Wed Jul 26 22:20:25 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RB7dN3qSSz4p0yY for ; Wed, 26 Jul 2023 22:20:40 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4RB7dM3kbqz3M4L for ; Wed, 26 Jul 2023 22:20:39 +0000 (UTC) (envelope-from kostikbel@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=none; spf=softfail (mx1.freebsd.org: 2001:470:d5e7:1::1 is neither permitted nor denied by domain of kostikbel@gmail.com) smtp.mailfrom=kostikbel@gmail.com; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=gmail.com (policy=none) Received: from tom.home (kib@localhost [127.0.0.1]) by kib.kiev.ua (8.17.1/8.17.1) with ESMTPS id 36QMKPpt039565 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Thu, 27 Jul 2023 01:20:28 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua 36QMKPpt039565 Received: (from kostik@localhost) by tom.home (8.17.1/8.17.1/Submit) id 36QMKPr8039564 for freebsd-security@freebsd.org; Thu, 27 Jul 2023 01:20:25 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Thu, 27 Jul 2023 01:20:25 +0300 From: Konstantin Belousov To: "freebsd-security@freebsd.org" Subject: Re: Zenbleed Message-ID: References: List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FREEMAIL_FROM, NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=4.0.0 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on tom.home X-Spamd-Result: default: False [-2.88 / 15.00]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_LONG(-0.97)[-0.968]; NEURAL_HAM_MEDIUM(-0.91)[-0.912]; MIME_GOOD(-0.10)[text/plain]; DMARC_POLICY_SOFTFAIL(0.10)[gmail.com : No valid SPF, No valid DKIM,none]; RCVD_COUNT_THREE(0.00)[3]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; R_DKIM_NA(0.00)[]; TO_DN_EQ_ADDR_ALL(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; R_SPF_SOFTFAIL(0.00)[~all]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_FROM(0.00)[gmail.com]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; HAS_XAW(0.00)[]; RCVD_TLS_LAST(0.00)[] X-Rspamd-Queue-Id: 4RB7dM3kbqz3M4L X-Spamd-Bar: -- On Wed, Jul 26, 2023 at 08:34:56PM +0000, 0x1eef wrote: > Hello, > > I was curious if there are plans to apply the "chicken bit" > workaround for the Ryzen line of processors. A firmware > update is not scheduled to be released until Nov or Dec > at the earliest. Thanks. The chicken bit workaround is # for x in /dev/cpuctl*; do cpucontrol -m '0xc0011029|=0x200' $x; done there is nothing to wait for. It is silly to push this into kernel when recommended solution is ucode update. From nobody Wed Jul 26 22:49:49 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RB8HH4Kmnz4pVjn for ; Wed, 26 Jul 2023 22:50:03 +0000 (UTC) (envelope-from 0x1eef@protonmail.com) Received: from mail-40133.protonmail.ch (mail-40133.protonmail.ch [185.70.40.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "protonmail.com", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RB8HH1SrVz3pcY for ; Wed, 26 Jul 2023 22:50:03 +0000 (UTC) (envelope-from 0x1eef@protonmail.com) Authentication-Results: mx1.freebsd.org; none Date: Wed, 26 Jul 2023 22:49:49 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1690411799; x=1690670999; bh=8wl+XzdVh1JTcu+dvaigOITJ3EyJI28VKisb+pHu/2g=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=MzH/1ofVBN5wzDwad2A0J0TDGQDKF/R9g64v3SXgEHGi96FE1ALR6MCtFCtCC79rU MDVscngeqgxlLmNN55Ipd8PGoWPFm0H+VMBcY/vTUFcJqyRtXlLMmY97rjGJVW/Z3V vIjhm1l5MeEsr8c5cIniXVU2V2L33kZ+K3nH1wmcPJN0riDrm+c+9qnrpIOY0l4LLW AKnKSoPS+0BweWiXL1qd4d413ipXPoNhG1XJ9QTse3FD8y0tHKyVVTph2NpB8TTHNe 8Ya+hOPi8zuV3eH0wEhQfpzQKalehFrhJbO9ztLNhjByCum57YLuYdgxWntzbiZYbU OBXNJzx6UxvPg== To: Konstantin Belousov From: 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" Subject: Re: Zenbleed Message-ID: In-Reply-To: References: Feedback-ID: 39071764:user:proton List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4RB8HH1SrVz3pcY X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:62371, ipnet:185.70.40.0/24, country:CH] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated > The chicken bit workaround is > # for x in /dev/cpuctl*; do cpucontrol -m '0xc0011029|=3D0x200' $x; done > there is nothing to wait for. It is silly to push this into kernel when > recommended solution is ucode update. Great ! Thanks. 0x1eef From nobody Thu Jul 27 15:32:47 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RBZXX5NJbz4pQjT for ; Thu, 27 Jul 2023 15:33:00 +0000 (UTC) (envelope-from olivier.freebsd@free.fr) Received: from smtp2-g21.free.fr (smtp2-g21.free.fr [212.27.42.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4RBZXR70bgz3rll for ; Thu, 27 Jul 2023 15:32:55 +0000 (UTC) (envelope-from olivier.freebsd@free.fr) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=free.fr header.s=smtp-20201208 header.b=Jq2yVsfT; spf=pass (mx1.freebsd.org: domain of olivier.freebsd@free.fr designates 212.27.42.2 as permitted sender) smtp.mailfrom=olivier.freebsd@free.fr; dmarc=pass (policy=none) header.from=free.fr Received: from ravel.localnet (unknown [90.118.140.172]) (Authenticated sender: olivier.freebsd@free.fr) by smtp2-g21.free.fr (Postfix) with ESMTPSA id 111E3200417 for ; Thu, 27 Jul 2023 17:32:48 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=free.fr; s=smtp-20201208; t=1690471968; bh=+g5JQ+s5mvhqa+NkWlbgAg2EUacEVSLXGcUfZInRSYg=; h=From:To:Subject:Date:In-Reply-To:References:From; b=Jq2yVsfTkzDOR1LfLDkPz+E3EGWFZLR6BWVMZ2PZ1lIpoozPkmyTdwVkXal8/RoeH +K2ETw28cDy9w6H7v/8AMXHwHVAmXRJdVcZVBRncijR9h+0BCt3TGTx8dQHUpnDnW3 Or+Sl9BDiiFE0T8vWHDnozMFAWb1dbAlxwmaivlt8q0LKQ8z8VZu6OB50jycLVq0CE KUglbfNAFZNhR2vPKIdB09Muh3e2ad6TMW8VlpGquu/gC0Xk/RmGuIWdEIsZMntWeN LBZhfc+ujfiJMh9MGJn3kjXbtRRaaP8IJSuaS7eyz1CpyMLILgqxrtTSJ1ypMlcAMj rGiJkc2fl19KQ== From: Olivier Certner To: freebsd-security@freebsd.org Subject: Re: Zenbleed Date: Thu, 27 Jul 2023 17:32:47 +0200 Message-ID: <1958561.iAkVjBisvr@ravel> In-Reply-To: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="UTF-8" X-Spamd-Result: default: False [0.71 / 15.00]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; NEURAL_HAM_SHORT(-0.99)[-0.987]; NEURAL_SPAM_LONG(0.79)[0.794]; CTE_CASE(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[free.fr,none]; MID_RHS_NOT_FQDN(0.50)[]; R_DKIM_ALLOW(-0.20)[free.fr:s=smtp-20201208]; R_SPF_ALLOW(-0.20)[+ip4:212.27.42.2]; RWL_MAILSPIKE_GOOD(-0.10)[212.27.42.2:from]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; DWL_DNSWL_NONE(0.00)[free.fr:dkim]; RCVD_COUNT_TWO(0.00)[2]; DKIM_TRACE(0.00)[free.fr:+]; TO_DN_NONE(0.00)[]; FREEMAIL_FROM(0.00)[free.fr]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:12322, ipnet:212.27.32.0/19, country:FR]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[free.fr]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4RBZXR70bgz3rll X-Spamd-Bar: / Hello, I can confirm that the PoC unfortunately works perfectly on an AMD 3900X. Variant 0 leads to a few leaks, 1 apparently none, variant 2 much more and variant 3 the most. With variant 3, I'm measuring around 6 upper-XMM leaks per second with 12 threads, hence ~8 bytes/s/core (~64bit/s/core), far from the reported[1] speed of 30kb/s/core in the original post (on different hardware). But I can see text, such as JS code, leaking. This is serious. The workaround provided by kib@ in another reply works (leaks stop instantly): # for x in /dev/cpuctl*; do cpucontrol -m '0xc0011029|=0x200' $x; done Little info on MSR C001_1029 is available[6]. According to [2] and [3], it seems that no firmware is currently available for anything else than Rome/Castle Peak and Mendocino (see AMD processors list[5]). BIOS updates will come at best at end of year (see [2]). The situation for microcode updates seems more blurry, as [2] does not talk about them (except for Rome/Castle Peak), but [4] seems to indicate that these updates at least have been assigned IDs for all affected models. If someone has more info, please share. Thanks. Links: [1] https://lock.cmpxchg8b.com/zenbleed.html [2] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html [3] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=0bc3126c9cfa0b8c761483215c25382f831a7c6f [4] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.4.6&id=9b8bb5c4e25678af895dc9dd4a1e82b2f948cacc [5] https://en.wikipedia.org/wiki/List_of_AMD_Ryzen_processors [6] https://lore.kernel.org/lkml/20170425114541.8267-1-dvlasenk@redhat.com/ -- Olivier Certner From nobody Thu Jul 27 15:55:14 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RBb2F4pmpz4phyC for ; Thu, 27 Jul 2023 15:55:17 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [IPv6:2607:f3e0:0:1::12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smarthost1.sentex.ca", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RBb2D73cnz45pF for ; Thu, 27 Jul 2023 15:55:16 +0000 (UTC) (envelope-from mike@sentex.net) Authentication-Results: mx1.freebsd.org; none Received: from pyroxene2a.sentex.ca (pyroxene19.sentex.ca [199.212.134.19]) by smarthost1.sentex.ca (8.17.1/8.16.1) with ESMTPS id 36RFtDY1030062 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=FAIL); Thu, 27 Jul 2023 11:55:13 -0400 (EDT) (envelope-from mike@sentex.net) Received: from [IPV6:2607:f3e0:0:4::29] ([IPv6:2607:f3e0:0:4:0:0:0:29]) by pyroxene2a.sentex.ca (8.16.1/8.15.2) with ESMTPS id 36RFtCuN081885 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Thu, 27 Jul 2023 11:55:12 -0400 (EDT) (envelope-from mike@sentex.net) Message-ID: Date: Thu, 27 Jul 2023 11:55:14 -0400 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: Zenbleed Content-Language: en-US To: Shawn Webb , 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> From: mike tancsa In-Reply-To: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.84 X-Rspamd-Queue-Id: 4RBb2D73cnz45pF X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:11647, ipnet:2607:f3e0::/32, country:CA] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated On 7/26/2023 5:46 PM, Shawn Webb wrote: > On Wed, Jul 26, 2023 at 08:34:56PM +0000, 0x1eef wrote: >> Hello, >> >> I was curious if there are plans to apply the "chicken bit" >> workaround for the Ryzen line of processors. A firmware >> update is not scheduled to be released until Nov or Dec >> at the earliest. Thanks. > For those that would like to test if their systems are affected, this > proof-of-concept was reported to work on at least one system: > > https://git.hardenedbsd.org/shawn.webb/zenbleed/-/tree/shawn.webb/bsd/main > > Building it depends on gmake and nasm. You'll want to be on the > shawn.webb/bsd/main branch. Thanks for that. Is there a way to compile on RELENG_12 or is it 13 only ? % gmake cc -O0 -ggdb3 -march=znver2   -c -o pattern.o pattern.c pattern.c:15:10: fatal error: 'sys/sysinfo.h' file not found #include          ^~~~~~~~~~~~~~~ 1 error generated. gmake: *** [: pattern.o] Error 1     ---Mike From nobody Thu Jul 27 16:09:53 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RBbM621HVz4psj7 for ; Thu, 27 Jul 2023 16:09:54 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RBbM61BMfz4FNx; Thu, 27 Jul 2023 16:09:54 +0000 (UTC) (envelope-from jkim@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690474194; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=0TGtzIqmbj880zfAJABlm5y3qBkQ8pJuMk7h5S2oezQ=; b=cE5qRx9mf5dzDBoJ+CxoDTKvnTLrKdb/axrp3K+XKZY3Sy2fFjGgc4HF+hxaqY6Nl8GlTI 0E81qg6dJRjlvmvjMjDSHkRpoaUPBJyliyVQGn2DWn5CbtUEAWZuIostKfnmRoJ74eNkFE 1r7nQW3R8LGTdOX5bkCuM/xow2t1mMdcS67E+C/+0h4WpCb2/atUJGUj1puDkKv229Thr/ BCnNi1GVd7Nh53ONyLvEU9WdItR3xau/H1nc+3pa0+8EQ5A2aiVEcREAONUGxAozH0fZy4 n3Zd+aaxmkUW2xIJYlA2VRIoWRUOyK2kGe7u7YgccQ6M23CumoZIuG3e09DRoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690474194; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=0TGtzIqmbj880zfAJABlm5y3qBkQ8pJuMk7h5S2oezQ=; b=gYktHM/Wxx/4dYG7Kl3NqVIWwXbZPyHW1pOT97RoWWlFtea25C6vE7BUsrQppzOL8Nbxb0 sxJ4wTZ51kUhxqRv9vg9KeDclegIaJvTgGDsI8dbK1PMuGNQeEMh5M34bRKfAycDIN7gUl XvrcL66lhz1zA4g0lZ2KOl75xyn66Y3StbWPUxKZfOBvnCvVdVH27eAO+atCgCijw4dr5T oWWyKmnKT+j1YEypRBQTDQw8OltoHm/rFPH3Axhgb/jm1LxABL1S8ADcvbB9P0v+dpW0Rq SsCKuFySCtD1h65DLNUArnQP6jmd0aHRZ/PFLyT9/jLviSfbK7O80WWxlY6tXg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1690474194; a=rsa-sha256; cv=none; b=igPlrjgqHJ4wHWJXX5ioUmBfrGtzP3GnsLh9vb3jzk8pW3yN9eWVdP38r5LTFO7Cq4C4oD MS8JzLgopAAqRbOBN5xWts26geiiQuCrLa1T3htqxcK0Mk8SvSFv3nTL3KycENC2n8DTel EnsnKpHKrEyZnWJMu70NuPokOjMlRxgotaGyI04ba3YICHqGi4Jb0y/b5QLt6zvfQXcG02 ABC0w1RTdcIhQak2yrEuYRkoQZd4zxDyj45f7j8igRFHDWTPH33hhQeWlsunzwIRONEAPo PChK8/dHkC7lep0bZfrjqKaJYpFM9SqZkW9TNhjT4yyDip/1mR1zhCd5OdFBmg== Received: from freefall.freebsd.org (pool-108-53-224-100.nwrknj.fios.verizon.net [108.53.224.100]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: jkim/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4RBbM570CpzfFq; Thu, 27 Jul 2023 16:09:53 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Message-ID: <37805205-1439-5a78-8e8b-c8783c48171a@FreeBSD.org> Date: Thu, 27 Jul 2023 12:09:53 -0400 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.13.1 Subject: Re: Zenbleed Content-Language: en-US To: Shawn Webb , 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> From: Jung-uk Kim Organization: FreeBSD.org In-Reply-To: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------jRUr9LmKtt1qpK4F0vCco0PY" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------jRUr9LmKtt1qpK4F0vCco0PY Content-Type: multipart/mixed; boundary="------------Qx3Ol89HhokbgVUT5jZNw7Pv"; protected-headers="v1" From: Jung-uk Kim To: Shawn Webb , 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" Message-ID: <37805205-1439-5a78-8e8b-c8783c48171a@FreeBSD.org> Subject: Re: Zenbleed References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> In-Reply-To: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> --------------Qx3Ol89HhokbgVUT5jZNw7Pv Content-Type: multipart/mixed; boundary="------------IXixE9p0nM2035CBUOUnZHre" --------------IXixE9p0nM2035CBUOUnZHre Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 T24gMjMuIDcuIDI2LiwgU2hhd24gV2ViYiB3cm90ZToNCj4gT24gV2VkLCBKdWwgMjYsIDIw MjMgYXQgMDg6MzQ6NTZQTSArMDAwMCwgMHgxZWVmIHdyb3RlOg0KPj4gSGVsbG8sDQo+Pg0K Pj4gSSB3YXMgY3VyaW91cyBpZiB0aGVyZSBhcmUgcGxhbnMgdG8gYXBwbHkgdGhlICJjaGlj a2VuIGJpdCINCj4+IHdvcmthcm91bmQgZm9yIHRoZSBSeXplbiBsaW5lIG9mIHByb2Nlc3Nv cnMuIEEgZmlybXdhcmUNCj4+IHVwZGF0ZSBpcyBub3Qgc2NoZWR1bGVkIHRvIGJlIHJlbGVh c2VkIHVudGlsIE5vdiBvciBEZWMNCj4+IGF0IHRoZSBlYXJsaWVzdC4gVGhhbmtzLg0KPiAN Cj4gRm9yIHRob3NlIHRoYXQgd291bGQgbGlrZSB0byB0ZXN0IGlmIHRoZWlyIHN5c3RlbXMg YXJlIGFmZmVjdGVkLCB0aGlzDQo+IHByb29mLW9mLWNvbmNlcHQgd2FzIHJlcG9ydGVkIHRv IHdvcmsgb24gYXQgbGVhc3Qgb25lIHN5c3RlbToNCj4gDQo+IGh0dHBzOi8vZ2l0LmhhcmRl bmVkYnNkLm9yZy9zaGF3bi53ZWJiL3plbmJsZWVkLy0vdHJlZS9zaGF3bi53ZWJiL2JzZC9t YWluDQo+IA0KPiBCdWlsZGluZyBpdCBkZXBlbmRzIG9uIGdtYWtlIGFuZCBuYXNtLiBZb3Un bGwgd2FudCB0byBiZSBvbiB0aGUNCj4gc2hhd24ud2ViYi9ic2QvbWFpbiBicmFuY2guDQo+ IA0KPiBOb3RlIHRoYXQgdGhpcyBjb2RlIGlzIHNpbXBseSBUYXZpcycgb3JpZ2luYWwgUG9D LCBqdXN0IG1vZGlmaWVkDQo+IGVub3VnaCB0byBnZXQgaXQgdG8gYnVpbGQgb24gRnJlZUJT RCBhbmQgT3BlbkJTRC4NCg0KRllJLCB0aGUgYXR0YWNoZWQgcGF0Y2ggc2hvdWxkIHJlZHVj ZSB0aGUgZGlmZiBhbmQgZG8gdGhlIHJpZ2h0IHRoaW5nLg0KDQpKdW5nLXVrIEtpbQ0K --------------IXixE9p0nM2035CBUOUnZHre Content-Type: text/x-patch; charset=UTF-8; name="zenbleed.diff" Content-Disposition: attachment; filename="zenbleed.diff" Content-Transfer-Encoding: base64 ZGlmZiAtLWdpdCBhL01ha2VmaWxlIGIvTWFrZWZpbGUKaW5kZXggN2I5NjlkNC4uYWM3MjIx MyAxMDA2NDQKLS0tIGEvTWFrZWZpbGUKKysrIGIvTWFrZWZpbGUKQEAgLTMsOSArMyw2IEBA IENGTEFHUz0tTzAgLWdnZGIzIC1tYXJjaD16bnZlcjIKIExERkxBR1M9LXB0aHJlYWQgLVds LC16LG5vZXhlY3N0YWNrCiBORkxBR1M9CiAKLU5DUFVTIT0Jc3lzY3RsIC1uIGtlcm4uc21w LmNvcmVzCi1DRkxBR1MrPSAtRE5DUFVTPSQoTkNQVVMpCi0KIC5QSE9OWTogY2xlYW4gZGlz dAogCiBhbGw6IHplbmJsZWVkCmRpZmYgLS1naXQgYS96ZW5ibGVlZC5jIGIvemVuYmxlZWQu YwppbmRleCBkMzQxYjIzLi45MzU5ZTNiIDEwMDY0NAotLS0gYS96ZW5ibGVlZC5jCisrKyBi L3plbmJsZWVkLmMKQEAgLTMyMywxMyArMzIzLDcgQEAgaW50IG1haW4oaW50IGFyZ2MsIGNo YXIgKiphcmd2KSB7CiAgICAgfQogCiAgICAgLy8gV2Ugc3Bhd24gYSB0aHJlYWQgb24gZXZl cnkgZXZhaWxhYmxlIGNvcmUgYW5kIHN0YXJ0IGxlYWtpbmcgdG8gc2VlIHdoYXQgd2UgZ2V0 LgotI2lmZGVmIF9fQlNEX05PVFlFVAotICAgIG5jcHVzICAgPSBnZXRfbnByb2NzKCk7Ci0j ZWxpZiBkZWZpbmVkKE5DUFVTKQotICAgIG5jcHVzID0gTkNQVVM7Ci0jZWxzZQotICAgIG5j cHVzID0gNDsKLSNlbmRpZgorICAgIG5jcHVzID0gc3lzY29uZihfU0NfTlBST0NFU1NPUlNf T05MTik7CiAgICAgdGhyZWFkX2FyZ190KiBhcmdzID0gY2FsbG9jKHNpemVvZih0aHJlYWRf YXJnX3QpLCBuY3B1cyk7CiAgICAgdGhyZWFkcyA9IGNhbGxvYyhzaXplb2YocHRocmVhZF90 KSwgbmNwdXMpOwogCg== --------------IXixE9p0nM2035CBUOUnZHre-- --------------Qx3Ol89HhokbgVUT5jZNw7Pv-- --------------jRUr9LmKtt1qpK4F0vCco0PY Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEl1bqgKaRyqfWXu/CfJ+WJvzb8UYFAmTCltEFAwAAAAAACgkQfJ+WJvzb8Uah FQf+LP0WDwmaI2H8KujTSMFtlxNLVJznrk/646AzC2GJRtWW8Y1cESV2X/7LS35HFP6YqqQUWIQg mQg7haElbhM/iNOI5bfRdUVoj1GDpaYu0s5ugDjxXXCqJXuXSInknYTzuDxMAXQmm/O8gFQUT0Yp zxTSnjsIRpZweuCn2GTU29+yJwHJXzntDltTYRj7Q2B3fOhe2J4y/mNMuNsgawAqrQDLFn4yK/oz 9jM7DaZwKVISoCnvYjWOwXa/qfU8YnItcFoKde6RTexS99qHUnfwJGiu6qyXV7z9la+pqES6ccjk Dcb7DW4UEgDpQUQYrAAUrJ/Z4Z19tVALj4n/ANhOPw== =+h/k -----END PGP SIGNATURE----- --------------jRUr9LmKtt1qpK4F0vCco0PY-- From nobody Thu Jul 27 17:36:58 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RBdHZ4g1wz4pr0N for ; Thu, 27 Jul 2023 17:36:58 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RBdHZ4DG8z3k5L; Thu, 27 Jul 2023 17:36:58 +0000 (UTC) (envelope-from jkim@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690479418; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=PkXpHOI4+G+BxV2HA4fWwEPP0tiGvuQz7ohDqPieemw=; b=nH9Y6TqGZvrx0DBspTBNCwA67ztcCOqe/pEmsjgxWj/OO/pmCaE7uz77bANAyXmLhUfRVD KUgp+bcLxgObEbu0cJKV+Fhn+cUQulYe1hXBs73IzaD9uThKOUSq382DcrQnYmFkcPtixI f78bLmK0Ypt/AxcrRp4mr0y22pOeku8a3OEaDV0Ghe/yFf3IanX8AZeQoFuCuSWKrZOvMj Bm7nBXETAGCQSvl0Q+KLp8FaEGKw8hZhyEkUScSDAUdQQMVvs/QRCknVVSAPq2n5zPR2vl AnLdvWvEsy3HZf1+HpYyKhiiPvp/otz+7mfNzuN7CKY6zzYEdj0huynwocKMFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690479418; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=PkXpHOI4+G+BxV2HA4fWwEPP0tiGvuQz7ohDqPieemw=; b=xbOGC/Hqu0ASiyuJCBIt0GE836xSZrcgFBtBbn1jbM4GSCBTuHupSLBqC2Nt3IvWo4n1P1 Pe6UevxFVYza4kBbyo+N29UJrCqcfqwBNYtrCMzBbzFBQ5zxYdVTHiyjAX9nWKKi8kNagV /gsnrfjzc7wbrIK9AitWvLTXVjq+Sc5j2uDGj7FW1HR07X78SGzyFBmbT2DZHynM52L5PZ +Epq/1K1dW0Xjq7bEQ17k246lMUtyT0hQ40KQE+bK7Db4/K/US/Dk65O8s4zioTEAZaj6F 79HW1Jyq5y2gdDNCllyG4Ng0OgJMpo/DrYvJOV9gaQUkVwpbiaG7wRUhJYlCqA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1690479418; a=rsa-sha256; cv=none; b=UrGlMuxs6KxvqR0DFxffRfEW7Zc2aDE+h+Q5H5zs99PHpuSxrLc6JuFQ1m4KB49rdrKuZN 38B8ondMOhxzvcOFvd2nDCZKkEha0TF/wrR07jeJIBX91DAMOuZcLqDQu78i+0tKEoHse0 xnCsp1butGpPl/J4VDsEAjND6pPIMFDHa7/IxVyeDaxeozmzNczACsGvtGxTSArnxkjtkq Q6ynv7il8k8v+PtK6c8BAU+NhAhmpANuTb5n45hSi8aI+EXexq55Yz0q3QzlqJV/JIS6So EMTSvH+d6Gc4doGWGyALDcg0vfan1224+0wtd/Quk1tlas2VD6CXf4omR3/KqA== Received: from freefall.freebsd.org (pool-108-53-224-100.nwrknj.fios.verizon.net [108.53.224.100]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: jkim/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4RBdHZ2pbSzgj3; Thu, 27 Jul 2023 17:36:58 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Message-ID: Date: Thu, 27 Jul 2023 13:36:58 -0400 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.13.1 Content-Language: en-US To: mike tancsa , Shawn Webb , 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> From: Jung-uk Kim Organization: FreeBSD.org Subject: Re: Zenbleed In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------rGysF90c0XgBZ0501h40ppNJ" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------rGysF90c0XgBZ0501h40ppNJ Content-Type: multipart/mixed; boundary="------------ZZdUyXOgTUPe0cWstjJaWfB5"; protected-headers="v1" From: Jung-uk Kim To: mike tancsa , Shawn Webb , 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" Message-ID: Subject: Re: Zenbleed References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> In-Reply-To: --------------ZZdUyXOgTUPe0cWstjJaWfB5 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 T24gMjMuIDcuIDI3LiwgbWlrZSB0YW5jc2Egd3JvdGU6DQo+IE9uIDcvMjYvMjAyMyA1OjQ2 IFBNLCBTaGF3biBXZWJiIHdyb3RlOg0KPj4gT24gV2VkLCBKdWwgMjYsIDIwMjMgYXQgMDg6 MzQ6NTZQTSArMDAwMCwgMHgxZWVmIHdyb3RlOg0KPj4+IEhlbGxvLA0KPj4+DQo+Pj4gSSB3 YXMgY3VyaW91cyBpZiB0aGVyZSBhcmUgcGxhbnMgdG8gYXBwbHkgdGhlICJjaGlja2VuIGJp dCINCj4+PiB3b3JrYXJvdW5kIGZvciB0aGUgUnl6ZW4gbGluZSBvZiBwcm9jZXNzb3JzLiBB IGZpcm13YXJlDQo+Pj4gdXBkYXRlIGlzIG5vdCBzY2hlZHVsZWQgdG8gYmUgcmVsZWFzZWQg dW50aWwgTm92IG9yIERlYw0KPj4+IGF0IHRoZSBlYXJsaWVzdC4gVGhhbmtzLg0KPj4gRm9y IHRob3NlIHRoYXQgd291bGQgbGlrZSB0byB0ZXN0IGlmIHRoZWlyIHN5c3RlbXMgYXJlIGFm ZmVjdGVkLCB0aGlzDQo+PiBwcm9vZi1vZi1jb25jZXB0IHdhcyByZXBvcnRlZCB0byB3b3Jr IG9uIGF0IGxlYXN0IG9uZSBzeXN0ZW06DQo+Pg0KPj4gaHR0cHM6Ly9naXQuaGFyZGVuZWRi c2Qub3JnL3NoYXduLndlYmIvemVuYmxlZWQvLS90cmVlL3NoYXduLndlYmIvYnNkL21haW4N Cj4+DQo+PiBCdWlsZGluZyBpdCBkZXBlbmRzIG9uIGdtYWtlIGFuZCBuYXNtLiBZb3UnbGwg d2FudCB0byBiZSBvbiB0aGUNCj4+IHNoYXduLndlYmIvYnNkL21haW4gYnJhbmNoLg0KPiAN Cj4gVGhhbmtzIGZvciB0aGF0LiBJcyB0aGVyZSBhIHdheSB0byBjb21waWxlIG9uIFJFTEVO R18xMiBvciBpcyBpdCAxMyBvbmx5ID8NCj4gDQo+ICUgZ21ha2UNCj4gY2MgLU8wIC1nZ2Ri MyAtbWFyY2g9em52ZXIywqDCoCAtYyAtbyBwYXR0ZXJuLm8gcGF0dGVybi5jDQo+IHBhdHRl cm4uYzoxNToxMDogZmF0YWwgZXJyb3I6ICdzeXMvc3lzaW5mby5oJyBmaWxlIG5vdCBmb3Vu ZA0KPiAjaW5jbHVkZSA8c3lzL3N5c2luZm8uaD4NCj4gIMKgwqDCoMKgwqDCoMKgwqAgXn5+ fn5+fn5+fn5+fn5+DQo+IDEgZXJyb3IgZ2VuZXJhdGVkLg0KPiBnbWFrZTogKioqIFs8YnVp bHRpbj46IHBhdHRlcm4ub10gRXJyb3IgMQ0KDQpJIGd1ZXNzIHlvdSBjaGVja2VkIG91dCBh IHdyb25nIGJyYW5jaC4gIFBsZWFzZSBzZWUgdGhlIGF0dGFjaGVkIG1pbmltYWwgDQpwYXRj aCBJIG1hZGUgZm9yIEZyZWVCU0QuICBJIHRoaW5rIGl0IHdpbGwgd29yayBvbiBhbnkgc3Vw cG9ydGVkIEZyZWVCU0QgDQpicmFuY2hlcy4gIE5vdGUgdGhlIG9yaWdpbmFsIGV4cGxvaXQg aXMgYXZhaWxhYmxlIGZyb20gaGVyZToNCg0KaHR0cHM6Ly9sb2NrLmNtcHhjaGc4Yi5jb20v ZmlsZXMvemVuYmxlZWQtdjUudGFyLmd6DQoNCkp1bmctdWsgS2ltDQo= --------------ZZdUyXOgTUPe0cWstjJaWfB5-- --------------rGysF90c0XgBZ0501h40ppNJ Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEl1bqgKaRyqfWXu/CfJ+WJvzb8UYFAmTCqzoFAwAAAAAACgkQfJ+WJvzb8Uas kAf+OZdhUHUddARoLPPAIDOiJnRiPywgWt8yB5opJVLZszo44/yO+WGXuLa9v+bzx2SPhpoV2tZG C0+gaJpImfU/VHWFELtEw9+3sbWBDAr3b9fDhaDQplfK2rfvKA2b9VhGHqXfcpa/y1+9gfUDu+fD Bpto4REtyb+DlBRrkZ/dEEpL1YLWw8ZyevYhtXOvyZHC2yhxml7fdcQZ54j9JAGY5kRyQJGaCyBa b67qb0s4f8h0pg16UKv2SH9DSkbMnKzTrkawzCsDxUijnL/Gd3cYuz7otjpFjj2z/QW5BxdX3Fvi xaxueE9lc7TAnAYNq1OCuhxFM8UsRoz/ryqSMhH1eg== =soI0 -----END PGP SIGNATURE----- --------------rGysF90c0XgBZ0501h40ppNJ-- From nobody Thu Jul 27 17:38:09 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RBdK01MMkz4prYZ for ; Thu, 27 Jul 2023 17:38:10 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RBdJx6DL8z3l8f; Thu, 27 Jul 2023 17:38:09 +0000 (UTC) (envelope-from jkim@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690479489; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=eSOvIYB1DqFeWk9eEF+M4CFutipHRRhjt0qy1Kz/tf8=; b=n0m0VLrUBMsAK9MgpYnlww6sdoswzLIIiUoKSNojNlKdunm8DX9novRvfEedm0Z+rFtiax +gEHK5Sc7nBVw9jqdkZizrWb8WqXqmFHZit7GnLfaDx8Hd8zKlz7Pcnymzif9lJAPd/ozx Gj2cDcflBKfX3G7nD6l0QrXHu6vCtqA4CJLuCmaLy0H5mJDvT9TH8X+UkE2LIE+5vahpLb K5JVFbU/vPibc2leOxmsEyJH8qHZgu7ZKFPyV64KPO5AfFYJwWjXNjtx/bbv/X34E1BzRS BzVAoHU+txOyg35Ps6zjUXNEEZasXr0b+9dFh5c/Ierq0ZL/epj0JTgSnLZrqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690479489; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=eSOvIYB1DqFeWk9eEF+M4CFutipHRRhjt0qy1Kz/tf8=; b=ia23lMq2f9pZr6q6Tjoo4G0G8i2HDVkHrNiuaBS7TdROGi92DniD1F920ymNae47IRXOzk oeMgrOP0nYmZxxScu42/Dj6RiwlhkXNJ4s3hM9VV4Tzgy0pTqvVlzemo+C55pK7+JxQBbY NJ558eZaJLWYpgREfWTasyRqIO8369yE+bzACs3sBpkFYUuYfmQw0jsRVSXhqRto9Cfvzr m7r8YMdK58b6z/QFOKx/PEn60H4cJlSB5VgIajhY7HrPeSEFVAE1xEFoIJPfmZMbMXFeR3 nRO3a/+OiT8fTMyuRLc3XhkqwSYXBu/b2mTuVoa31KLXCzmEf/aIx/ykYi2C1A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1690479489; a=rsa-sha256; cv=none; b=TAZvBX8eTKjj6+y5mIVSpZpQaK9aGCNoxhZPiRLrKaOfe9lnjfeM3C/8ws7bxN527foHx4 QlRe2WSYnQif5udzkaWO+KBX72O7CliJIajb44n17QAyyDb+P3/kILJusM65sFO1yN+wEj JINUIbILy1IH1uR/3qJIePLLaQkfYj5njoeciPZXzB09Upvy8zjyQ+17rif01tcmKk7PmH +3clGquqjb3Kx3HknMqt3trySQaDrjaFSXC7xnUEYk7Wq/BenLf+tszaslSMWYA4eZTPZQ HmXySEXaohEyFie6FobAyFvbI516TBysVt+uGPZeiDG4Fmoi4Myq7wvZobHL+g== Received: from freefall.freebsd.org (pool-108-53-224-100.nwrknj.fios.verizon.net [108.53.224.100]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) (Authenticated sender: jkim/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4RBdJx3YgZzgrq; Thu, 27 Jul 2023 17:38:09 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Message-ID: Date: Thu, 27 Jul 2023 13:38:09 -0400 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.13.1 Subject: Re: Zenbleed Content-Language: en-US From: Jung-uk Kim To: mike tancsa , Shawn Webb , 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> Organization: FreeBSD.org In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------3morKbgXGTpjagAj7b10qvS9" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------3morKbgXGTpjagAj7b10qvS9 Content-Type: multipart/mixed; boundary="------------afeJj5BGlcDcsb6Z9ywAKHMV"; protected-headers="v1" From: Jung-uk Kim To: mike tancsa , Shawn Webb , 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" Message-ID: Subject: Re: Zenbleed References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> In-Reply-To: --------------afeJj5BGlcDcsb6Z9ywAKHMV Content-Type: multipart/mixed; boundary="------------op2XDHzBL0FslIs7AzFjVHN0" --------------op2XDHzBL0FslIs7AzFjVHN0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 T24gMjMuIDcuIDI3LiwgSnVuZy11ayBLaW0gd3JvdGU6DQo+IE9uIDIzLiA3LiAyNy4sIG1p a2UgdGFuY3NhIHdyb3RlOg0KPj4gT24gNy8yNi8yMDIzIDU6NDYgUE0sIFNoYXduIFdlYmIg d3JvdGU6DQo+Pj4gT24gV2VkLCBKdWwgMjYsIDIwMjMgYXQgMDg6MzQ6NTZQTSArMDAwMCwg MHgxZWVmIHdyb3RlOg0KPj4+PiBIZWxsbywNCj4+Pj4NCj4+Pj4gSSB3YXMgY3VyaW91cyBp ZiB0aGVyZSBhcmUgcGxhbnMgdG8gYXBwbHkgdGhlICJjaGlja2VuIGJpdCINCj4+Pj4gd29y a2Fyb3VuZCBmb3IgdGhlIFJ5emVuIGxpbmUgb2YgcHJvY2Vzc29ycy4gQSBmaXJtd2FyZQ0K Pj4+PiB1cGRhdGUgaXMgbm90IHNjaGVkdWxlZCB0byBiZSByZWxlYXNlZCB1bnRpbCBOb3Yg b3IgRGVjDQo+Pj4+IGF0IHRoZSBlYXJsaWVzdC4gVGhhbmtzLg0KPj4+IEZvciB0aG9zZSB0 aGF0IHdvdWxkIGxpa2UgdG8gdGVzdCBpZiB0aGVpciBzeXN0ZW1zIGFyZSBhZmZlY3RlZCwg dGhpcw0KPj4+IHByb29mLW9mLWNvbmNlcHQgd2FzIHJlcG9ydGVkIHRvIHdvcmsgb24gYXQg bGVhc3Qgb25lIHN5c3RlbToNCj4+Pg0KPj4+IGh0dHBzOi8vZ2l0LmhhcmRlbmVkYnNkLm9y Zy9zaGF3bi53ZWJiL3plbmJsZWVkLy0vdHJlZS9zaGF3bi53ZWJiL2JzZC9tYWluDQo+Pj4N Cj4+PiBCdWlsZGluZyBpdCBkZXBlbmRzIG9uIGdtYWtlIGFuZCBuYXNtLiBZb3UnbGwgd2Fu dCB0byBiZSBvbiB0aGUNCj4+PiBzaGF3bi53ZWJiL2JzZC9tYWluIGJyYW5jaC4NCj4+DQo+ PiBUaGFua3MgZm9yIHRoYXQuIElzIHRoZXJlIGEgd2F5IHRvIGNvbXBpbGUgb24gUkVMRU5H XzEyIG9yIGlzIGl0IDEzIA0KPj4gb25seSA/DQo+Pg0KPj4gJSBnbWFrZQ0KPj4gY2MgLU8w IC1nZ2RiMyAtbWFyY2g9em52ZXIywqDCoCAtYyAtbyBwYXR0ZXJuLm8gcGF0dGVybi5jDQo+ PiBwYXR0ZXJuLmM6MTU6MTA6IGZhdGFsIGVycm9yOiAnc3lzL3N5c2luZm8uaCcgZmlsZSBu b3QgZm91bmQNCj4+ICNpbmNsdWRlIDxzeXMvc3lzaW5mby5oPg0KPj4gwqDCoMKgwqDCoMKg wqDCoMKgIF5+fn5+fn5+fn5+fn5+fg0KPj4gMSBlcnJvciBnZW5lcmF0ZWQuDQo+PiBnbWFr ZTogKioqIFs8YnVpbHRpbj46IHBhdHRlcm4ub10gRXJyb3IgMQ0KPiANCj4gSSBndWVzcyB5 b3UgY2hlY2tlZCBvdXQgYSB3cm9uZyBicmFuY2guwqAgUGxlYXNlIHNlZSB0aGUgYXR0YWNo ZWQgbWluaW1hbCANCj4gcGF0Y2ggSSBtYWRlIGZvciBGcmVlQlNELsKgIEkgdGhpbmsgaXQg d2lsbCB3b3JrIG9uIGFueSBzdXBwb3J0ZWQgRnJlZUJTRCANCj4gYnJhbmNoZXMuwqAgTm90 ZSB0aGUgb3JpZ2luYWwgZXhwbG9pdCBpcyBhdmFpbGFibGUgZnJvbSBoZXJlOg0KPiANCj4g aHR0cHM6Ly9sb2NrLmNtcHhjaGc4Yi5jb20vZmlsZXMvemVuYmxlZWQtdjUudGFyLmd6DQoN CldpdGggdGhlIGZvcmdvdHRlbiBhdHRhY2htZW50Lg0KDQpKdW5nLXVrIEtpbQ0K --------------op2XDHzBL0FslIs7AzFjVHN0 Content-Type: text/x-patch; charset=UTF-8; name="zenbleed.diff" Content-Disposition: attachment; filename="zenbleed.diff" Content-Transfer-Encoding: base64 LS0tIHplbmJsZWVkL3BhdHRlcm4uYy5vcmlnCTIwMjMtMDctMjMgMTA6NDU6MzIuMDAwMDAw MDAwIC0wNDAwCisrKyB6ZW5ibGVlZC9wYXR0ZXJuLmMJMjAyMy0wNy0yNyAxMjoyNjoyOC4z MjQzNDYwMDAgLTA0MDAKQEAgLTYsMTMgKzYsMTQgQEAKICNpbmNsdWRlIDxzdGRib29sLmg+ CiAjaW5jbHVkZSA8eDg2aW50cmluLmg+CiAjaW5jbHVkZSA8c2NoZWQuaD4KKyNpZmRlZiBf X2xpbnV4X18KICNpbmNsdWRlIDxzeXNjYWxsLmg+CisjZW5kaWYKICNpbmNsdWRlIDxlcnIu aD4KICNpbmNsdWRlIDxwdGhyZWFkLmg+CiAjaW5jbHVkZSA8YXNzZXJ0Lmg+CiAjaW5jbHVk ZSA8Y3R5cGUuaD4KICNpbmNsdWRlIDxzaWduYWwuaD4KLSNpbmNsdWRlIDxzeXMvc3lzaW5m by5oPgogCiAjaW5jbHVkZSAiemVuYmxlZWQuaCIKIApAQCAtODIsNyArODMsNyBAQCB2b2lk ICogcGF0dGVybl9sZWFrX2NvbnN1bWVyKHZvaWQgKnBhcmFtKQogICAgICAgICAgICAgfQog ICAgICAgICB9CiAKLSAgICAgICAgZnByaW50ZihzdGRvdXQsICIlLipzIiwgbWF0Y2hsZW4s IG1hdGNocHRyKTsKKyAgICAgICAgZnByaW50ZihzdGRvdXQsICIlLipzIiwgKGludCltYXRj aGxlbiwgbWF0Y2hwdHIpOwogCiAgICAgICAgIC8vIElmIHRoZSBtYXRjaCBpcyBiaWdnZXIg dGhhbiBvdXIgcGF0dGVybiBzaXplLCB3ZSBza2lwIHRvIHRoZSBlbmQgb2YgaXQuCiAgICAg ICAgIGlmIChtYXRjaGxlbiA+IHBhdGxlbikgewotLS0gemVuYmxlZWQvdXRpbC5jLm9yaWcJ MjAyMy0wNy0yMyAxMDo0NTozMi4wMDAwMDAwMDAgLTA0MDAKKysrIHplbmJsZWVkL3V0aWwu YwkyMDIzLTA3LTI3IDEzOjI2OjA5LjUwOTU4ODAwMCAtMDQwMApAQCAtNDYsNiArNDYsOSBA QCBib29sIG51bV9pbnJhbmdlKGNoYXIgKnJhbmdlLCBpbnQgbnVtKQogYm9vbCBudW1faW5y YW5nZShjaGFyICpyYW5nZSwgaW50IG51bSkKIHsKICAgICBjaGFyICpyLCAqcywgKmU7Cisj aWZuZGVmIF9fbGludXhfXworICAgIHNpemVfdCBsZW47CisjZW5kaWYKIAogICAgIC8vIEV4 YW1wbGU6CiAgICAgLy8gMSwyLDMsNC04LDIKQEAgLTUzLDcgKzU2LDE0IEBAIGJvb2wgbnVt X2lucmFuZ2UoY2hhciAqcmFuZ2UsIGludCBudW0pCiAgICAgaWYgKHJhbmdlID09IE5VTEwp CiAgICAgICAgIHJldHVybiBmYWxzZTsKIAotICAgIHMgPSBzdHJ0b2tfcihzdHJkdXBhKHJh bmdlKSwgIiwiLCAmcik7CisjaWZuZGVmIF9fbGludXhfXworICAgIGxlbiA9IHN0cmxlbihy YW5nZSkgKyAxOworICAgIHMgPSBhbGxvY2EobGVuKTsKKyAgICBtZW1jcHkocywgcmFuZ2Us IGxlbik7CisjZWxzZQorICAgIHMgPSBzdHJkdXBhKHJhbmdlKTsKKyNlbmRpZgorICAgIHMg PSBzdHJ0b2tfcihzLCAiLCIsICZyKTsKIAogICAgIHdoaWxlIChzKSB7CiAgICAgICAgIGlu dCBzdGFydDsKLS0tIHplbmJsZWVkL3plbmJsZWVkLmMub3JpZwkyMDIzLTA3LTIzIDEwOjQ1 OjMyLjAwMDAwMDAwMCAtMDQwMAorKysgemVuYmxlZWQvemVuYmxlZWQuYwkyMDIzLTA3LTI3 IDEzOjA3OjI3LjUwMjc4MDAwMCAtMDQwMApAQCAtNiwxMyArNiwxNiBAQAogI2luY2x1ZGUg PHN0ZGJvb2wuaD4KICNpbmNsdWRlIDx4ODZpbnRyaW4uaD4KICNpbmNsdWRlIDxzY2hlZC5o PgorI2lmZGVmIF9fRnJlZUJTRF9fCisjaW5jbHVkZSA8cHRocmVhZF9ucC5oPgorI2Vsc2UK ICNpbmNsdWRlIDxzeXNjYWxsLmg+CisjZW5kaWYKICNpbmNsdWRlIDxlcnIuaD4KICNpbmNs dWRlIDxwdGhyZWFkLmg+CiAjaW5jbHVkZSA8YXNzZXJ0Lmg+CiAjaW5jbHVkZSA8Y3R5cGUu aD4KICNpbmNsdWRlIDxzaWduYWwuaD4KLSNpbmNsdWRlIDxzeXMvc3lzaW5mby5oPgogCiAj aW5jbHVkZSAiemVuYmxlZWQuaCIKIApAQCAtMjk4LDcgKzMwMSw3IEBAIGludCBtYWluKGlu dCBhcmdjLCBjaGFyICoqYXJndikgewogICAgIH0KIAogICAgIC8vIFdlIHNwYXduIGEgdGhy ZWFkIG9uIGV2ZXJ5IGV2YWlsYWJsZSBjb3JlIGFuZCBzdGFydCBsZWFraW5nIHRvIHNlZSB3 aGF0IHdlIGdldC4KLSAgICBuY3B1cyAgID0gZ2V0X25wcm9jcygpOworICAgIG5jcHVzID0g c3lzY29uZihfU0NfTlBST0NFU1NPUlNfT05MTik7CiAgICAgdGhyZWFkX2FyZ190KiBhcmdz ID0gY2FsbG9jKHNpemVvZih0aHJlYWRfYXJnX3QpLCBuY3B1cyk7CiAgICAgdGhyZWFkcyA9 IGNhbGxvYyhzaXplb2YocHRocmVhZF90KSwgbmNwdXMpOwogCg== --------------op2XDHzBL0FslIs7AzFjVHN0-- --------------afeJj5BGlcDcsb6Z9ywAKHMV-- --------------3morKbgXGTpjagAj7b10qvS9 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEl1bqgKaRyqfWXu/CfJ+WJvzb8UYFAmTCq4EFAwAAAAAACgkQfJ+WJvzb8UbD dQf+J7TY/G3La8Iz/AQTBdWnF/T4A23TNITomZc1+5kDm6cdac98nRnUqQq2X5sv4lN8GwULIcPy ZTVh2fJG3Ex5IqOG5PWSpiXqRL59q3bvg2PU8z+s7b5DbTEZlC5XPGwlCq/hiWvDvX3qdbbK7rg/ w++j3N0/wiD6sCus5RlVohaSkvV8nRbsQCcuaAOlr9Giiys6drstF2B2x6HxdrZ5vT3vb/QqosJK T9tVSUFNOTe06YRsjskfMwl2G4L65ZSHwaaRyAOfm4JkCAGPSnddYOqVMZT+NMIq8Q+6fg23f97e dTcq53aVspLIAQXpuuY8VKXTgM13iksloKlOGgaWhw== =uZde -----END PGP SIGNATURE----- --------------3morKbgXGTpjagAj7b10qvS9-- From nobody Thu Jul 27 17:43:57 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RBdRd30ftz4pt6n for ; Thu, 27 Jul 2023 17:43:57 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [IPv6:2607:f3e0:0:1::12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smarthost1.sentex.ca", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RBdRd2TDXz3nDX; Thu, 27 Jul 2023 17:43:57 +0000 (UTC) (envelope-from mike@sentex.net) Authentication-Results: mx1.freebsd.org; none Received: from pyroxene2a.sentex.ca (pyroxene19.sentex.ca [199.212.134.19]) by smarthost1.sentex.ca (8.17.1/8.16.1) with ESMTPS id 36RHhuiO078217 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=FAIL); Thu, 27 Jul 2023 13:43:56 -0400 (EDT) (envelope-from mike@sentex.net) Received: from [IPV6:2607:f3e0:0:4::29] ([IPv6:2607:f3e0:0:4:0:0:0:29]) by pyroxene2a.sentex.ca (8.16.1/8.15.2) with ESMTPS id 36RHhuNK030446 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Thu, 27 Jul 2023 13:43:56 -0400 (EDT) (envelope-from mike@sentex.net) Message-ID: <5ca207d8-b947-12da-46b2-f83e55fcc98c@sentex.net> Date: Thu, 27 Jul 2023 13:43:57 -0400 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: Zenbleed Content-Language: en-US To: Jung-uk Kim , Shawn Webb , 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> From: mike tancsa In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.84 X-Rspamd-Queue-Id: 4RBdRd2TDXz3nDX X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:11647, ipnet:2607:f3e0::/32, country:CA] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated On 7/27/2023 1:38 PM, Jung-uk Kim wrote: > I guess you checked out a wrong branch.  Please see the attached > minimal patch I made for FreeBSD.  I think it will work on any > supported FreeBSD branches.  Note the original exploit is available > from here: >> >> https://lock.cmpxchg8b.com/files/zenbleed-v5.tar.gz > > With the forgotten attachment. > > Thanks!  A little farther on RELENG_12. I can compile on RELENG_13 ok.  With the patch do I still need to checkout Shawn's repo ? The patch applies cleanly if I dont switch branches % git clone "https://git.hardenedbsd.org/shawn.webb/zenbleed" Cloning into 'zenbleed'... warning: redirecting to https://git.hardenedbsd.org/shawn.webb/zenbleed.git/ remote: Enumerating objects: 23, done. remote: Total 23 (delta 0), reused 0 (delta 0), pack-reused 23 Receiving objects: 100% (23/23), 15.74 KiB | 15.74 MiB/s, done. Resolving deltas: 100% (8/8), done. % cd zenbleed/ % git checkout origin/shawn.webb/bsd/main Note: switching to 'origin/shawn.webb/bsd/main'. You are in 'detached HEAD' state. You can look around, make experimental changes and commit them, and you can discard any commits you make in this state without impacting any branches by switching back to a branch. If you want to create a new branch to retain commits you create, you may do so (now or later) by using -c with the switch command. Example:   git switch -c Or undo this operation with:   git switch - Turn off this advice by setting config variable advice.detachedHead to false HEAD is now at 5f0b69b Import OpenBSD support patch % cat - > p --- zenbleed/pattern.c.orig     2023-07-23 10:45:32.000000000 -0400 +++ zenbleed/pattern.c  2023-07-27 12:26:28.324346000 -0400 @@ -6,13 +6,14 @@  #include  #include  #include +#ifdef __linux__  #include +#endif  #include  #include  #include  #include  #include -#include  #include "zenbleed.h" @@ -82,7 +83,7 @@ void * pattern_leak_consumer(void *param)              }          } -        fprintf(stdout, "%.*s", matchlen, matchptr); +        fprintf(stdout, "%.*s", (int)matchlen, matchptr);          // If the match is bigger than our pattern size, we skip to the end of it.          if (matchlen > patlen) { --- zenbleed/util.c.orig        2023-07-23 10:45:32.000000000 -0400 +++ zenbleed/util.c     2023-07-27 13:26:09.509588000 -0400 @@ -46,6 +46,9 @@ bool num_inrange(char *range, int num)  bool num_inrange(char *range, int num)  {      char *r, *s, *e; +#ifndef __linux__ +    size_t len; +#endif      // Example:      // 1,2,3,4-8,2 @@ -53,7 +56,14 @@ bool num_inrange(char *range, int num)      if (range == NULL)          return false; -    s = strtok_r(strdupa(range), ",", &r); +#ifndef __linux__ +    len = strlen(range) + 1; +    s = alloca(len); +    memcpy(s, range, len); +#else +    s = strdupa(range); +#endif +    s = strtok_r(s, ",", &r);      while (s) {          int start; --- zenbleed/zenbleed.c.orig    2023-07-23 10:45:32.000000000 -0400 +++ zenbleed/zenbleed.c 2023-07-27 13:07:27.502780000 -0400 @@ -6,13 +6,16 @@  #include  #include  #include +#ifdef __FreeBSD__ +#include +#else  #include +#endif  #include  #include  #include  #include  #include -#include  #include "zenbleed.h" @@ -298,7 +301,7 @@ int main(int argc, char **argv) {      }      // We spawn a thread on every evailable core and start leaking to see what we get. -    ncpus   = get_nprocs(); +    ncpus = sysconf(_SC_NPROCESSORS_ONLN);      thread_arg_t* args = calloc(sizeof(thread_arg_t), ncpus);      threads = calloc(sizeof(pthread_t), ncpus); % patch -p1 < p Hmm...  Looks like a unified diff to me... The text leading up to this was: -------------------------- |--- zenbleed/pattern.c.orig    2023-07-23 10:45:32.000000000 -0400 |+++ zenbleed/pattern.c 2023-07-27 12:26:28.324346000 -0400 -------------------------- Patching file pattern.c using Plan A... Hunk #1 failed at 6. Hunk #2 failed at 83. 2 out of 2 hunks failed--saving rejects to pattern.c.rej Hmm...  The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |--- zenbleed/util.c.orig       2023-07-23 10:45:32.000000000 -0400 |+++ zenbleed/util.c    2023-07-27 13:26:09.509588000 -0400 -------------------------- Patching file util.c using Plan A... Hunk #1 failed at 46. Hunk #2 failed at 56. 2 out of 2 hunks failed--saving rejects to util.c.rej Hmm...  The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |--- zenbleed/zenbleed.c.orig   2023-07-23 10:45:32.000000000 -0400 |+++ zenbleed/zenbleed.c        2023-07-27 13:07:27.502780000 -0400 -------------------------- Patching file zenbleed.c using Plan A... Hunk #1 failed at 6. Hunk #2 failed at 301. 2 out of 2 hunks failed--saving rejects to zenbleed.c.rej Hmm...  Ignoring the trailing garbage. done % gmake nasm  -O0 -felf64 -o zenleak.o zenleak.asm cc -O0 -ggdb3 -march=znver2 -DNCPUS=16   -c -o pattern.o pattern.c cc -O0 -ggdb3 -march=znver2 -DNCPUS=16   -c -o workqueue.o workqueue.c cc -O0 -ggdb3 -march=znver2 -DNCPUS=16   -c -o util.o util.c cc -O0 -ggdb3 -march=znver2 -DNCPUS=16  -pthread -Wl,-z,noexecstack  zenbleed.c zenleak.o pattern.o workqueue.o util.o   -o zenbleed zenbleed.c:141:15: warning: implicit declaration of function 'sched_getcpu' is invalid in C99 [-Wimplicit-function-declaration]     int cpu = sched_getcpu();               ^ zenbleed.c:192:15: warning: implicit declaration of function 'sched_getcpu' is invalid in C99 [-Wimplicit-function-declaration]     int cpu = sched_getcpu();               ^ zenbleed.c:218:5: error: unknown type name 'cpu_set_t'; did you mean 'cpuset_t'?     cpu_set_t set;     ^~~~~~~~~     cpuset_t /usr/include/sys/_cpuset.h:50:24: note: 'cpuset_t' declared here typedef struct _cpuset cpuset_t;                        ^ zenbleed.c:226:51: error: use of undeclared identifier 'cpu_set_t'     if (pthread_attr_setaffinity_np(&attr, sizeof(cpu_set_t), &set) != 0)                                                   ^ 2 warnings and 2 errors generated. gmake: *** [: zenbleed] Error 1 % It applies clean if I dont switch branches % git clone "https://git.hardenedbsd.org/shawn.webb/zenbleed" Cloning into 'zenbleed'... warning: redirecting to https://git.hardenedbsd.org/shawn.webb/zenbleed.git/ remote: Enumerating objects: 23, done. remote: Total 23 (delta 0), reused 0 (delta 0), pack-reused 23 Receiving objects: 100% (23/23), 15.74 KiB | 15.74 MiB/s, done. Resolving deltas: 100% (8/8), done. % cd zenbleed/ % cat - > p --- zenbleed/pattern.c.orig     2023-07-23 10:45:32.000000000 -0400 +++ zenbleed/pattern.c  2023-07-27 12:26:28.324346000 -0400 @@ -6,13 +6,14 @@  #include  #include  #include +#ifdef __linux__  #include +#endif  #include  #include  #include  #include  #include -#include  #include "zenbleed.h" @@ -82,7 +83,7 @@ void * pattern_leak_consumer(void *param)              }          } -        fprintf(stdout, "%.*s", matchlen, matchptr); +        fprintf(stdout, "%.*s", (int)matchlen, matchptr);          // If the match is bigger than our pattern size, we skip to the end of it.          if (matchlen > patlen) { --- zenbleed/util.c.orig        2023-07-23 10:45:32.000000000 -0400 +++ zenbleed/util.c     2023-07-27 13:26:09.509588000 -0400 @@ -46,6 +46,9 @@ bool num_inrange(char *range, int num)  bool num_inrange(char *range, int num)  {      char *r, *s, *e; +#ifndef __linux__ +    size_t len; +#endif      // Example:      // 1,2,3,4-8,2 @@ -53,7 +56,14 @@ bool num_inrange(char *range, int num)      if (range == NULL)          return false; -    s = strtok_r(strdupa(range), ",", &r); +#ifndef __linux__ +    len = strlen(range) + 1; +    s = alloca(len); +    memcpy(s, range, len); +#else +    s = strdupa(range); +#endif +    s = strtok_r(s, ",", &r);      while (s) {          int start; --- zenbleed/zenbleed.c.orig    2023-07-23 10:45:32.000000000 -0400 +++ zenbleed/zenbleed.c 2023-07-27 13:07:27.502780000 -0400 @@ -6,13 +6,16 @@  #include  #include  #include +#ifdef __FreeBSD__ +#include +#else  #include +#endif  #include  #include  #include  #include  #include -#include  #include "zenbleed.h" @@ -298,7 +301,7 @@ int main(int argc, char **argv) {      }      // We spawn a thread on every evailable core and start leaking to see what we get. -    ncpus   = get_nprocs(); +    ncpus = sysconf(_SC_NPROCESSORS_ONLN);      thread_arg_t* args = calloc(sizeof(thread_arg_t), ncpus);      threads = calloc(sizeof(pthread_t), ncpus); % patch -p1 < p Hmm...  Looks like a unified diff to me... The text leading up to this was: -------------------------- |--- zenbleed/pattern.c.orig    2023-07-23 10:45:32.000000000 -0400 |+++ zenbleed/pattern.c 2023-07-27 12:26:28.324346000 -0400 -------------------------- Patching file pattern.c using Plan A... Hunk #1 succeeded at 6. Hunk #2 succeeded at 83. Hmm...  The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |--- zenbleed/util.c.orig       2023-07-23 10:45:32.000000000 -0400 |+++ zenbleed/util.c    2023-07-27 13:26:09.509588000 -0400 -------------------------- Patching file util.c using Plan A... Hunk #1 succeeded at 46. Hunk #2 succeeded at 56. Hmm...  The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |--- zenbleed/zenbleed.c.orig   2023-07-23 10:45:32.000000000 -0400 |+++ zenbleed/zenbleed.c        2023-07-27 13:07:27.502780000 -0400 -------------------------- Patching file zenbleed.c using Plan A... Hunk #1 succeeded at 6. Hunk #2 succeeded at 301. done % gmake nasm  -O0 -felf64 -o zenleak.o zenleak.asm cc -O0 -ggdb3 -march=znver2   -c -o pattern.o pattern.c cc -O0 -ggdb3 -march=znver2   -c -o workqueue.o workqueue.c cc -O0 -ggdb3 -march=znver2   -c -o util.o util.c cc -O0 -ggdb3 -march=znver2  -pthread -Wl,-z,noexecstack zenbleed.c zenleak.o pattern.o workqueue.o util.o   -o zenbleed zenbleed.c:140:15: warning: implicit declaration of function 'sched_getcpu' is invalid in C99 [-Wimplicit-function-declaration]     int cpu = sched_getcpu();               ^ zenbleed.c:142:5: error: unknown type name 'cpu_set_t'; did you mean 'cpuset_t'?     cpu_set_t mask;     ^~~~~~~~~     cpuset_t /usr/include/sys/_cpuset.h:50:24: note: 'cpuset_t' declared here typedef struct _cpuset cpuset_t;                        ^ zenbleed.c:182:15: warning: implicit declaration of function 'sched_getcpu' is invalid in C99 [-Wimplicit-function-declaration]     int cpu = sched_getcpu();               ^ zenbleed.c:202:5: error: unknown type name 'cpu_set_t'; did you mean 'cpuset_t'?     cpu_set_t set;     ^~~~~~~~~     cpuset_t /usr/include/sys/_cpuset.h:50:24: note: 'cpuset_t' declared here typedef struct _cpuset cpuset_t;                        ^ zenbleed.c:210:51: error: use of undeclared identifier 'cpu_set_t'     if (pthread_attr_setaffinity_np(&attr, sizeof(cpu_set_t), &set) != 0)                                                   ^ 2 warnings and 3 errors generated. gmake: *** [: zenbleed] Error 1 % From nobody Thu Jul 27 17:48:29 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RBdXx6mfbz4pwq5 for ; Thu, 27 Jul 2023 17:48:33 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-il1-x136.google.com (mail-il1-x136.google.com [IPv6:2607:f8b0:4864:20::136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RBdXx4vWLz3qMc for ; Thu, 27 Jul 2023 17:48:33 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-il1-x136.google.com with SMTP id e9e14a558f8ab-3466725f0beso5201645ab.1 for ; Thu, 27 Jul 2023 10:48:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1690480111; x=1691084911; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=WuVA+EEX/EDtIvgH2yNJYHle/UOzNmYEWfumucDCFgY=; b=K31kf1+LNFBX4COOkBbxsqHqKU/diW749EDDd8CNhEDFrmyRvFm/F9/WlILKtIPjN9 xSHzCO6i9CTJpMKFGEQz0N6Iu8ozZu+KJYFQZYuyffArr6NYOCVxAyYia44I9w4Kx1O9 BY8zCvRKhVKQVA+2FmsZ52kC7F+nI9JDMHQLOq81yMy2WS3zH6e3HO5aFY95m9nlt7d/ C1p+oNEso/e/vaswyxXGW4DMjzqKFhpdoyMDwGJ0OS1dBe4qBIm0lJFaReU1pJOrmk8B 6INLxjQbP14v5kBlcvmUHX30n2gpiy1zs5yeR6jc8vhJS5xwlqglFa9c738iw/O5RR3L bDRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690480111; x=1691084911; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=WuVA+EEX/EDtIvgH2yNJYHle/UOzNmYEWfumucDCFgY=; b=F7aixaskPEBuP9UTAPi9y1CXQA/gqgvx62pVZLSX+3Ycugo3bZrNbyC9ycNz+v4MdL elxteF+Kfx9wpCcRxI2IpqfH6L3Dx+jgUqegUyXADSQ/8EYrc+iK+lczPwWc6PUG49yZ +/Xphn9bN5+ZZF6xZBzu08Z6mfaqrJ9eHfZ/jAZtwZ1hW+HKN9pFl+E2yhWIjgzFyVK2 oxEPm8p6vRbgLlGBsYo4Mq5e4Yyk8xKx3cTHCoIuEw1s7JCxj+Dq4ziNKZR+OUmzJmQF RfCbdS7vdVkTv/f/Rm8wsMxef6CqDKKQIw+csi44CiovZ8cVeCTEDdPPRz5Vkd4OoruO VQUg== X-Gm-Message-State: ABy/qLbFkTeTSkABiGJxd+JD9PTE0VercC7DV/AjqTWCayLgiGeEZ4jA PbJpj0JDC5ex5/KbvHjvp5+5tA== X-Google-Smtp-Source: APBJJlGkQ+2yrHpb7zfaxVWeXYf7d2c5ljLkqNBf1jVIZsKHZ0Ixs8Ktav13WNDLloC2pDXRKx7Cfw== X-Received: by 2002:a05:6e02:e14:b0:348:d654:7ff6 with SMTP id a20-20020a056e020e1400b00348d6547ff6mr145972ilk.4.1690480111063; Thu, 27 Jul 2023 10:48:31 -0700 (PDT) Received: from mutt-hbsd ([98.38.198.52]) by smtp.gmail.com with ESMTPSA id t10-20020a92c0ca000000b0033e23a5c730sm604893ilf.88.2023.07.27.10.48.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Jul 2023 10:48:30 -0700 (PDT) Date: Thu, 27 Jul 2023 13:48:29 -0400 From: Shawn Webb To: Jung-uk Kim Cc: mike tancsa , 0x1eef <0x1eef@protonmail.com>, "freebsd-security@freebsd.org" Subject: Re: Zenbleed Message-ID: <20230727174829.les2d7wvabekkiu7@mutt-hbsd> X-Operating-System: FreeBSD mutt-hbsd 14.0-CURRENT-HBSD FreeBSD 14.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="y5m4gu5y7rxwb2ja" Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 4RBdXx4vWLz3qMc X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated --y5m4gu5y7rxwb2ja Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 27, 2023 at 01:38:09PM -0400, Jung-uk Kim wrote: > On 23. 7. 27., Jung-uk Kim wrote: > > On 23. 7. 27., mike tancsa wrote: > > > On 7/26/2023 5:46 PM, Shawn Webb wrote: > > > > On Wed, Jul 26, 2023 at 08:34:56PM +0000, 0x1eef wrote: > > > > > Hello, > > > > >=20 > > > > > I was curious if there are plans to apply the "chicken bit" > > > > > workaround for the Ryzen line of processors. A firmware > > > > > update is not scheduled to be released until Nov or Dec > > > > > at the earliest. Thanks. > > > > For those that would like to test if their systems are affected, th= is > > > > proof-of-concept was reported to work on at least one system: > > > >=20 > > > > https://git.hardenedbsd.org/shawn.webb/zenbleed/-/tree/shawn.webb/b= sd/main > > > >=20 > > > > Building it depends on gmake and nasm. You'll want to be on the > > > > shawn.webb/bsd/main branch. > > >=20 > > > Thanks for that. Is there a way to compile on RELENG_12 or is it 13 > > > only ? > > >=20 > > > % gmake > > > cc -O0 -ggdb3 -march=3Dznver2=A0=A0 -c -o pattern.o pattern.c > > > pattern.c:15:10: fatal error: 'sys/sysinfo.h' file not found > > > #include > > > =A0=A0=A0=A0=A0=A0=A0=A0=A0 ^~~~~~~~~~~~~~~ > > > 1 error generated. > > > gmake: *** [: pattern.o] Error 1 > >=20 > > I guess you checked out a wrong branch.=A0 Please see the attached mini= mal > > patch I made for FreeBSD.=A0 I think it will work on any supported Free= BSD > > branches.=A0 Note the original exploit is available from here: > >=20 > > https://lock.cmpxchg8b.com/files/zenbleed-v5.tar.gz Awesome! Thanks! I'll incorporate that patch later today. Thanks again, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --y5m4gu5y7rxwb2ja Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmTCrecACgkQ/y5nonf4 4fo7xQ/+ISDEwYlLwCxxI2RHiu5zMomZf0s+KHe5gKEl93SRoWT6tiTTPt8baBfE 8tFnxbBZpUQBxQ7nbBz0gvd+k1PmypmAyCSES+eRtKocpn1GVxmE1aiPAUsz6DfN CN/ledV5vhm/Svca6plf2JRruAToXKLV77GmlRnWsmiqInOT4LgM0fP8XuaJHm4k QIBwHtXz1Ajp0J+iHqE2CtmGZZBDOeondpqt6xYxkNzuKbIH/U/JTN77SO1iXZ/1 kfsg+TkFKtK2DIT9ahgynygqdIsD7t1dGXnwOgb5LuTbEZ3XTVenw84EcOZNmx62 Rhwjym0Fb+i+jGIMl4r2/9m0Zb23jS8zZzfd1RKi+tdWz99FZPvpExVKw0am+1hV Sv4w9oUaP3nuoijTMBPirapR/SRWbpkTCyXCW0+hAwlkGHAdJNpXipamQhzxQnLf BYgXjdWKOxD/CwP/+UmRKTZ0RRqBBxVaHG3obmaSEmHG7/427qrNcS2S4+Me5QRy 1wv5cU2fuOMPkVy8ch+Vj3vKSKeHN07Xm2ecVOC2FEQct+ZAzuKEqaQTy9hEvtZa XMJRfJz0acpxVigRch3qA21/stUOrKFF+Fb/GvYkba59M5gKzurYmPEYHz9fyFZK rxyRPppulKzcAjlWdCaipuGXqawko45qi8cptWOqOJ/bwwwvC0A= =gmwQ -----END PGP SIGNATURE----- --y5m4gu5y7rxwb2ja-- From nobody Thu Jul 27 17:49:44 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RBdZK5sx4z4pxLX for ; Thu, 27 Jul 2023 17:49:45 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RBdZK3ZfBz3rpp; Thu, 27 Jul 2023 17:49:45 +0000 (UTC) (envelope-from jkim@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690480185; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=naeFamEh27dNqr/WrXiBeYpcE49qg2C9Alfwr/FfZqA=; b=q+n/Og34GnGjlGqeaD0WrUwNy/eOVJJmE1pKyL8LNj/dSyhpKKNT94aKEdSoKWB97QcyrZ 83BuQGrz+wnwhXaiDhrV3+4pugiIdJmVBTPcmrb/wkXxXnH/aRCuArUYL75cV0YeqKrEpN QRBbox7eDbTAkzJEshKnKIxO5N7TgVen/UXisxosoibrHb9nDNpwPtJxwx/IM4f8auAcrZ 6eHymZsk5KSM9BnIbTFdRpKScxDa1fdZmjmTBQ0saaHOWgLc3Z397iDV6wLNRxt7ODMnSW ao20/haT0etXox3ol6NQqykr9PN/AfaNk921sdDzctmbDc4eLFqIsttoRosjfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690480185; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=naeFamEh27dNqr/WrXiBeYpcE49qg2C9Alfwr/FfZqA=; b=uXqzKiqKEyynxNW4Gmu9OZCi33JKII6DbTI7qlyN1/ZwWIazVZr64ZRt8iYOS4czIPwPWe TXSAhdQycNd29g2Il0QY1jrS5n+50FaMQUrBNEEmwSZB7wiQSFrspkoIJD+ha2NeO3xujX aEmh9NrEGVHKOcjP6KMGT0Z/As7zxYpQwSAvDMCHjM/IZr2TXURG7GVcIOvYAnaJ/Y71xJ YFs8Xr1Sn+oEkG6xnsXygtVmnzU3QfjYsFmuHzK+jsiqgAii+UpH8Sx2E/kaf+AJkb7WjY licGCcI8+zqvfhYwuHpKbu9lFuXVfvcbr2OGDzSzmvDRp9GaEIttLGHwbVomYw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1690480185; a=rsa-sha256; cv=none; b=JZglicUJ0CkXq4jYPSLQXhQj5Vkw5ooa0ZboN1WyKVNY/XlzB3uEfTbUeEZyhWEYJaVFWL nZAO+IQaPASlFhmreyE9qLyGlry6W1jqQNmM7v+HZVzKfIuP9YEvj/uTDNHmNkjlNc5xqd 2VJXX6NAFG9q2UDSbnoZqMXL+rpG/1L4MMEt59CL8ZXupxRaf8R5Q4P56sDQrdpdBcJ5pO HF6k+pURnTpiH4hRUvurqi1GIaujAQlU1/LTq5ObUCKURUFor+P/s2HHK8N+GucrDMg5JB 89te9799NtkJLkvasoSG2OqIRDk84ZI2fidmKT5kxf1EnivYEQo6jvgo/Ormeg== Received: from freefall.freebsd.org (pool-108-53-224-100.nwrknj.fios.verizon.net [108.53.224.100]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) (Authenticated sender: jkim/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4RBdZK2BBkzh1P; Thu, 27 Jul 2023 17:49:45 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Message-ID: <7002aba7-867f-7b2f-60d3-429aa571fc56@FreeBSD.org> Date: Thu, 27 Jul 2023 13:49:44 -0400 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.13.1 Subject: Re: Zenbleed Content-Language: en-US To: mike tancsa , Shawn Webb , 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> <5ca207d8-b947-12da-46b2-f83e55fcc98c@sentex.net> From: Jung-uk Kim Organization: FreeBSD.org In-Reply-To: <5ca207d8-b947-12da-46b2-f83e55fcc98c@sentex.net> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------xrG8PTqSCFZ0mws08MrMGoGn" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------xrG8PTqSCFZ0mws08MrMGoGn Content-Type: multipart/mixed; boundary="------------1AciFSGEbso0DymncHXmHqof"; protected-headers="v1" From: Jung-uk Kim To: mike tancsa , Shawn Webb , 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" Message-ID: <7002aba7-867f-7b2f-60d3-429aa571fc56@FreeBSD.org> Subject: Re: Zenbleed References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> <5ca207d8-b947-12da-46b2-f83e55fcc98c@sentex.net> In-Reply-To: <5ca207d8-b947-12da-46b2-f83e55fcc98c@sentex.net> --------------1AciFSGEbso0DymncHXmHqof Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 T24gMjMuIDcuIDI3LiwgbWlrZSB0YW5jc2Egd3JvdGU6DQo+IE9uIDcvMjcvMjAyMyAxOjM4 IFBNLCBKdW5nLXVrIEtpbSB3cm90ZToNCj4+IEkgZ3Vlc3MgeW91IGNoZWNrZWQgb3V0IGEg d3JvbmcgYnJhbmNoLsKgIFBsZWFzZSBzZWUgdGhlIGF0dGFjaGVkIA0KPj4gbWluaW1hbCBw YXRjaCBJIG1hZGUgZm9yIEZyZWVCU0QuwqAgSSB0aGluayBpdCB3aWxsIHdvcmsgb24gYW55 IA0KPj4gc3VwcG9ydGVkIEZyZWVCU0QgYnJhbmNoZXMuwqAgTm90ZSB0aGUgb3JpZ2luYWwg ZXhwbG9pdCBpcyBhdmFpbGFibGUgDQo+PiBmcm9tIGhlcmU6DQo+Pj4NCj4+PiBodHRwczov L2xvY2suY21weGNoZzhiLmNvbS9maWxlcy96ZW5ibGVlZC12NS50YXIuZ3oNCj4+DQo+PiBX aXRoIHRoZSBmb3Jnb3R0ZW4gYXR0YWNobWVudC4NCj4+DQo+Pg0KPiBUaGFua3MhwqAgQSBs aXR0bGUgZmFydGhlciBvbiBSRUxFTkdfMTIuIEkgY2FuIGNvbXBpbGUgb24gUkVMRU5HXzEz IG9rLiANCj4gV2l0aCB0aGUgcGF0Y2ggZG8gSSBzdGlsbCBuZWVkIHRvIGNoZWNrb3V0IFNo YXduJ3MgcmVwbyA/IFRoZSBwYXRjaCANCj4gYXBwbGllcyBjbGVhbmx5IGlmIEkgZG9udCBz d2l0Y2ggYnJhbmNoZXMNCg0KLS0tID44IC0tLSA+OCAtLS0NCg0KTXkgcGF0Y2ggaXMgYWdh aW5zdCBIRUFELCBha2EgdGhlIG9yaWdpbmFsIGV4cGxvaXQgZm9yIExpbnV4Lg0KDQpodHRw czovL2xvY2suY21weGNoZzhiLmNvbS9maWxlcy96ZW5ibGVlZC12NS50YXIuZ3oNCmh0dHBz Oi8vZ2l0aHViLmNvbS9nb29nbGUvc2VjdXJpdHktcmVzZWFyY2gvdHJlZS9tYXN0ZXIvcG9j cy9jcHVzL3plbmJsZWVkDQoNCkp1bmctdWsgS2ltDQo= --------------1AciFSGEbso0DymncHXmHqof-- --------------xrG8PTqSCFZ0mws08MrMGoGn Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEl1bqgKaRyqfWXu/CfJ+WJvzb8UYFAmTCrjgFAwAAAAAACgkQfJ+WJvzb8UbD FQf/XBPEU2fORw7HmLdsk4yvckK4lqyEDQTlaGIcYJ4u1tOh2yaDf0Fdzi/bnA6DvJ9M10eDXUAD BCmLWtPZQMDaF4zvmUKWmtaEEbUSqzmQZltFbfsreUF7jI+ax1Ivn39NbqxLTNUOjVELS7JEqE4s f20+X/lqOFRWmAPP0aWPDbk9NK6qg2laZV/kSS+h6qWsd9vgd9PrtfEeRsF8r1tBRwMUruU8WWzX WuBbVNh2hzeEhAS8nyGibR9ff6VoSJHV0CgXsIaV9F1sS7Fh4yHCUqPdCzdLjn0GXx+6bbBXsgQZ TBZ91pekmM3HIn6IDf5gMA8oHFudrNko35HlVaBqpg== =/W6l -----END PGP SIGNATURE----- --------------xrG8PTqSCFZ0mws08MrMGoGn-- From nobody Thu Jul 27 20:03:42 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RBhXv3G5Yz4pZFm for ; Thu, 27 Jul 2023 20:03:43 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RBhXv30Hzz3KDQ; Thu, 27 Jul 2023 20:03:43 +0000 (UTC) (envelope-from jkim@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690488223; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=G4ouGSCUy6sJMHZ+6bCKSglVh71YSdifPQciv8TbSVQ=; b=sbuVsOzQ6kx8BqRtqMPJdMyEQUYMWfRS52MwHmENqhHCFwzREB8w1o7MANkXbwYe9ZMTOF rJdSk9z45z3w/cKy0U8hvSqRxfYm97yZL20UTQOg3hG3DnH4OKaPCzcFOp9Vf4d8WX0F9T AMLlpt0pmeXEvNjrNcJDTJb0Y6pRvv6WmYq30ZHL6caykA4ezpNYSBg9dLRZmowB+mwnI4 4F+jJMJfB9JIbGmiglqY1YgYrO0e2ZuLnUuB6lO38MbBMvnkxP2c6F9h7CRx1zFpjh1LA0 mA7wzX6Y3FPYltBzMerTirhi9nJ/z7wV5W5/ZVoJlpf2E2du9mM4QIE5x07qpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690488223; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=G4ouGSCUy6sJMHZ+6bCKSglVh71YSdifPQciv8TbSVQ=; b=dILQS5rNrdREPTxf4GrZeMvcZyWagHZuqeOD7k23Uc1sJvjG/ORRV0ieR9Ilj1uvTY5RqT 67s3fItncdIsd2FoY/OvSOaAN18pUs0y+KiuoTXaAKZasBGghjJluaKNQyyJlchvH3Vtoh PPzfqrGPT+37qQMInuQP8ngxxjFdlY9TMF8qNBXnTHF03+B4VUvR904BdfLDRckKpegAQp N87mxXUMxahWgIY0PInKT8wGJxmJA/CdRxzoJwJQuB6oDCjwb7DZWejP5WgxL7eaqZtpJO QHV9ckkFlMbWSMIIeObHxUYUsxrzKoNRJoDfFYe51zGEjBqsi4CePDHPJk79gA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1690488223; a=rsa-sha256; cv=none; b=kUa+ZYkgc9OQSSx1E0PNw9S4Zivg0Ca/rnyIAuWkRrY4WuIBwP55+dqKCYvbgk9rDzwTj1 W2CCTTT/DjZ4Jem1TDCdSHEeRlhFVeKe1mcFW8IA0NCwnbfvTjPUHJUoo7y8XP7k7e1vZ4 DAIsXqmxm5bjO+p3S/HSUgoKVi1zonXhML45Y1kQKxZi20sNk/Cip84DoO1c8cK+i14Iha KSaI2Um5muhxXe0gG8S5rhY8TOrG9b2BXKa4zgr8sNhKKZIV8kbeW+IWaNILj8M9Wmti1J tqpbVFKqBfb4PxsZgRzEYgEuw6Eq7x22z7r/YXkTYXoCCoz2WF5dE0KKHyjogQ== Received: from freefall.freebsd.org (pool-108-53-224-100.nwrknj.fios.verizon.net [108.53.224.100]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: jkim/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4RBhXv1RZ6zkCY; Thu, 27 Jul 2023 20:03:43 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Message-ID: Date: Thu, 27 Jul 2023 16:03:42 -0400 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.13.1 Subject: Re: Zenbleed Content-Language: en-US To: mike tancsa , Shawn Webb , 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> <5ca207d8-b947-12da-46b2-f83e55fcc98c@sentex.net> From: Jung-uk Kim Organization: FreeBSD.org In-Reply-To: <5ca207d8-b947-12da-46b2-f83e55fcc98c@sentex.net> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------IOmoLCQOqukfoEpiJNX4KOwh" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------IOmoLCQOqukfoEpiJNX4KOwh Content-Type: multipart/mixed; boundary="------------0ctuGeG6FEJ2jT8LXulk9zeX"; protected-headers="v1" From: Jung-uk Kim To: mike tancsa , Shawn Webb , 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" Message-ID: Subject: Re: Zenbleed References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> <5ca207d8-b947-12da-46b2-f83e55fcc98c@sentex.net> In-Reply-To: <5ca207d8-b947-12da-46b2-f83e55fcc98c@sentex.net> --------------0ctuGeG6FEJ2jT8LXulk9zeX Content-Type: multipart/mixed; boundary="------------BtTfcwYywa5UtuktUSTAfI52" --------------BtTfcwYywa5UtuktUSTAfI52 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 T24gMjMuIDcuIDI3LiwgbWlrZSB0YW5jc2Egd3JvdGU6DQo+IE9uIDcvMjcvMjAyMyAxOjM4 IFBNLCBKdW5nLXVrIEtpbSB3cm90ZToNCj4+IEkgZ3Vlc3MgeW91IGNoZWNrZWQgb3V0IGEg d3JvbmcgYnJhbmNoLsKgIFBsZWFzZSBzZWUgdGhlIGF0dGFjaGVkIA0KPj4gbWluaW1hbCBw YXRjaCBJIG1hZGUgZm9yIEZyZWVCU0QuwqAgSSB0aGluayBpdCB3aWxsIHdvcmsgb24gYW55 IA0KPj4gc3VwcG9ydGVkIEZyZWVCU0QgYnJhbmNoZXMuwqAgTm90ZSB0aGUgb3JpZ2luYWwg ZXhwbG9pdCBpcyBhdmFpbGFibGUgDQo+PiBmcm9tIGhlcmU6DQo+Pj4NCj4+PiBodHRwczov L2xvY2suY21weGNoZzhiLmNvbS9maWxlcy96ZW5ibGVlZC12NS50YXIuZ3oNCj4+DQo+PiBX aXRoIHRoZSBmb3Jnb3R0ZW4gYXR0YWNobWVudC4NCj4+DQo+Pg0KPiBUaGFua3MhwqAgQSBs aXR0bGUgZmFydGhlciBvbiBSRUxFTkdfMTIuIEkgY2FuIGNvbXBpbGUgb24gUkVMRU5HXzEz IG9rLiANCj4gV2l0aCB0aGUgcGF0Y2ggZG8gSSBzdGlsbCBuZWVkIHRvIGNoZWNrb3V0IFNo YXduJ3MgcmVwbyA/IFRoZSBwYXRjaCANCj4gYXBwbGllcyBjbGVhbmx5IGlmIEkgZG9udCBz d2l0Y2ggYnJhbmNoZXMNCj4gDQo+IA0KPiAlIGdpdCBjbG9uZSAiaHR0cHM6Ly9naXQuaGFy ZGVuZWRic2Qub3JnL3NoYXduLndlYmIvemVuYmxlZWQiDQo+IENsb25pbmcgaW50byAnemVu YmxlZWQnLi4uDQo+IHdhcm5pbmc6IHJlZGlyZWN0aW5nIHRvIA0KPiBodHRwczovL2dpdC5o YXJkZW5lZGJzZC5vcmcvc2hhd24ud2ViYi96ZW5ibGVlZC5naXQvDQo+IHJlbW90ZTogRW51 bWVyYXRpbmcgb2JqZWN0czogMjMsIGRvbmUuDQo+IHJlbW90ZTogVG90YWwgMjMgKGRlbHRh IDApLCByZXVzZWQgMCAoZGVsdGEgMCksIHBhY2stcmV1c2VkIDIzDQo+IFJlY2VpdmluZyBv YmplY3RzOiAxMDAlICgyMy8yMyksIDE1Ljc0IEtpQiB8IDE1Ljc0IE1pQi9zLCBkb25lLg0K PiBSZXNvbHZpbmcgZGVsdGFzOiAxMDAlICg4LzgpLCBkb25lLg0KPiAlIGNkIHplbmJsZWVk Lw0KPiAlIGdpdCBjaGVja291dCBvcmlnaW4vc2hhd24ud2ViYi9ic2QvbWFpbg0KPiBOb3Rl OiBzd2l0Y2hpbmcgdG8gJ29yaWdpbi9zaGF3bi53ZWJiL2JzZC9tYWluJy4NCj4gDQo+IFlv dSBhcmUgaW4gJ2RldGFjaGVkIEhFQUQnIHN0YXRlLiBZb3UgY2FuIGxvb2sgYXJvdW5kLCBt YWtlIGV4cGVyaW1lbnRhbA0KPiBjaGFuZ2VzIGFuZCBjb21taXQgdGhlbSwgYW5kIHlvdSBj YW4gZGlzY2FyZCBhbnkgY29tbWl0cyB5b3UgbWFrZSBpbiB0aGlzDQo+IHN0YXRlIHdpdGhv dXQgaW1wYWN0aW5nIGFueSBicmFuY2hlcyBieSBzd2l0Y2hpbmcgYmFjayB0byBhIGJyYW5j aC4NCj4gDQo+IElmIHlvdSB3YW50IHRvIGNyZWF0ZSBhIG5ldyBicmFuY2ggdG8gcmV0YWlu IGNvbW1pdHMgeW91IGNyZWF0ZSwgeW91IG1heQ0KPiBkbyBzbyAobm93IG9yIGxhdGVyKSBi eSB1c2luZyAtYyB3aXRoIHRoZSBzd2l0Y2ggY29tbWFuZC4gRXhhbXBsZToNCj4gDQo+ICDC oCBnaXQgc3dpdGNoIC1jIDxuZXctYnJhbmNoLW5hbWU+DQo+IA0KPiBPciB1bmRvIHRoaXMg b3BlcmF0aW9uIHdpdGg6DQo+IA0KPiAgwqAgZ2l0IHN3aXRjaCAtDQo+IA0KPiBUdXJuIG9m ZiB0aGlzIGFkdmljZSBieSBzZXR0aW5nIGNvbmZpZyB2YXJpYWJsZSBhZHZpY2UuZGV0YWNo ZWRIZWFkIHRvIA0KPiBmYWxzZQ0KPiANCj4gSEVBRCBpcyBub3cgYXQgNWYwYjY5YiBJbXBv cnQgT3BlbkJTRCBzdXBwb3J0IHBhdGNoDQo+ICUgY2F0IC0gPiBwDQo+IC0tLSB6ZW5ibGVl ZC9wYXR0ZXJuLmMub3JpZ8KgwqDCoMKgIDIwMjMtMDctMjMgMTA6NDU6MzIuMDAwMDAwMDAw IC0wNDAwDQo+ICsrKyB6ZW5ibGVlZC9wYXR0ZXJuLmPCoCAyMDIzLTA3LTI3IDEyOjI2OjI4 LjMyNDM0NjAwMCAtMDQwMA0KPiBAQCAtNiwxMyArNiwxNCBAQA0KPiAgwqAjaW5jbHVkZSA8 c3RkYm9vbC5oPg0KPiAgwqAjaW5jbHVkZSA8eDg2aW50cmluLmg+DQo+ICDCoCNpbmNsdWRl IDxzY2hlZC5oPg0KPiArI2lmZGVmIF9fbGludXhfXw0KPiAgwqAjaW5jbHVkZSA8c3lzY2Fs bC5oPg0KPiArI2VuZGlmDQo+ICDCoCNpbmNsdWRlIDxlcnIuaD4NCj4gIMKgI2luY2x1ZGUg PHB0aHJlYWQuaD4NCj4gIMKgI2luY2x1ZGUgPGFzc2VydC5oPg0KPiAgwqAjaW5jbHVkZSA8 Y3R5cGUuaD4NCj4gIMKgI2luY2x1ZGUgPHNpZ25hbC5oPg0KPiAtI2luY2x1ZGUgPHN5cy9z eXNpbmZvLmg+DQo+IA0KPiAgwqAjaW5jbHVkZSAiemVuYmxlZWQuaCINCj4gDQo+IEBAIC04 Miw3ICs4Myw3IEBAIHZvaWQgKiBwYXR0ZXJuX2xlYWtfY29uc3VtZXIodm9pZCAqcGFyYW0p DQo+ICDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgfQ0KPiAgwqDCoMKgwqDCoMKgwqDCoCB9 DQo+IA0KPiAtwqDCoMKgwqDCoMKgwqAgZnByaW50ZihzdGRvdXQsICIlLipzIiwgbWF0Y2hs ZW4sIG1hdGNocHRyKTsNCj4gK8KgwqDCoMKgwqDCoMKgIGZwcmludGYoc3Rkb3V0LCAiJS4q cyIsIChpbnQpbWF0Y2hsZW4sIG1hdGNocHRyKTsNCj4gDQo+ICDCoMKgwqDCoMKgwqDCoMKg IC8vIElmIHRoZSBtYXRjaCBpcyBiaWdnZXIgdGhhbiBvdXIgcGF0dGVybiBzaXplLCB3ZSBz a2lwIHRvIA0KPiB0aGUgZW5kIG9mIGl0Lg0KPiAgwqDCoMKgwqDCoMKgwqDCoCBpZiAobWF0 Y2hsZW4gPiBwYXRsZW4pIHsNCj4gLS0tIHplbmJsZWVkL3V0aWwuYy5vcmlnwqDCoMKgwqDC oMKgwqAgMjAyMy0wNy0yMyAxMDo0NTozMi4wMDAwMDAwMDAgLTA0MDANCj4gKysrIHplbmJs ZWVkL3V0aWwuY8KgwqDCoMKgIDIwMjMtMDctMjcgMTM6MjY6MDkuNTA5NTg4MDAwIC0wNDAw DQo+IEBAIC00Niw2ICs0Niw5IEBAIGJvb2wgbnVtX2lucmFuZ2UoY2hhciAqcmFuZ2UsIGlu dCBudW0pDQo+ICDCoGJvb2wgbnVtX2lucmFuZ2UoY2hhciAqcmFuZ2UsIGludCBudW0pDQo+ ICDCoHsNCj4gIMKgwqDCoMKgIGNoYXIgKnIsICpzLCAqZTsNCj4gKyNpZm5kZWYgX19saW51 eF9fDQo+ICvCoMKgwqAgc2l6ZV90IGxlbjsNCj4gKyNlbmRpZg0KPiANCj4gIMKgwqDCoMKg IC8vIEV4YW1wbGU6DQo+ICDCoMKgwqDCoCAvLyAxLDIsMyw0LTgsMg0KPiBAQCAtNTMsNyAr NTYsMTQgQEAgYm9vbCBudW1faW5yYW5nZShjaGFyICpyYW5nZSwgaW50IG51bSkNCj4gIMKg wqDCoMKgIGlmIChyYW5nZSA9PSBOVUxMKQ0KPiAgwqDCoMKgwqDCoMKgwqDCoCByZXR1cm4g ZmFsc2U7DQo+IA0KPiAtwqDCoMKgIHMgPSBzdHJ0b2tfcihzdHJkdXBhKHJhbmdlKSwgIiwi LCAmcik7DQo+ICsjaWZuZGVmIF9fbGludXhfXw0KPiArwqDCoMKgIGxlbiA9IHN0cmxlbihy YW5nZSkgKyAxOw0KPiArwqDCoMKgIHMgPSBhbGxvY2EobGVuKTsNCj4gK8KgwqDCoCBtZW1j cHkocywgcmFuZ2UsIGxlbik7DQo+ICsjZWxzZQ0KPiArwqDCoMKgIHMgPSBzdHJkdXBhKHJh bmdlKTsNCj4gKyNlbmRpZg0KPiArwqDCoMKgIHMgPSBzdHJ0b2tfcihzLCAiLCIsICZyKTsN Cj4gDQo+ICDCoMKgwqDCoCB3aGlsZSAocykgew0KPiAgwqDCoMKgwqDCoMKgwqDCoCBpbnQg c3RhcnQ7DQo+IC0tLSB6ZW5ibGVlZC96ZW5ibGVlZC5jLm9yaWfCoMKgwqAgMjAyMy0wNy0y MyAxMDo0NTozMi4wMDAwMDAwMDAgLTA0MDANCj4gKysrIHplbmJsZWVkL3plbmJsZWVkLmMg MjAyMy0wNy0yNyAxMzowNzoyNy41MDI3ODAwMDAgLTA0MDANCj4gQEAgLTYsMTMgKzYsMTYg QEANCj4gIMKgI2luY2x1ZGUgPHN0ZGJvb2wuaD4NCj4gIMKgI2luY2x1ZGUgPHg4NmludHJp bi5oPg0KPiAgwqAjaW5jbHVkZSA8c2NoZWQuaD4NCj4gKyNpZmRlZiBfX0ZyZWVCU0RfXw0K PiArI2luY2x1ZGUgPHB0aHJlYWRfbnAuaD4NCj4gKyNlbHNlDQo+ICDCoCNpbmNsdWRlIDxz eXNjYWxsLmg+DQo+ICsjZW5kaWYNCj4gIMKgI2luY2x1ZGUgPGVyci5oPg0KPiAgwqAjaW5j bHVkZSA8cHRocmVhZC5oPg0KPiAgwqAjaW5jbHVkZSA8YXNzZXJ0Lmg+DQo+ICDCoCNpbmNs dWRlIDxjdHlwZS5oPg0KPiAgwqAjaW5jbHVkZSA8c2lnbmFsLmg+DQo+IC0jaW5jbHVkZSA8 c3lzL3N5c2luZm8uaD4NCj4gDQo+ICDCoCNpbmNsdWRlICJ6ZW5ibGVlZC5oIg0KPiANCj4g QEAgLTI5OCw3ICszMDEsNyBAQCBpbnQgbWFpbihpbnQgYXJnYywgY2hhciAqKmFyZ3YpIHsN Cj4gIMKgwqDCoMKgIH0NCj4gDQo+ICDCoMKgwqDCoCAvLyBXZSBzcGF3biBhIHRocmVhZCBv biBldmVyeSBldmFpbGFibGUgY29yZSBhbmQgc3RhcnQgbGVha2luZyB0byANCj4gc2VlIHdo YXQgd2UgZ2V0Lg0KPiAtwqDCoMKgIG5jcHVzwqDCoCA9IGdldF9ucHJvY3MoKTsNCj4gK8Kg wqDCoCBuY3B1cyA9IHN5c2NvbmYoX1NDX05QUk9DRVNTT1JTX09OTE4pOw0KPiAgwqDCoMKg wqAgdGhyZWFkX2FyZ190KiBhcmdzID0gY2FsbG9jKHNpemVvZih0aHJlYWRfYXJnX3QpLCBu Y3B1cyk7DQo+ICDCoMKgwqDCoCB0aHJlYWRzID0gY2FsbG9jKHNpemVvZihwdGhyZWFkX3Qp LCBuY3B1cyk7DQo+IA0KPiANCj4gJSBwYXRjaCAtcDEgPCBwDQo+IEhtbS4uLsKgIExvb2tz IGxpa2UgYSB1bmlmaWVkIGRpZmYgdG8gbWUuLi4NCj4gVGhlIHRleHQgbGVhZGluZyB1cCB0 byB0aGlzIHdhczoNCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gfC0tLSB6ZW5i bGVlZC9wYXR0ZXJuLmMub3JpZ8KgwqDCoCAyMDIzLTA3LTIzIDEwOjQ1OjMyLjAwMDAwMDAw MCAtMDQwMA0KPiB8KysrIHplbmJsZWVkL3BhdHRlcm4uYyAyMDIzLTA3LTI3IDEyOjI2OjI4 LjMyNDM0NjAwMCAtMDQwMA0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiBQYXRj aGluZyBmaWxlIHBhdHRlcm4uYyB1c2luZyBQbGFuIEEuLi4NCj4gSHVuayAjMSBmYWlsZWQg YXQgNi4NCj4gSHVuayAjMiBmYWlsZWQgYXQgODMuDQo+IDIgb3V0IG9mIDIgaHVua3MgZmFp bGVkLS1zYXZpbmcgcmVqZWN0cyB0byBwYXR0ZXJuLmMucmVqDQo+IEhtbS4uLsKgIFRoZSBu ZXh0IHBhdGNoIGxvb2tzIGxpa2UgYSB1bmlmaWVkIGRpZmYgdG8gbWUuLi4NCj4gVGhlIHRl eHQgbGVhZGluZyB1cCB0byB0aGlzIHdhczoNCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0NCj4gfC0tLSB6ZW5ibGVlZC91dGlsLmMub3JpZ8KgwqDCoMKgwqDCoCAyMDIzLTA3LTIz IDEwOjQ1OjMyLjAwMDAwMDAwMCAtMDQwMA0KPiB8KysrIHplbmJsZWVkL3V0aWwuY8KgwqDC oCAyMDIzLTA3LTI3IDEzOjI2OjA5LjUwOTU4ODAwMCAtMDQwMA0KPiAtLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLQ0KPiBQYXRjaGluZyBmaWxlIHV0aWwuYyB1c2luZyBQbGFuIEEuLi4N Cj4gSHVuayAjMSBmYWlsZWQgYXQgNDYuDQo+IEh1bmsgIzIgZmFpbGVkIGF0IDU2Lg0KPiAy IG91dCBvZiAyIGh1bmtzIGZhaWxlZC0tc2F2aW5nIHJlamVjdHMgdG8gdXRpbC5jLnJlag0K PiBIbW0uLi7CoCBUaGUgbmV4dCBwYXRjaCBsb29rcyBsaWtlIGEgdW5pZmllZCBkaWZmIHRv IG1lLi4uDQo+IFRoZSB0ZXh0IGxlYWRpbmcgdXAgdG8gdGhpcyB3YXM6DQo+IC0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tDQo+IHwtLS0gemVuYmxlZWQvemVuYmxlZWQuYy5vcmlnwqDC oCAyMDIzLTA3LTIzIDEwOjQ1OjMyLjAwMDAwMDAwMCAtMDQwMA0KPiB8KysrIHplbmJsZWVk L3plbmJsZWVkLmPCoMKgwqDCoMKgwqDCoCAyMDIzLTA3LTI3IDEzOjA3OjI3LjUwMjc4MDAw MCAtMDQwMA0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiBQYXRjaGluZyBmaWxl IHplbmJsZWVkLmMgdXNpbmcgUGxhbiBBLi4uDQo+IEh1bmsgIzEgZmFpbGVkIGF0IDYuDQo+ IEh1bmsgIzIgZmFpbGVkIGF0IDMwMS4NCj4gMiBvdXQgb2YgMiBodW5rcyBmYWlsZWQtLXNh dmluZyByZWplY3RzIHRvIHplbmJsZWVkLmMucmVqDQo+IEhtbS4uLsKgIElnbm9yaW5nIHRo ZSB0cmFpbGluZyBnYXJiYWdlLg0KPiBkb25lDQo+ICUgZ21ha2UNCj4gbmFzbcKgIC1PMCAt ZmVsZjY0IC1vIHplbmxlYWsubyB6ZW5sZWFrLmFzbQ0KPiBjYyAtTzAgLWdnZGIzIC1tYXJj aD16bnZlcjIgLUROQ1BVUz0xNsKgwqAgLWMgLW8gcGF0dGVybi5vIHBhdHRlcm4uYw0KPiBj YyAtTzAgLWdnZGIzIC1tYXJjaD16bnZlcjIgLUROQ1BVUz0xNsKgwqAgLWMgLW8gd29ya3F1 ZXVlLm8gd29ya3F1ZXVlLmMNCj4gY2MgLU8wIC1nZ2RiMyAtbWFyY2g9em52ZXIyIC1ETkNQ VVM9MTbCoMKgIC1jIC1vIHV0aWwubyB1dGlsLmMNCj4gY2MgLU8wIC1nZ2RiMyAtbWFyY2g9 em52ZXIyIC1ETkNQVVM9MTbCoCAtcHRocmVhZCAtV2wsLXosbm9leGVjc3RhY2sgDQo+IHpl bmJsZWVkLmMgemVubGVhay5vIHBhdHRlcm4ubyB3b3JrcXVldWUubyB1dGlsLm/CoMKgIC1v IHplbmJsZWVkDQo+IHplbmJsZWVkLmM6MTQxOjE1OiB3YXJuaW5nOiBpbXBsaWNpdCBkZWNs YXJhdGlvbiBvZiBmdW5jdGlvbiANCj4gJ3NjaGVkX2dldGNwdScgaXMgaW52YWxpZCBpbiBD OTkgWy1XaW1wbGljaXQtZnVuY3Rpb24tZGVjbGFyYXRpb25dDQo+ICDCoMKgwqAgaW50IGNw dSA9IHNjaGVkX2dldGNwdSgpOw0KPiAgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgXg0K PiB6ZW5ibGVlZC5jOjE5MjoxNTogd2FybmluZzogaW1wbGljaXQgZGVjbGFyYXRpb24gb2Yg ZnVuY3Rpb24gDQo+ICdzY2hlZF9nZXRjcHUnIGlzIGludmFsaWQgaW4gQzk5IFstV2ltcGxp Y2l0LWZ1bmN0aW9uLWRlY2xhcmF0aW9uXQ0KPiAgwqDCoMKgIGludCBjcHUgPSBzY2hlZF9n ZXRjcHUoKTsNCj4gIMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgIF4NCj4gemVuYmxlZWQu YzoyMTg6NTogZXJyb3I6IHVua25vd24gdHlwZSBuYW1lICdjcHVfc2V0X3QnOyBkaWQgeW91 IG1lYW4gDQo+ICdjcHVzZXRfdCc/DQo+ICDCoMKgwqAgY3B1X3NldF90IHNldDsNCj4gIMKg wqDCoCBefn5+fn5+fn4NCj4gIMKgwqDCoCBjcHVzZXRfdA0KPiAvdXNyL2luY2x1ZGUvc3lz L19jcHVzZXQuaDo1MDoyNDogbm90ZTogJ2NwdXNldF90JyBkZWNsYXJlZCBoZXJlDQo+IHR5 cGVkZWYgc3RydWN0IF9jcHVzZXQgY3B1c2V0X3Q7DQo+ICDCoMKgwqDCoMKgwqDCoMKgwqDC oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoCBeDQo+IHplbmJsZWVkLmM6MjI2OjUxOiBlcnJv cjogdXNlIG9mIHVuZGVjbGFyZWQgaWRlbnRpZmllciAnY3B1X3NldF90Jw0KPiAgwqDCoMKg IGlmIChwdGhyZWFkX2F0dHJfc2V0YWZmaW5pdHlfbnAoJmF0dHIsIHNpemVvZihjcHVfc2V0 X3QpLCAmc2V0KSAhPSAwKQ0KPiAgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC oMKgwqDCoMKgwqAgXg0KPiAyIHdhcm5pbmdzIGFuZCAyIGVycm9ycyBnZW5lcmF0ZWQuDQo+ IGdtYWtlOiAqKiogWzxidWlsdGluPjogemVuYmxlZWRdIEVycm9yIDENCj4gJQ0KPiANCj4g DQo+IEl0IGFwcGxpZXMgY2xlYW4gaWYgSSBkb250IHN3aXRjaCBicmFuY2hlcw0KPiANCj4g JSBnaXQgY2xvbmUgImh0dHBzOi8vZ2l0LmhhcmRlbmVkYnNkLm9yZy9zaGF3bi53ZWJiL3pl bmJsZWVkIg0KPiBDbG9uaW5nIGludG8gJ3plbmJsZWVkJy4uLg0KPiB3YXJuaW5nOiByZWRp cmVjdGluZyB0byANCj4gaHR0cHM6Ly9naXQuaGFyZGVuZWRic2Qub3JnL3NoYXduLndlYmIv emVuYmxlZWQuZ2l0Lw0KPiByZW1vdGU6IEVudW1lcmF0aW5nIG9iamVjdHM6IDIzLCBkb25l Lg0KPiByZW1vdGU6IFRvdGFsIDIzIChkZWx0YSAwKSwgcmV1c2VkIDAgKGRlbHRhIDApLCBw YWNrLXJldXNlZCAyMw0KPiBSZWNlaXZpbmcgb2JqZWN0czogMTAwJSAoMjMvMjMpLCAxNS43 NCBLaUIgfCAxNS43NCBNaUIvcywgZG9uZS4NCj4gUmVzb2x2aW5nIGRlbHRhczogMTAwJSAo OC84KSwgZG9uZS4NCj4gJSBjZCB6ZW5ibGVlZC8NCj4gJSBjYXQgLSA+IHANCj4gLS0tIHpl bmJsZWVkL3BhdHRlcm4uYy5vcmlnwqDCoMKgwqAgMjAyMy0wNy0yMyAxMDo0NTozMi4wMDAw MDAwMDAgLTA0MDANCj4gKysrIHplbmJsZWVkL3BhdHRlcm4uY8KgIDIwMjMtMDctMjcgMTI6 MjY6MjguMzI0MzQ2MDAwIC0wNDAwDQo+IEBAIC02LDEzICs2LDE0IEBADQo+ICDCoCNpbmNs dWRlIDxzdGRib29sLmg+DQo+ICDCoCNpbmNsdWRlIDx4ODZpbnRyaW4uaD4NCj4gIMKgI2lu Y2x1ZGUgPHNjaGVkLmg+DQo+ICsjaWZkZWYgX19saW51eF9fDQo+ICDCoCNpbmNsdWRlIDxz eXNjYWxsLmg+DQo+ICsjZW5kaWYNCj4gIMKgI2luY2x1ZGUgPGVyci5oPg0KPiAgwqAjaW5j bHVkZSA8cHRocmVhZC5oPg0KPiAgwqAjaW5jbHVkZSA8YXNzZXJ0Lmg+DQo+ICDCoCNpbmNs dWRlIDxjdHlwZS5oPg0KPiAgwqAjaW5jbHVkZSA8c2lnbmFsLmg+DQo+IC0jaW5jbHVkZSA8 c3lzL3N5c2luZm8uaD4NCj4gDQo+ICDCoCNpbmNsdWRlICJ6ZW5ibGVlZC5oIg0KPiANCj4g QEAgLTgyLDcgKzgzLDcgQEAgdm9pZCAqIHBhdHRlcm5fbGVha19jb25zdW1lcih2b2lkICpw YXJhbSkNCj4gIMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoCB9DQo+ICDCoMKgwqDCoMKgwqDC oMKgIH0NCj4gDQo+IC3CoMKgwqDCoMKgwqDCoCBmcHJpbnRmKHN0ZG91dCwgIiUuKnMiLCBt YXRjaGxlbiwgbWF0Y2hwdHIpOw0KPiArwqDCoMKgwqDCoMKgwqAgZnByaW50ZihzdGRvdXQs ICIlLipzIiwgKGludCltYXRjaGxlbiwgbWF0Y2hwdHIpOw0KPiANCj4gIMKgwqDCoMKgwqDC oMKgwqAgLy8gSWYgdGhlIG1hdGNoIGlzIGJpZ2dlciB0aGFuIG91ciBwYXR0ZXJuIHNpemUs IHdlIHNraXAgdG8gDQo+IHRoZSBlbmQgb2YgaXQuDQo+ICDCoMKgwqDCoMKgwqDCoMKgIGlm IChtYXRjaGxlbiA+IHBhdGxlbikgew0KPiAtLS0gemVuYmxlZWQvdXRpbC5jLm9yaWfCoMKg wqDCoMKgwqDCoCAyMDIzLTA3LTIzIDEwOjQ1OjMyLjAwMDAwMDAwMCAtMDQwMA0KPiArKysg emVuYmxlZWQvdXRpbC5jwqDCoMKgwqAgMjAyMy0wNy0yNyAxMzoyNjowOS41MDk1ODgwMDAg LTA0MDANCj4gQEAgLTQ2LDYgKzQ2LDkgQEAgYm9vbCBudW1faW5yYW5nZShjaGFyICpyYW5n ZSwgaW50IG51bSkNCj4gIMKgYm9vbCBudW1faW5yYW5nZShjaGFyICpyYW5nZSwgaW50IG51 bSkNCj4gIMKgew0KPiAgwqDCoMKgwqAgY2hhciAqciwgKnMsICplOw0KPiArI2lmbmRlZiBf X2xpbnV4X18NCj4gK8KgwqDCoCBzaXplX3QgbGVuOw0KPiArI2VuZGlmDQo+IA0KPiAgwqDC oMKgwqAgLy8gRXhhbXBsZToNCj4gIMKgwqDCoMKgIC8vIDEsMiwzLDQtOCwyDQo+IEBAIC01 Myw3ICs1NiwxNCBAQCBib29sIG51bV9pbnJhbmdlKGNoYXIgKnJhbmdlLCBpbnQgbnVtKQ0K PiAgwqDCoMKgwqAgaWYgKHJhbmdlID09IE5VTEwpDQo+ICDCoMKgwqDCoMKgwqDCoMKgIHJl dHVybiBmYWxzZTsNCj4gDQo+IC3CoMKgwqAgcyA9IHN0cnRva19yKHN0cmR1cGEocmFuZ2Up LCAiLCIsICZyKTsNCj4gKyNpZm5kZWYgX19saW51eF9fDQo+ICvCoMKgwqAgbGVuID0gc3Ry bGVuKHJhbmdlKSArIDE7DQo+ICvCoMKgwqAgcyA9IGFsbG9jYShsZW4pOw0KPiArwqDCoMKg IG1lbWNweShzLCByYW5nZSwgbGVuKTsNCj4gKyNlbHNlDQo+ICvCoMKgwqAgcyA9IHN0cmR1 cGEocmFuZ2UpOw0KPiArI2VuZGlmDQo+ICvCoMKgwqAgcyA9IHN0cnRva19yKHMsICIsIiwg JnIpOw0KPiANCj4gIMKgwqDCoMKgIHdoaWxlIChzKSB7DQo+ICDCoMKgwqDCoMKgwqDCoMKg IGludCBzdGFydDsNCj4gLS0tIHplbmJsZWVkL3plbmJsZWVkLmMub3JpZ8KgwqDCoCAyMDIz LTA3LTIzIDEwOjQ1OjMyLjAwMDAwMDAwMCAtMDQwMA0KPiArKysgemVuYmxlZWQvemVuYmxl ZWQuYyAyMDIzLTA3LTI3IDEzOjA3OjI3LjUwMjc4MDAwMCAtMDQwMA0KPiBAQCAtNiwxMyAr NiwxNiBAQA0KPiAgwqAjaW5jbHVkZSA8c3RkYm9vbC5oPg0KPiAgwqAjaW5jbHVkZSA8eDg2 aW50cmluLmg+DQo+ICDCoCNpbmNsdWRlIDxzY2hlZC5oPg0KPiArI2lmZGVmIF9fRnJlZUJT RF9fDQo+ICsjaW5jbHVkZSA8cHRocmVhZF9ucC5oPg0KPiArI2Vsc2UNCj4gIMKgI2luY2x1 ZGUgPHN5c2NhbGwuaD4NCj4gKyNlbmRpZg0KPiAgwqAjaW5jbHVkZSA8ZXJyLmg+DQo+ICDC oCNpbmNsdWRlIDxwdGhyZWFkLmg+DQo+ICDCoCNpbmNsdWRlIDxhc3NlcnQuaD4NCj4gIMKg I2luY2x1ZGUgPGN0eXBlLmg+DQo+ICDCoCNpbmNsdWRlIDxzaWduYWwuaD4NCj4gLSNpbmNs dWRlIDxzeXMvc3lzaW5mby5oPg0KPiANCj4gIMKgI2luY2x1ZGUgInplbmJsZWVkLmgiDQo+ IA0KPiBAQCAtMjk4LDcgKzMwMSw3IEBAIGludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJn dikgew0KPiAgwqDCoMKgwqAgfQ0KPiANCj4gIMKgwqDCoMKgIC8vIFdlIHNwYXduIGEgdGhy ZWFkIG9uIGV2ZXJ5IGV2YWlsYWJsZSBjb3JlIGFuZCBzdGFydCBsZWFraW5nIHRvIA0KPiBz ZWUgd2hhdCB3ZSBnZXQuDQo+IC3CoMKgwqAgbmNwdXPCoMKgID0gZ2V0X25wcm9jcygpOw0K PiArwqDCoMKgIG5jcHVzID0gc3lzY29uZihfU0NfTlBST0NFU1NPUlNfT05MTik7DQo+ICDC oMKgwqDCoCB0aHJlYWRfYXJnX3QqIGFyZ3MgPSBjYWxsb2Moc2l6ZW9mKHRocmVhZF9hcmdf dCksIG5jcHVzKTsNCj4gIMKgwqDCoMKgIHRocmVhZHMgPSBjYWxsb2Moc2l6ZW9mKHB0aHJl YWRfdCksIG5jcHVzKTsNCj4gDQo+ICUgcGF0Y2ggLXAxIDwgcA0KPiBIbW0uLi7CoCBMb29r cyBsaWtlIGEgdW5pZmllZCBkaWZmIHRvIG1lLi4uDQo+IFRoZSB0ZXh0IGxlYWRpbmcgdXAg dG8gdGhpcyB3YXM6DQo+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IHwtLS0gemVu YmxlZWQvcGF0dGVybi5jLm9yaWfCoMKgwqAgMjAyMy0wNy0yMyAxMDo0NTozMi4wMDAwMDAw MDAgLTA0MDANCj4gfCsrKyB6ZW5ibGVlZC9wYXR0ZXJuLmMgMjAyMy0wNy0yNyAxMjoyNjoy OC4zMjQzNDYwMDAgLTA0MDANCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gUGF0 Y2hpbmcgZmlsZSBwYXR0ZXJuLmMgdXNpbmcgUGxhbiBBLi4uDQo+IEh1bmsgIzEgc3VjY2Vl ZGVkIGF0IDYuDQo+IEh1bmsgIzIgc3VjY2VlZGVkIGF0IDgzLg0KPiBIbW0uLi7CoCBUaGUg bmV4dCBwYXRjaCBsb29rcyBsaWtlIGEgdW5pZmllZCBkaWZmIHRvIG1lLi4uDQo+IFRoZSB0 ZXh0IGxlYWRpbmcgdXAgdG8gdGhpcyB3YXM6DQo+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tDQo+IHwtLS0gemVuYmxlZWQvdXRpbC5jLm9yaWfCoMKgwqDCoMKgwqAgMjAyMy0wNy0y MyAxMDo0NTozMi4wMDAwMDAwMDAgLTA0MDANCj4gfCsrKyB6ZW5ibGVlZC91dGlsLmPCoMKg wqAgMjAyMy0wNy0yNyAxMzoyNjowOS41MDk1ODgwMDAgLTA0MDANCj4gLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0NCj4gUGF0Y2hpbmcgZmlsZSB1dGlsLmMgdXNpbmcgUGxhbiBBLi4u DQo+IEh1bmsgIzEgc3VjY2VlZGVkIGF0IDQ2Lg0KPiBIdW5rICMyIHN1Y2NlZWRlZCBhdCA1 Ni4NCj4gSG1tLi4uwqAgVGhlIG5leHQgcGF0Y2ggbG9va3MgbGlrZSBhIHVuaWZpZWQgZGlm ZiB0byBtZS4uLg0KPiBUaGUgdGV4dCBsZWFkaW5nIHVwIHRvIHRoaXMgd2FzOg0KPiAtLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiB8LS0tIHplbmJsZWVkL3plbmJsZWVkLmMub3Jp Z8KgwqAgMjAyMy0wNy0yMyAxMDo0NTozMi4wMDAwMDAwMDAgLTA0MDANCj4gfCsrKyB6ZW5i bGVlZC96ZW5ibGVlZC5jwqDCoMKgwqDCoMKgwqAgMjAyMy0wNy0yNyAxMzowNzoyNy41MDI3 ODAwMDAgLTA0MDANCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gUGF0Y2hpbmcg ZmlsZSB6ZW5ibGVlZC5jIHVzaW5nIFBsYW4gQS4uLg0KPiBIdW5rICMxIHN1Y2NlZWRlZCBh dCA2Lg0KPiBIdW5rICMyIHN1Y2NlZWRlZCBhdCAzMDEuDQo+IGRvbmUNCj4gJSBnbWFrZQ0K PiBuYXNtwqAgLU8wIC1mZWxmNjQgLW8gemVubGVhay5vIHplbmxlYWsuYXNtDQo+IGNjIC1P MCAtZ2dkYjMgLW1hcmNoPXpudmVyMsKgwqAgLWMgLW8gcGF0dGVybi5vIHBhdHRlcm4uYw0K PiBjYyAtTzAgLWdnZGIzIC1tYXJjaD16bnZlcjLCoMKgIC1jIC1vIHdvcmtxdWV1ZS5vIHdv cmtxdWV1ZS5jDQo+IGNjIC1PMCAtZ2dkYjMgLW1hcmNoPXpudmVyMsKgwqAgLWMgLW8gdXRp bC5vIHV0aWwuYw0KPiBjYyAtTzAgLWdnZGIzIC1tYXJjaD16bnZlcjLCoCAtcHRocmVhZCAt V2wsLXosbm9leGVjc3RhY2sgemVuYmxlZWQuYyANCj4gemVubGVhay5vIHBhdHRlcm4ubyB3 b3JrcXVldWUubyB1dGlsLm/CoMKgIC1vIHplbmJsZWVkDQo+IHplbmJsZWVkLmM6MTQwOjE1 OiB3YXJuaW5nOiBpbXBsaWNpdCBkZWNsYXJhdGlvbiBvZiBmdW5jdGlvbiANCj4gJ3NjaGVk X2dldGNwdScgaXMgaW52YWxpZCBpbiBDOTkgWy1XaW1wbGljaXQtZnVuY3Rpb24tZGVjbGFy YXRpb25dDQo+ICDCoMKgwqAgaW50IGNwdSA9IHNjaGVkX2dldGNwdSgpOw0KPiAgwqDCoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqAgXg0KPiB6ZW5ibGVlZC5jOjE0Mjo1OiBlcnJvcjogdW5r bm93biB0eXBlIG5hbWUgJ2NwdV9zZXRfdCc7IGRpZCB5b3UgbWVhbiANCj4gJ2NwdXNldF90 Jz8NCj4gIMKgwqDCoCBjcHVfc2V0X3QgbWFzazsNCj4gIMKgwqDCoCBefn5+fn5+fn4NCj4g IMKgwqDCoCBjcHVzZXRfdA0KPiAvdXNyL2luY2x1ZGUvc3lzL19jcHVzZXQuaDo1MDoyNDog bm90ZTogJ2NwdXNldF90JyBkZWNsYXJlZCBoZXJlDQo+IHR5cGVkZWYgc3RydWN0IF9jcHVz ZXQgY3B1c2V0X3Q7DQo+ICDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC oMKgwqDCoCBeDQo+IHplbmJsZWVkLmM6MTgyOjE1OiB3YXJuaW5nOiBpbXBsaWNpdCBkZWNs YXJhdGlvbiBvZiBmdW5jdGlvbiANCj4gJ3NjaGVkX2dldGNwdScgaXMgaW52YWxpZCBpbiBD OTkgWy1XaW1wbGljaXQtZnVuY3Rpb24tZGVjbGFyYXRpb25dDQo+ICDCoMKgwqAgaW50IGNw dSA9IHNjaGVkX2dldGNwdSgpOw0KPiAgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgXg0K PiB6ZW5ibGVlZC5jOjIwMjo1OiBlcnJvcjogdW5rbm93biB0eXBlIG5hbWUgJ2NwdV9zZXRf dCc7IGRpZCB5b3UgbWVhbiANCj4gJ2NwdXNldF90Jz8NCj4gIMKgwqDCoCBjcHVfc2V0X3Qg c2V0Ow0KPiAgwqDCoMKgIF5+fn5+fn5+fg0KPiAgwqDCoMKgIGNwdXNldF90DQo+IC91c3Iv aW5jbHVkZS9zeXMvX2NwdXNldC5oOjUwOjI0OiBub3RlOiAnY3B1c2V0X3QnIGRlY2xhcmVk IGhlcmUNCj4gdHlwZWRlZiBzdHJ1Y3QgX2NwdXNldCBjcHVzZXRfdDsNCj4gIMKgwqDCoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgIF4NCj4gemVuYmxlZWQuYzoy MTA6NTE6IGVycm9yOiB1c2Ugb2YgdW5kZWNsYXJlZCBpZGVudGlmaWVyICdjcHVfc2V0X3Qn DQo+ICDCoMKgwqAgaWYgKHB0aHJlYWRfYXR0cl9zZXRhZmZpbml0eV9ucCgmYXR0ciwgc2l6 ZW9mKGNwdV9zZXRfdCksICZzZXQpICE9IDApDQo+ICDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoCBeDQo+IDIgd2FybmluZ3MgYW5kIDMgZXJyb3JzIGdl bmVyYXRlZC4NCj4gZ21ha2U6ICoqKiBbPGJ1aWx0aW4+OiB6ZW5ibGVlZF0gRXJyb3IgMQ0K PiAlDQoNClBsZWFzZSB0cnkgdGhlIGF0dGFjaGVkIHBhdGNoLiAgSXQgc2hvdWxkIGZpeCB0 aGUgc2NoZWRfZ2V0Y3B1KCkgaXNzdWUuDQoNCkp1bmctdWsgS2ltDQo= --------------BtTfcwYywa5UtuktUSTAfI52 Content-Type: text/x-patch; charset=UTF-8; name="zenbleed.diff" Content-Disposition: attachment; filename="zenbleed.diff" Content-Transfer-Encoding: base64 LS0tIHBhdHRlcm4uYwkyMDIzLTA3LTIzIDEwOjQ1OjMyLjAwMDAwMDAwMCAtMDQwMAorKysg cGF0dGVybi5jCTIwMjMtMDctMjcgMTM6NDQ6MzguMjM4MTU5MDAwIC0wNDAwCkBAIC02LDEz ICs2LDE0IEBACiAjaW5jbHVkZSA8c3RkYm9vbC5oPgogI2luY2x1ZGUgPHg4NmludHJpbi5o PgogI2luY2x1ZGUgPHNjaGVkLmg+CisjaWZkZWYgX19saW51eF9fCiAjaW5jbHVkZSA8c3lz Y2FsbC5oPgorI2VuZGlmCiAjaW5jbHVkZSA8ZXJyLmg+CiAjaW5jbHVkZSA8cHRocmVhZC5o PgogI2luY2x1ZGUgPGFzc2VydC5oPgogI2luY2x1ZGUgPGN0eXBlLmg+CiAjaW5jbHVkZSA8 c2lnbmFsLmg+Ci0jaW5jbHVkZSA8c3lzL3N5c2luZm8uaD4KIAogI2luY2x1ZGUgInplbmJs ZWVkLmgiCiAKQEAgLTgyLDcgKzgzLDcgQEAgdm9pZCAqIHBhdHRlcm5fbGVha19jb25zdW1l cih2b2lkICpwYXJhbSkKICAgICAgICAgICAgIH0KICAgICAgICAgfQogCi0gICAgICAgIGZw cmludGYoc3Rkb3V0LCAiJS4qcyIsIG1hdGNobGVuLCBtYXRjaHB0cik7CisgICAgICAgIGZw cmludGYoc3Rkb3V0LCAiJS4qcyIsIChpbnQpbWF0Y2hsZW4sIG1hdGNocHRyKTsKIAogICAg ICAgICAvLyBJZiB0aGUgbWF0Y2ggaXMgYmlnZ2VyIHRoYW4gb3VyIHBhdHRlcm4gc2l6ZSwg d2Ugc2tpcCB0byB0aGUgZW5kIG9mIGl0LgogICAgICAgICBpZiAobWF0Y2hsZW4gPiBwYXRs ZW4pIHsKLS0tIHV0aWwuYy5vcmlnCTIwMjMtMDctMjMgMTA6NDU6MzIuMDAwMDAwMDAwIC0w NDAwCisrKyB1dGlsLmMJMjAyMy0wNy0yNyAxMzo0NDozOC4yMzgyMzQwMDAgLTA0MDAKQEAg LTQ2LDYgKzQ2LDkgQEAgYm9vbCBudW1faW5yYW5nZShjaGFyICpyYW5nZSwgaW50IG51bSkK IGJvb2wgbnVtX2lucmFuZ2UoY2hhciAqcmFuZ2UsIGludCBudW0pCiB7CiAgICAgY2hhciAq ciwgKnMsICplOworI2lmbmRlZiBfX2xpbnV4X18KKyAgICBzaXplX3QgbGVuOworI2VuZGlm CiAKICAgICAvLyBFeGFtcGxlOgogICAgIC8vIDEsMiwzLDQtOCwyCkBAIC01Myw3ICs1Niwx NCBAQCBib29sIG51bV9pbnJhbmdlKGNoYXIgKnJhbmdlLCBpbnQgbnVtKQogICAgIGlmIChy YW5nZSA9PSBOVUxMKQogICAgICAgICByZXR1cm4gZmFsc2U7CiAKLSAgICBzID0gc3RydG9r X3Ioc3RyZHVwYShyYW5nZSksICIsIiwgJnIpOworI2lmbmRlZiBfX2xpbnV4X18KKyAgICBs ZW4gPSBzdHJsZW4ocmFuZ2UpICsgMTsKKyAgICBzID0gYWxsb2NhKGxlbik7CisgICAgbWVt Y3B5KHMsIHJhbmdlLCBsZW4pOworI2Vsc2UKKyAgICBzID0gc3RyZHVwYShyYW5nZSk7Cisj ZW5kaWYKKyAgICBzID0gc3RydG9rX3IocywgIiwiLCAmcik7CiAKICAgICB3aGlsZSAocykg ewogICAgICAgICBpbnQgc3RhcnQ7Ci0tLSB6ZW5ibGVlZC5jLm9yaWcJMjAyMy0wNy0yMyAx MDo0NTozMi4wMDAwMDAwMDAgLTA0MDAKKysrIHplbmJsZWVkLmMJMjAyMy0wNy0yNyAxNToz MzowMy4xMzE4MjUwMDAgLTA0MDAKQEAgLTYsMTMgKzYsMTcgQEAKICNpbmNsdWRlIDxzdGRi b29sLmg+CiAjaW5jbHVkZSA8eDg2aW50cmluLmg+CiAjaW5jbHVkZSA8c2NoZWQuaD4KKyNp ZmRlZiBfX0ZyZWVCU0RfXworI2luY2x1ZGUgPHN5cy9wYXJhbS5oPgorI2luY2x1ZGUgPHB0 aHJlYWRfbnAuaD4KKyNlbHNlCiAjaW5jbHVkZSA8c3lzY2FsbC5oPgorI2VuZGlmCiAjaW5j bHVkZSA8ZXJyLmg+CiAjaW5jbHVkZSA8cHRocmVhZC5oPgogI2luY2x1ZGUgPGFzc2VydC5o PgogI2luY2x1ZGUgPGN0eXBlLmg+CiAjaW5jbHVkZSA8c2lnbmFsLmg+Ci0jaW5jbHVkZSA8 c3lzL3N5c2luZm8uaD4KIAogI2luY2x1ZGUgInplbmJsZWVkLmgiCiAKQEAgLTEyOSw2ICsx MzMsMTYgQEAgc3RhdGljIHZvaWQgKiB0aHJlYWRfbGVha19jb25zdW1lcih2b2lkICpwYXJh bSkKICAgICByZXR1cm4gMDsKIH0KIAorI2lmIGRlZmluZWQoX19GcmVlQlNEX3ZlcnNpb24p ICYmIF9fRnJlZUJTRF92ZXJzaW9uIDwgMTMwMDUyNAorc3RhdGljIF9faW5saW5lIGludCBz Y2hlZF9nZXRjcHUodm9pZCkKK3sKKyAgICByZWdpc3Rlcl90IGNwdTsKKworICAgIF9fYXNt KCJyZHBpZCAlMCIgOiAiPXIiIChjcHUpKTsKKyAgICByZXR1cm4gKGludCljcHU7Cit9Cisj ZW5kaWYKKwogLy8gVGhlIG1haW4gbGVha2luZyBsb29wLCBpdCBqdXN0IGtlZXBzIHdhaXRp bmcgZm9yIGEgbGVhayBhbmQgdGhlbiBzZW5kcyBpdCB0bwogLy8gdGhlIGNvbnN1bWVyIHRo cmVhZCB0byBiZSBwcmludGVkLgogc3RhdGljIHZvaWQgKiB0aHJlYWRfbGVha19wcm9kdWNl cih2b2lkICpwYXJhbSkKQEAgLTI5OCw3ICszMTIsNyBAQCBpbnQgbWFpbihpbnQgYXJnYywg Y2hhciAqKmFyZ3YpIHsKICAgICB9CiAKICAgICAvLyBXZSBzcGF3biBhIHRocmVhZCBvbiBl dmVyeSBldmFpbGFibGUgY29yZSBhbmQgc3RhcnQgbGVha2luZyB0byBzZWUgd2hhdCB3ZSBn ZXQuCi0gICAgbmNwdXMgICA9IGdldF9ucHJvY3MoKTsKKyAgICBuY3B1cyA9IHN5c2NvbmYo X1NDX05QUk9DRVNTT1JTX09OTE4pOwogICAgIHRocmVhZF9hcmdfdCogYXJncyA9IGNhbGxv YyhzaXplb2YodGhyZWFkX2FyZ190KSwgbmNwdXMpOwogICAgIHRocmVhZHMgPSBjYWxsb2Mo c2l6ZW9mKHB0aHJlYWRfdCksIG5jcHVzKTsKIAo= --------------BtTfcwYywa5UtuktUSTAfI52-- --------------0ctuGeG6FEJ2jT8LXulk9zeX-- --------------IOmoLCQOqukfoEpiJNX4KOwh Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEl1bqgKaRyqfWXu/CfJ+WJvzb8UYFAmTCzZ4FAwAAAAAACgkQfJ+WJvzb8UZe lAf/T0ovRpzqbN2zL8uZp3/C9X/QUAtMUGJJjzAbXEyDRR9BvrOpd2Xr27zVi9GPsY5bWK94/8eH ofR1LdX7THOoRK7BZ4+eWATQyukUPVENrb5gCPo8+tyc4RwFO8++3jbyRh5VMyqFwh8X2c4VtTxv 7PKZznrw3dX5rAKDEl+F3hbkHEZv2eZ/UW7u1UORjXdDAhnUwpJiUzw8aFqbpP8UmPZkKbsaIaAi 8qcvnQ+wlURYQXpI7bIaTzl8CP22zG1AqPOVD9ymTCjX+YwJynNbOf/yPrKGUNQmcl48y05Sw4/E KoOvqnz09AIfi3YguQClMeYdkmsIykv54CFOa0r0pA== =9rad -----END PGP SIGNATURE----- --------------IOmoLCQOqukfoEpiJNX4KOwh-- From nobody Thu Jul 27 20:30:20 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RBj7f2rD8z4prg3 for ; Thu, 27 Jul 2023 20:30:22 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [IPv6:2607:f3e0:0:1::12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smarthost1.sentex.ca", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RBj7f102Lz3lFR; Thu, 27 Jul 2023 20:30:22 +0000 (UTC) (envelope-from mike@sentex.net) Authentication-Results: mx1.freebsd.org; none Received: from pyroxene2a.sentex.ca (pyroxene19.sentex.ca [199.212.134.19]) by smarthost1.sentex.ca (8.17.1/8.16.1) with ESMTPS id 36RKUJjM049238 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=FAIL); Thu, 27 Jul 2023 16:30:19 -0400 (EDT) (envelope-from mike@sentex.net) Received: from [IPV6:2607:f3e0:0:4::29] ([IPv6:2607:f3e0:0:4:0:0:0:29]) by pyroxene2a.sentex.ca (8.16.1/8.15.2) with ESMTPS id 36RKUIhk099104 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Thu, 27 Jul 2023 16:30:19 -0400 (EDT) (envelope-from mike@sentex.net) Message-ID: Date: Thu, 27 Jul 2023 16:30:20 -0400 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: Zenbleed Content-Language: en-US To: Jung-uk Kim , Shawn Webb , 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> <5ca207d8-b947-12da-46b2-f83e55fcc98c@sentex.net> From: mike tancsa In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.84 X-Rspamd-Queue-Id: 4RBj7f102Lz3lFR X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:11647, ipnet:2607:f3e0::/32, country:CA] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated On 7/27/2023 4:03 PM, Jung-uk Kim wrote: > > Please try the attached patch.  It should fix the sched_getcpu() issue. > > Jung-uk Kim Thank you for helping me with this. However, still the following error on RELENG_12 from a few days ago % git clone "https://git.hardenedbsd.org/shawn.webb/zenbleed" Cloning into 'zenbleed'... warning: redirecting to https://git.hardenedbsd.org/shawn.webb/zenbleed.git/ remote: Enumerating objects: 23, done. remote: Total 23 (delta 0), reused 0 (delta 0), pack-reused 23 Receiving objects: 100% (23/23), 15.74 KiB | 15.74 MiB/s, done. Resolving deltas: 100% (8/8), done. % cd zenbleed/ % cat - > p --- pattern.c   2023-07-23 10:45:32.000000000 -0400 +++ pattern.c   2023-07-27 13:44:38.238159000 -0400 @@ -6,13 +6,14 @@  #include  #include  #include +#ifdef __linux__  #include +#endif  #include  #include  #include  #include  #include -#include  #include "zenbleed.h" @@ -82,7 +83,7 @@ void * pattern_leak_consumer(void *param)              }          } -        fprintf(stdout, "%.*s", matchlen, matchptr); +        fprintf(stdout, "%.*s", (int)matchlen, matchptr);          // If the match is bigger than our pattern size, we skip to the end of it.          if (matchlen > patlen) { --- util.c.orig 2023-07-23 10:45:32.000000000 -0400 +++ util.c      2023-07-27 13:44:38.238234000 -0400 @@ -46,6 +46,9 @@ bool num_inrange(char *range, int num)  bool num_inrange(char *range, int num)  {      char *r, *s, *e; +#ifndef __linux__ +    size_t len; +#endif      // Example:      // 1,2,3,4-8,2 @@ -53,7 +56,14 @@ bool num_inrange(char *range, int num)      if (range == NULL)          return false; -    s = strtok_r(strdupa(range), ",", &r); +#ifndef __linux__ +    len = strlen(range) + 1; +    s = alloca(len); +    memcpy(s, range, len); +#else +    s = strdupa(range); +#endif +    s = strtok_r(s, ",", &r);      while (s) {          int start; --- zenbleed.c.orig     2023-07-23 10:45:32.000000000 -0400 +++ zenbleed.c  2023-07-27 15:33:03.131825000 -0400 @@ -6,13 +6,17 @@  #include  #include  #include +#ifdef __FreeBSD__ +#include +#include +#else  #include +#endif  #include  #include  #include  #include  #include -#include  #include "zenbleed.h" @@ -129,6 +133,16 @@ static void * thread_leak_consumer(void *param)      return 0;  } +#if defined(__FreeBSD_version) && __FreeBSD_version < 1300524 +static __inline int sched_getcpu(void) +{ +    register_t cpu; + +    __asm("rdpid %0" : "=r" (cpu)); +    return (int)cpu; +} +#endif +  // The main leaking loop, it just keeps waiting for a leak and then sends it to  // the consumer thread to be printed.  static void * thread_leak_producer(void *param) @@ -298,7 +312,7 @@ int main(int argc, char **argv) {      }      // We spawn a thread on every evailable core and start leaking to see what we get. -    ncpus   = get_nprocs(); +    ncpus = sysconf(_SC_NPROCESSORS_ONLN);      thread_arg_t* args = calloc(sizeof(thread_arg_t), ncpus);      threads = calloc(sizeof(pthread_t), ncpus); % patch -p1 < p Hmm...  Looks like a unified diff to me... The text leading up to this was: -------------------------- |--- pattern.c  2023-07-23 10:45:32.000000000 -0400 |+++ pattern.c  2023-07-27 13:44:38.238159000 -0400 -------------------------- Patching file pattern.c using Plan A... Hunk #1 succeeded at 6. Hunk #2 succeeded at 83. Hmm...  The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |--- util.c.orig        2023-07-23 10:45:32.000000000 -0400 |+++ util.c     2023-07-27 13:44:38.238234000 -0400 -------------------------- Patching file util.c using Plan A... Hunk #1 succeeded at 46. Hunk #2 succeeded at 56. Hmm...  The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |--- zenbleed.c.orig    2023-07-23 10:45:32.000000000 -0400 |+++ zenbleed.c 2023-07-27 15:33:03.131825000 -0400 -------------------------- Patching file zenbleed.c using Plan A... Hunk #1 succeeded at 6. Hunk #2 succeeded at 133. Hunk #3 succeeded at 312. Hmm...  Ignoring the trailing garbage. done % gmake nasm  -O0 -felf64 -o zenleak.o zenleak.asm cc -O0 -ggdb3 -march=znver2   -c -o pattern.o pattern.c cc -O0 -ggdb3 -march=znver2   -c -o workqueue.o workqueue.c cc -O0 -ggdb3 -march=znver2   -c -o util.o util.c cc -O0 -ggdb3 -march=znver2  -pthread -Wl,-z,noexecstack zenbleed.c zenleak.o pattern.o workqueue.o util.o   -o zenbleed zenbleed.c:153:5: error: unknown type name 'cpu_set_t'; did you mean 'cpuset_t'?     cpu_set_t mask;     ^~~~~~~~~     cpuset_t /usr/include/sys/_cpuset.h:50:24: note: 'cpuset_t' declared here typedef struct _cpuset cpuset_t;                        ^ zenbleed.c:213:5: error: unknown type name 'cpu_set_t'; did you mean 'cpuset_t'?     cpu_set_t set;     ^~~~~~~~~     cpuset_t /usr/include/sys/_cpuset.h:50:24: note: 'cpuset_t' declared here typedef struct _cpuset cpuset_t;                        ^ zenbleed.c:221:51: error: use of undeclared identifier 'cpu_set_t'     if (pthread_attr_setaffinity_np(&attr, sizeof(cpu_set_t), &set) != 0)                                                   ^ 3 errors generated. gmake: *** [: zenbleed] Error 1 % From nobody Thu Jul 27 20:42:54 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RBjQ75J1rz4q1L6 for ; Thu, 27 Jul 2023 20:42:55 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RBjQ747GQz3rTW; Thu, 27 Jul 2023 20:42:55 +0000 (UTC) (envelope-from jkim@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690490575; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=UpSTbBSOKC2aGCsmw77xl6SsgZwIVmrHLQGeGJm8BkA=; b=Tan+ECdd4nH8UE8U4LD5QcoH0mg7PoDFv5gRehG9e5gVoHa1XcxrV6dpYoFzA0LPDoBJUO M7gp/3wcOMR0g3UJxBzoJntzGnPEqbhQ6cLD6I3NeaokbUuUNvsLP7CBI924jQA0aIR3VB 0DBNkJGKULPMsA6b9DSpXJbv38wNgAzDp+ybFFu6Bc/yEC/HsUkc4My6KYrQNmq0V33dHz Az41VjS85Keqn+CQ9hyuS9z2nsq9xANRzbbLkB7gY3hjOfgaERZeAXhao2FIjjOw+m87Y0 aBKheZrBuYAWb4gqqTYSibw0QhZj08F15YKUWXwDe8AKE36BFRRopr9E6NlA/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690490575; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=UpSTbBSOKC2aGCsmw77xl6SsgZwIVmrHLQGeGJm8BkA=; b=kTJ5AgNOeh7A7h/ytfatM3dSRkB3DY9iyO0nXPBT1uHDoFtEMLojew/2CWxHVxx/Ve3n7Z PGhCowmVFge2MYjXJ5ZXmHmqFXjN4F8QGkHT4swLl6agJ+Br94dKbWG9i4uMBLAHEx3PE+ xv9jcWbKrzWG/bNPV1gG2TVYeSzr3iyS36WosK+uZ7z/kTp6HLlG7fDPtgT94oaFrgK1sG 4dvVPyV5o53tPZ0J3HDa9u+kgoqg1lDUfJwtbPlvQgo+ywPi+I/8AnCT87BG+wZtODdhOg GiNx1Iba6ityWZ6Jfu8gnrsPnlFSu61hVM584bkw3KMl6Q9wHeAkj3LXH2TEOg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1690490575; a=rsa-sha256; cv=none; b=fVlr63cNGuizkQ15HEX2eJSs0w3RPtw6t+s5FQt/CGhNmIQnJugVR5Xth0Lm0HRumjSe+e BMHrC8+HjwzlE8QY6NwHDmVDqMAO8ngPLJZpye9ykDbZYF2h49CrH+XoQzI8pj+wtoEp5F TxZS5ptcgHfXSygMCtJIs77sWy+165/qHWI7748NiQ2eKMe2UOnb14XcX50kMKPO/lonHc 6L11PDzx/bM3o8CJnDn1iJOy/axALT8MyUKGIlh+1lmrRXZcoIfX4PGLQbJgrFhzb1nKia PnOyFDkMeGSI6DO70oxFYaSWB8dsoUWxgLID2w/pnCzCPQn/ca+XisNSSuxygQ== Received: from freefall.freebsd.org (pool-108-53-224-100.nwrknj.fios.verizon.net [108.53.224.100]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) (Authenticated sender: jkim/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4RBjQ72MG9zkfd; Thu, 27 Jul 2023 20:42:55 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Message-ID: Date: Thu, 27 Jul 2023 16:42:54 -0400 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.13.1 Subject: Re: Zenbleed Content-Language: en-US To: mike tancsa , Shawn Webb , 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> <5ca207d8-b947-12da-46b2-f83e55fcc98c@sentex.net> From: Jung-uk Kim Organization: FreeBSD.org In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------yQ9gwN63aorGM5mFbT3x0Wc8" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------yQ9gwN63aorGM5mFbT3x0Wc8 Content-Type: multipart/mixed; boundary="------------POhaQYIGVgOMxI7YGiuKUh7N"; protected-headers="v1" From: Jung-uk Kim To: mike tancsa , Shawn Webb , 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" Message-ID: Subject: Re: Zenbleed References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> <5ca207d8-b947-12da-46b2-f83e55fcc98c@sentex.net> In-Reply-To: --------------POhaQYIGVgOMxI7YGiuKUh7N Content-Type: multipart/mixed; boundary="------------OJyPFT6ZhbVg5WjD3qyx9V2D" --------------OJyPFT6ZhbVg5WjD3qyx9V2D Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 T24gMjMuIDcuIDI3LiwgbWlrZSB0YW5jc2Egd3JvdGU6DQo+IA0KPiBPbiA3LzI3LzIwMjMg NDowMyBQTSwgSnVuZy11ayBLaW0gd3JvdGU6DQo+Pg0KPj4gUGxlYXNlIHRyeSB0aGUgYXR0 YWNoZWQgcGF0Y2guwqAgSXQgc2hvdWxkIGZpeCB0aGUgc2NoZWRfZ2V0Y3B1KCkgaXNzdWUu DQo+Pg0KPj4gSnVuZy11ayBLaW0NCj4gDQo+IA0KPiBUaGFuayB5b3UgZm9yIGhlbHBpbmcg bWUgd2l0aCB0aGlzLiBIb3dldmVyLCBzdGlsbCB0aGUgZm9sbG93aW5nIGVycm9yIA0KPiBv biBSRUxFTkdfMTIgZnJvbSBhIGZldyBkYXlzIGFnbw0KPiANCj4gJSBnaXQgY2xvbmUgImh0 dHBzOi8vZ2l0LmhhcmRlbmVkYnNkLm9yZy9zaGF3bi53ZWJiL3plbmJsZWVkIg0KPiBDbG9u aW5nIGludG8gJ3plbmJsZWVkJy4uLg0KPiB3YXJuaW5nOiByZWRpcmVjdGluZyB0byANCj4g aHR0cHM6Ly9naXQuaGFyZGVuZWRic2Qub3JnL3NoYXduLndlYmIvemVuYmxlZWQuZ2l0Lw0K PiByZW1vdGU6IEVudW1lcmF0aW5nIG9iamVjdHM6IDIzLCBkb25lLg0KPiByZW1vdGU6IFRv dGFsIDIzIChkZWx0YSAwKSwgcmV1c2VkIDAgKGRlbHRhIDApLCBwYWNrLXJldXNlZCAyMw0K PiBSZWNlaXZpbmcgb2JqZWN0czogMTAwJSAoMjMvMjMpLCAxNS43NCBLaUIgfCAxNS43NCBN aUIvcywgZG9uZS4NCj4gUmVzb2x2aW5nIGRlbHRhczogMTAwJSAoOC84KSwgZG9uZS4NCj4g JSBjZCB6ZW5ibGVlZC8NCj4gJSBjYXQgLSA+IHANCj4gLS0tIHBhdHRlcm4uY8KgwqAgMjAy My0wNy0yMyAxMDo0NTozMi4wMDAwMDAwMDAgLTA0MDANCj4gKysrIHBhdHRlcm4uY8KgwqAg MjAyMy0wNy0yNyAxMzo0NDozOC4yMzgxNTkwMDAgLTA0MDANCj4gQEAgLTYsMTMgKzYsMTQg QEANCj4gIMKgI2luY2x1ZGUgPHN0ZGJvb2wuaD4NCj4gIMKgI2luY2x1ZGUgPHg4NmludHJp bi5oPg0KPiAgwqAjaW5jbHVkZSA8c2NoZWQuaD4NCj4gKyNpZmRlZiBfX2xpbnV4X18NCj4g IMKgI2luY2x1ZGUgPHN5c2NhbGwuaD4NCj4gKyNlbmRpZg0KPiAgwqAjaW5jbHVkZSA8ZXJy Lmg+DQo+ICDCoCNpbmNsdWRlIDxwdGhyZWFkLmg+DQo+ICDCoCNpbmNsdWRlIDxhc3NlcnQu aD4NCj4gIMKgI2luY2x1ZGUgPGN0eXBlLmg+DQo+ICDCoCNpbmNsdWRlIDxzaWduYWwuaD4N Cj4gLSNpbmNsdWRlIDxzeXMvc3lzaW5mby5oPg0KPiANCj4gIMKgI2luY2x1ZGUgInplbmJs ZWVkLmgiDQo+IA0KPiBAQCAtODIsNyArODMsNyBAQCB2b2lkICogcGF0dGVybl9sZWFrX2Nv bnN1bWVyKHZvaWQgKnBhcmFtKQ0KPiAgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgIH0NCj4g IMKgwqDCoMKgwqDCoMKgwqAgfQ0KPiANCj4gLcKgwqDCoMKgwqDCoMKgIGZwcmludGYoc3Rk b3V0LCAiJS4qcyIsIG1hdGNobGVuLCBtYXRjaHB0cik7DQo+ICvCoMKgwqDCoMKgwqDCoCBm cHJpbnRmKHN0ZG91dCwgIiUuKnMiLCAoaW50KW1hdGNobGVuLCBtYXRjaHB0cik7DQo+IA0K PiAgwqDCoMKgwqDCoMKgwqDCoCAvLyBJZiB0aGUgbWF0Y2ggaXMgYmlnZ2VyIHRoYW4gb3Vy IHBhdHRlcm4gc2l6ZSwgd2Ugc2tpcCB0byANCj4gdGhlIGVuZCBvZiBpdC4NCj4gIMKgwqDC oMKgwqDCoMKgwqAgaWYgKG1hdGNobGVuID4gcGF0bGVuKSB7DQo+IC0tLSB1dGlsLmMub3Jp ZyAyMDIzLTA3LTIzIDEwOjQ1OjMyLjAwMDAwMDAwMCAtMDQwMA0KPiArKysgdXRpbC5jwqDC oMKgwqDCoCAyMDIzLTA3LTI3IDEzOjQ0OjM4LjIzODIzNDAwMCAtMDQwMA0KPiBAQCAtNDYs NiArNDYsOSBAQCBib29sIG51bV9pbnJhbmdlKGNoYXIgKnJhbmdlLCBpbnQgbnVtKQ0KPiAg wqBib29sIG51bV9pbnJhbmdlKGNoYXIgKnJhbmdlLCBpbnQgbnVtKQ0KPiAgwqB7DQo+ICDC oMKgwqDCoCBjaGFyICpyLCAqcywgKmU7DQo+ICsjaWZuZGVmIF9fbGludXhfXw0KPiArwqDC oMKgIHNpemVfdCBsZW47DQo+ICsjZW5kaWYNCj4gDQo+ICDCoMKgwqDCoCAvLyBFeGFtcGxl Og0KPiAgwqDCoMKgwqAgLy8gMSwyLDMsNC04LDINCj4gQEAgLTUzLDcgKzU2LDE0IEBAIGJv b2wgbnVtX2lucmFuZ2UoY2hhciAqcmFuZ2UsIGludCBudW0pDQo+ICDCoMKgwqDCoCBpZiAo cmFuZ2UgPT0gTlVMTCkNCj4gIMKgwqDCoMKgwqDCoMKgwqAgcmV0dXJuIGZhbHNlOw0KPiAN Cj4gLcKgwqDCoCBzID0gc3RydG9rX3Ioc3RyZHVwYShyYW5nZSksICIsIiwgJnIpOw0KPiAr I2lmbmRlZiBfX2xpbnV4X18NCj4gK8KgwqDCoCBsZW4gPSBzdHJsZW4ocmFuZ2UpICsgMTsN Cj4gK8KgwqDCoCBzID0gYWxsb2NhKGxlbik7DQo+ICvCoMKgwqAgbWVtY3B5KHMsIHJhbmdl LCBsZW4pOw0KPiArI2Vsc2UNCj4gK8KgwqDCoCBzID0gc3RyZHVwYShyYW5nZSk7DQo+ICsj ZW5kaWYNCj4gK8KgwqDCoCBzID0gc3RydG9rX3IocywgIiwiLCAmcik7DQo+IA0KPiAgwqDC oMKgwqAgd2hpbGUgKHMpIHsNCj4gIMKgwqDCoMKgwqDCoMKgwqAgaW50IHN0YXJ0Ow0KPiAt LS0gemVuYmxlZWQuYy5vcmlnwqDCoMKgwqAgMjAyMy0wNy0yMyAxMDo0NTozMi4wMDAwMDAw MDAgLTA0MDANCj4gKysrIHplbmJsZWVkLmPCoCAyMDIzLTA3LTI3IDE1OjMzOjAzLjEzMTgy NTAwMCAtMDQwMA0KPiBAQCAtNiwxMyArNiwxNyBAQA0KPiAgwqAjaW5jbHVkZSA8c3RkYm9v bC5oPg0KPiAgwqAjaW5jbHVkZSA8eDg2aW50cmluLmg+DQo+ICDCoCNpbmNsdWRlIDxzY2hl ZC5oPg0KPiArI2lmZGVmIF9fRnJlZUJTRF9fDQo+ICsjaW5jbHVkZSA8c3lzL3BhcmFtLmg+ DQo+ICsjaW5jbHVkZSA8cHRocmVhZF9ucC5oPg0KPiArI2Vsc2UNCj4gIMKgI2luY2x1ZGUg PHN5c2NhbGwuaD4NCj4gKyNlbmRpZg0KPiAgwqAjaW5jbHVkZSA8ZXJyLmg+DQo+ICDCoCNp bmNsdWRlIDxwdGhyZWFkLmg+DQo+ICDCoCNpbmNsdWRlIDxhc3NlcnQuaD4NCj4gIMKgI2lu Y2x1ZGUgPGN0eXBlLmg+DQo+ICDCoCNpbmNsdWRlIDxzaWduYWwuaD4NCj4gLSNpbmNsdWRl IDxzeXMvc3lzaW5mby5oPg0KPiANCj4gIMKgI2luY2x1ZGUgInplbmJsZWVkLmgiDQo+IA0K PiBAQCAtMTI5LDYgKzEzMywxNiBAQCBzdGF0aWMgdm9pZCAqIHRocmVhZF9sZWFrX2NvbnN1 bWVyKHZvaWQgKnBhcmFtKQ0KPiAgwqDCoMKgwqAgcmV0dXJuIDA7DQo+ICDCoH0NCj4gDQo+ ICsjaWYgZGVmaW5lZChfX0ZyZWVCU0RfdmVyc2lvbikgJiYgX19GcmVlQlNEX3ZlcnNpb24g PCAxMzAwNTI0DQo+ICtzdGF0aWMgX19pbmxpbmUgaW50IHNjaGVkX2dldGNwdSh2b2lkKQ0K PiArew0KPiArwqDCoMKgIHJlZ2lzdGVyX3QgY3B1Ow0KPiArDQo+ICvCoMKgwqAgX19hc20o InJkcGlkICUwIiA6ICI9ciIgKGNwdSkpOw0KPiArwqDCoMKgIHJldHVybiAoaW50KWNwdTsN Cj4gK30NCj4gKyNlbmRpZg0KPiArDQo+ICDCoC8vIFRoZSBtYWluIGxlYWtpbmcgbG9vcCwg aXQganVzdCBrZWVwcyB3YWl0aW5nIGZvciBhIGxlYWsgYW5kIHRoZW4gDQo+IHNlbmRzIGl0 IHRvDQo+ICDCoC8vIHRoZSBjb25zdW1lciB0aHJlYWQgdG8gYmUgcHJpbnRlZC4NCj4gIMKg c3RhdGljIHZvaWQgKiB0aHJlYWRfbGVha19wcm9kdWNlcih2b2lkICpwYXJhbSkNCj4gQEAg LTI5OCw3ICszMTIsNyBAQCBpbnQgbWFpbihpbnQgYXJnYywgY2hhciAqKmFyZ3YpIHsNCj4g IMKgwqDCoMKgIH0NCj4gDQo+ICDCoMKgwqDCoCAvLyBXZSBzcGF3biBhIHRocmVhZCBvbiBl dmVyeSBldmFpbGFibGUgY29yZSBhbmQgc3RhcnQgbGVha2luZyB0byANCj4gc2VlIHdoYXQg d2UgZ2V0Lg0KPiAtwqDCoMKgIG5jcHVzwqDCoCA9IGdldF9ucHJvY3MoKTsNCj4gK8KgwqDC oCBuY3B1cyA9IHN5c2NvbmYoX1NDX05QUk9DRVNTT1JTX09OTE4pOw0KPiAgwqDCoMKgwqAg dGhyZWFkX2FyZ190KiBhcmdzID0gY2FsbG9jKHNpemVvZih0aHJlYWRfYXJnX3QpLCBuY3B1 cyk7DQo+ICDCoMKgwqDCoCB0aHJlYWRzID0gY2FsbG9jKHNpemVvZihwdGhyZWFkX3QpLCBu Y3B1cyk7DQo+IA0KPiANCj4gJSBwYXRjaCAtcDEgPCBwDQo+IEhtbS4uLsKgIExvb2tzIGxp a2UgYSB1bmlmaWVkIGRpZmYgdG8gbWUuLi4NCj4gVGhlIHRleHQgbGVhZGluZyB1cCB0byB0 aGlzIHdhczoNCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gfC0tLSBwYXR0ZXJu LmPCoCAyMDIzLTA3LTIzIDEwOjQ1OjMyLjAwMDAwMDAwMCAtMDQwMA0KPiB8KysrIHBhdHRl cm4uY8KgIDIwMjMtMDctMjcgMTM6NDQ6MzguMjM4MTU5MDAwIC0wNDAwDQo+IC0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tDQo+IFBhdGNoaW5nIGZpbGUgcGF0dGVybi5jIHVzaW5nIFBs YW4gQS4uLg0KPiBIdW5rICMxIHN1Y2NlZWRlZCBhdCA2Lg0KPiBIdW5rICMyIHN1Y2NlZWRl ZCBhdCA4My4NCj4gSG1tLi4uwqAgVGhlIG5leHQgcGF0Y2ggbG9va3MgbGlrZSBhIHVuaWZp ZWQgZGlmZiB0byBtZS4uLg0KPiBUaGUgdGV4dCBsZWFkaW5nIHVwIHRvIHRoaXMgd2FzOg0K PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiB8LS0tIHV0aWwuYy5vcmlnwqDCoMKg wqDCoMKgwqAgMjAyMy0wNy0yMyAxMDo0NTozMi4wMDAwMDAwMDAgLTA0MDANCj4gfCsrKyB1 dGlsLmPCoMKgwqDCoCAyMDIzLTA3LTI3IDEzOjQ0OjM4LjIzODIzNDAwMCAtMDQwMA0KPiAt LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiBQYXRjaGluZyBmaWxlIHV0aWwuYyB1c2lu ZyBQbGFuIEEuLi4NCj4gSHVuayAjMSBzdWNjZWVkZWQgYXQgNDYuDQo+IEh1bmsgIzIgc3Vj Y2VlZGVkIGF0IDU2Lg0KPiBIbW0uLi7CoCBUaGUgbmV4dCBwYXRjaCBsb29rcyBsaWtlIGEg dW5pZmllZCBkaWZmIHRvIG1lLi4uDQo+IFRoZSB0ZXh0IGxlYWRpbmcgdXAgdG8gdGhpcyB3 YXM6DQo+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IHwtLS0gemVuYmxlZWQuYy5v cmlnwqDCoMKgIDIwMjMtMDctMjMgMTA6NDU6MzIuMDAwMDAwMDAwIC0wNDAwDQo+IHwrKysg emVuYmxlZWQuYyAyMDIzLTA3LTI3IDE1OjMzOjAzLjEzMTgyNTAwMCAtMDQwMA0KPiAtLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiBQYXRjaGluZyBmaWxlIHplbmJsZWVkLmMgdXNp bmcgUGxhbiBBLi4uDQo+IEh1bmsgIzEgc3VjY2VlZGVkIGF0IDYuDQo+IEh1bmsgIzIgc3Vj Y2VlZGVkIGF0IDEzMy4NCj4gSHVuayAjMyBzdWNjZWVkZWQgYXQgMzEyLg0KPiBIbW0uLi7C oCBJZ25vcmluZyB0aGUgdHJhaWxpbmcgZ2FyYmFnZS4NCj4gZG9uZQ0KPiAlIGdtYWtlDQo+ IG5hc23CoCAtTzAgLWZlbGY2NCAtbyB6ZW5sZWFrLm8gemVubGVhay5hc20NCj4gY2MgLU8w IC1nZ2RiMyAtbWFyY2g9em52ZXIywqDCoCAtYyAtbyBwYXR0ZXJuLm8gcGF0dGVybi5jDQo+ IGNjIC1PMCAtZ2dkYjMgLW1hcmNoPXpudmVyMsKgwqAgLWMgLW8gd29ya3F1ZXVlLm8gd29y a3F1ZXVlLmMNCj4gY2MgLU8wIC1nZ2RiMyAtbWFyY2g9em52ZXIywqDCoCAtYyAtbyB1dGls Lm8gdXRpbC5jDQo+IGNjIC1PMCAtZ2dkYjMgLW1hcmNoPXpudmVyMsKgIC1wdGhyZWFkIC1X bCwteixub2V4ZWNzdGFjayB6ZW5ibGVlZC5jIA0KPiB6ZW5sZWFrLm8gcGF0dGVybi5vIHdv cmtxdWV1ZS5vIHV0aWwub8KgwqAgLW8gemVuYmxlZWQNCj4gemVuYmxlZWQuYzoxNTM6NTog ZXJyb3I6IHVua25vd24gdHlwZSBuYW1lICdjcHVfc2V0X3QnOyBkaWQgeW91IG1lYW4gDQo+ ICdjcHVzZXRfdCc/DQo+ICDCoMKgwqAgY3B1X3NldF90IG1hc2s7DQo+ICDCoMKgwqAgXn5+ fn5+fn5+DQo+ICDCoMKgwqAgY3B1c2V0X3QNCj4gL3Vzci9pbmNsdWRlL3N5cy9fY3B1c2V0 Lmg6NTA6MjQ6IG5vdGU6ICdjcHVzZXRfdCcgZGVjbGFyZWQgaGVyZQ0KPiB0eXBlZGVmIHN0 cnVjdCBfY3B1c2V0IGNwdXNldF90Ow0KPiAgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC oMKgwqDCoMKgwqDCoMKgwqAgXg0KPiB6ZW5ibGVlZC5jOjIxMzo1OiBlcnJvcjogdW5rbm93 biB0eXBlIG5hbWUgJ2NwdV9zZXRfdCc7IGRpZCB5b3UgbWVhbiANCj4gJ2NwdXNldF90Jz8N Cj4gIMKgwqDCoCBjcHVfc2V0X3Qgc2V0Ow0KPiAgwqDCoMKgIF5+fn5+fn5+fg0KPiAgwqDC oMKgIGNwdXNldF90DQo+IC91c3IvaW5jbHVkZS9zeXMvX2NwdXNldC5oOjUwOjI0OiBub3Rl OiAnY3B1c2V0X3QnIGRlY2xhcmVkIGhlcmUNCj4gdHlwZWRlZiBzdHJ1Y3QgX2NwdXNldCBj cHVzZXRfdDsNCj4gIMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC oMKgIF4NCj4gemVuYmxlZWQuYzoyMjE6NTE6IGVycm9yOiB1c2Ugb2YgdW5kZWNsYXJlZCBp ZGVudGlmaWVyICdjcHVfc2V0X3QnDQo+ICDCoMKgwqAgaWYgKHB0aHJlYWRfYXR0cl9zZXRh ZmZpbml0eV9ucCgmYXR0ciwgc2l6ZW9mKGNwdV9zZXRfdCksICZzZXQpICE9IDApDQo+ICDC oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoCBeDQo+IDMgZXJy b3JzIGdlbmVyYXRlZC4NCj4gZ21ha2U6ICoqKiBbPGJ1aWx0aW4+OiB6ZW5ibGVlZF0gRXJy b3IgMQ0KPiAlDQo+IA0KQ2FuIHlvdSBwbGVhc2UgdGhlIGF0dGFjaGVkIHBhdGNoPyAgU29y cnkgYWJvdXQgdGhlIHRyb3VibGUuDQoNCkp1bmctdWsgS2ltDQo= --------------OJyPFT6ZhbVg5WjD3qyx9V2D Content-Type: text/x-patch; charset=UTF-8; name="zenbleed.diff" Content-Disposition: attachment; filename="zenbleed.diff" Content-Transfer-Encoding: base64 LS0tIHBhdHRlcm4uYy5vcmlnCTIwMjMtMDctMjMgMTA6NDU6MzIuMDAwMDAwMDAwIC0wNDAw CisrKyBwYXR0ZXJuLmMJMjAyMy0wNy0yNyAxMzo0NDozOC4yMzgxNTkwMDAgLTA0MDAKQEAg LTYsMTMgKzYsMTQgQEAKICNpbmNsdWRlIDxzdGRib29sLmg+CiAjaW5jbHVkZSA8eDg2aW50 cmluLmg+CiAjaW5jbHVkZSA8c2NoZWQuaD4KKyNpZmRlZiBfX2xpbnV4X18KICNpbmNsdWRl IDxzeXNjYWxsLmg+CisjZW5kaWYKICNpbmNsdWRlIDxlcnIuaD4KICNpbmNsdWRlIDxwdGhy ZWFkLmg+CiAjaW5jbHVkZSA8YXNzZXJ0Lmg+CiAjaW5jbHVkZSA8Y3R5cGUuaD4KICNpbmNs dWRlIDxzaWduYWwuaD4KLSNpbmNsdWRlIDxzeXMvc3lzaW5mby5oPgogCiAjaW5jbHVkZSAi emVuYmxlZWQuaCIKIApAQCAtODIsNyArODMsNyBAQCB2b2lkICogcGF0dGVybl9sZWFrX2Nv bnN1bWVyKHZvaWQgKnBhcmFtKQogICAgICAgICAgICAgfQogICAgICAgICB9CiAKLSAgICAg ICAgZnByaW50ZihzdGRvdXQsICIlLipzIiwgbWF0Y2hsZW4sIG1hdGNocHRyKTsKKyAgICAg ICAgZnByaW50ZihzdGRvdXQsICIlLipzIiwgKGludCltYXRjaGxlbiwgbWF0Y2hwdHIpOwog CiAgICAgICAgIC8vIElmIHRoZSBtYXRjaCBpcyBiaWdnZXIgdGhhbiBvdXIgcGF0dGVybiBz aXplLCB3ZSBza2lwIHRvIHRoZSBlbmQgb2YgaXQuCiAgICAgICAgIGlmIChtYXRjaGxlbiA+ IHBhdGxlbikgewotLS0gdXRpbC5jLm9yaWcJMjAyMy0wNy0yMyAxMDo0NTozMi4wMDAwMDAw MDAgLTA0MDAKKysrIHV0aWwuYwkyMDIzLTA3LTI3IDEzOjQ0OjM4LjIzODIzNDAwMCAtMDQw MApAQCAtNDYsNiArNDYsOSBAQCBib29sIG51bV9pbnJhbmdlKGNoYXIgKnJhbmdlLCBpbnQg bnVtKQogYm9vbCBudW1faW5yYW5nZShjaGFyICpyYW5nZSwgaW50IG51bSkKIHsKICAgICBj aGFyICpyLCAqcywgKmU7CisjaWZuZGVmIF9fbGludXhfXworICAgIHNpemVfdCBsZW47Cisj ZW5kaWYKIAogICAgIC8vIEV4YW1wbGU6CiAgICAgLy8gMSwyLDMsNC04LDIKQEAgLTUzLDcg KzU2LDE0IEBAIGJvb2wgbnVtX2lucmFuZ2UoY2hhciAqcmFuZ2UsIGludCBudW0pCiAgICAg aWYgKHJhbmdlID09IE5VTEwpCiAgICAgICAgIHJldHVybiBmYWxzZTsKIAotICAgIHMgPSBz dHJ0b2tfcihzdHJkdXBhKHJhbmdlKSwgIiwiLCAmcik7CisjaWZuZGVmIF9fbGludXhfXwor ICAgIGxlbiA9IHN0cmxlbihyYW5nZSkgKyAxOworICAgIHMgPSBhbGxvY2EobGVuKTsKKyAg ICBtZW1jcHkocywgcmFuZ2UsIGxlbik7CisjZWxzZQorICAgIHMgPSBzdHJkdXBhKHJhbmdl KTsKKyNlbmRpZgorICAgIHMgPSBzdHJ0b2tfcihzLCAiLCIsICZyKTsKIAogICAgIHdoaWxl IChzKSB7CiAgICAgICAgIGludCBzdGFydDsKLS0tIHplbmJsZWVkLmMub3JpZwkyMDIzLTA3 LTIzIDEwOjQ1OjMyLjAwMDAwMDAwMCAtMDQwMAorKysgemVuYmxlZWQuYwkyMDIzLTA3LTI3 IDE2OjM4OjMwLjY4NTUzNzAwMCAtMDQwMApAQCAtNiwxMyArNiwxNyBAQAogI2luY2x1ZGUg PHN0ZGJvb2wuaD4KICNpbmNsdWRlIDx4ODZpbnRyaW4uaD4KICNpbmNsdWRlIDxzY2hlZC5o PgorI2lmZGVmIF9fRnJlZUJTRF9fCisjaW5jbHVkZSA8c3lzL3BhcmFtLmg+CisjaW5jbHVk ZSA8cHRocmVhZF9ucC5oPgorI2Vsc2UKICNpbmNsdWRlIDxzeXNjYWxsLmg+CisjZW5kaWYK ICNpbmNsdWRlIDxlcnIuaD4KICNpbmNsdWRlIDxwdGhyZWFkLmg+CiAjaW5jbHVkZSA8YXNz ZXJ0Lmg+CiAjaW5jbHVkZSA8Y3R5cGUuaD4KICNpbmNsdWRlIDxzaWduYWwuaD4KLSNpbmNs dWRlIDxzeXMvc3lzaW5mby5oPgogCiAjaW5jbHVkZSAiemVuYmxlZWQuaCIKIApAQCAtMTI5 LDYgKzEzMywxOCBAQCBzdGF0aWMgdm9pZCAqIHRocmVhZF9sZWFrX2NvbnN1bWVyKHZvaWQg KnBhcmFtKQogICAgIHJldHVybiAwOwogfQogCisjaWYgZGVmaW5lZChfX0ZyZWVCU0RfdmVy c2lvbikgJiYgX19GcmVlQlNEX3ZlcnNpb24gPCAxMzAwNTI0CisjZGVmaW5lIGNwdV9zZXRf dCBjcHVzZXRfdAorCitzdGF0aWMgX19pbmxpbmUgaW50IHNjaGVkX2dldGNwdSh2b2lkKQor eworICAgIHJlZ2lzdGVyX3QgY3B1OworCisgICAgX19hc20oInJkcGlkICUwIiA6ICI9ciIg KGNwdSkpOworICAgIHJldHVybiAoaW50KWNwdTsKK30KKyNlbmRpZgorCiAvLyBUaGUgbWFp biBsZWFraW5nIGxvb3AsIGl0IGp1c3Qga2VlcHMgd2FpdGluZyBmb3IgYSBsZWFrIGFuZCB0 aGVuIHNlbmRzIGl0IHRvCiAvLyB0aGUgY29uc3VtZXIgdGhyZWFkIHRvIGJlIHByaW50ZWQu CiBzdGF0aWMgdm9pZCAqIHRocmVhZF9sZWFrX3Byb2R1Y2VyKHZvaWQgKnBhcmFtKQpAQCAt Mjk4LDcgKzMxNCw3IEBAIGludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgewogICAg IH0KIAogICAgIC8vIFdlIHNwYXduIGEgdGhyZWFkIG9uIGV2ZXJ5IGV2YWlsYWJsZSBjb3Jl IGFuZCBzdGFydCBsZWFraW5nIHRvIHNlZSB3aGF0IHdlIGdldC4KLSAgICBuY3B1cyAgID0g Z2V0X25wcm9jcygpOworICAgIG5jcHVzID0gc3lzY29uZihfU0NfTlBST0NFU1NPUlNfT05M Tik7CiAgICAgdGhyZWFkX2FyZ190KiBhcmdzID0gY2FsbG9jKHNpemVvZih0aHJlYWRfYXJn X3QpLCBuY3B1cyk7CiAgICAgdGhyZWFkcyA9IGNhbGxvYyhzaXplb2YocHRocmVhZF90KSwg bmNwdXMpOwogCg== --------------OJyPFT6ZhbVg5WjD3qyx9V2D-- --------------POhaQYIGVgOMxI7YGiuKUh7N-- --------------yQ9gwN63aorGM5mFbT3x0Wc8 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEl1bqgKaRyqfWXu/CfJ+WJvzb8UYFAmTC1s4FAwAAAAAACgkQfJ+WJvzb8UYT bggAkClFRjyk9hS5jdRGnI6hpOQ7fz6qVaZUQVxgUOV8qsZijNlXRkFUqkOoaQUmYeoc6u8qOXkv g2efgb0d8d6tA1KwABJx3QPGaIlQAvxasUL8kmJQ1MLLUwijVMyGaMHwroWUlTC1bwmqXdsxP21+ 64jUQsvTL9vNVrsf5vfUMmq4sQoOq0XLYs02yqAGYf5j7sZvHVGMcm9IPiyEd7w4pRIQLj+WA9Ja HcGvYWGu7URq9ms3BExtcpLrPrW306A0yr5wAHlKkkeZN//80xt/LlAWr6nCVTiHTeakfYteY4pT F2oPKuB2Vxc2b/bQD6BSdXvE5OuL9ztEu4ux4nO6cA== =ZXS7 -----END PGP SIGNATURE----- --------------yQ9gwN63aorGM5mFbT3x0Wc8-- From nobody Thu Jul 27 20:46:22 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RBjV56gFsz4q3j3 for ; Thu, 27 Jul 2023 20:46:21 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [IPv6:2607:f3e0:0:1::12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smarthost1.sentex.ca", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RBjV55nLlz3tS7; Thu, 27 Jul 2023 20:46:21 +0000 (UTC) (envelope-from mike@sentex.net) Authentication-Results: mx1.freebsd.org; none Received: from pyroxene2a.sentex.ca (pyroxene19.sentex.ca [199.212.134.19]) by smarthost1.sentex.ca (8.17.1/8.16.1) with ESMTPS id 36RKkLRI054902 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=FAIL); Thu, 27 Jul 2023 16:46:21 -0400 (EDT) (envelope-from mike@sentex.net) Received: from [IPV6:2607:f3e0:0:4::29] ([IPv6:2607:f3e0:0:4:0:0:0:29]) by pyroxene2a.sentex.ca (8.16.1/8.15.2) with ESMTPS id 36RKkLrr005327 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Thu, 27 Jul 2023 16:46:21 -0400 (EDT) (envelope-from mike@sentex.net) Message-ID: <33df09fb-0631-3db6-694a-4d3cad754a10@sentex.net> Date: Thu, 27 Jul 2023 16:46:22 -0400 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: Zenbleed Content-Language: en-US To: Jung-uk Kim , Shawn Webb , 0x1eef <0x1eef@protonmail.com> Cc: "freebsd-security@freebsd.org" References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> <5ca207d8-b947-12da-46b2-f83e55fcc98c@sentex.net> From: mike tancsa In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.84 X-Rspamd-Queue-Id: 4RBjV55nLlz3tS7 X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:11647, ipnet:2607:f3e0::/32, country:CA] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated On 7/27/2023 4:42 PM, Jung-uk Kim wrote: > Can you please the attached patch?  Sorry about the trouble. > thank you for all the help! Looks good on RELENG_12 now % gmake nasm  -O0 -felf64 -o zenleak.o zenleak.asm cc -O0 -ggdb3 -march=znver2   -c -o pattern.o pattern.c cc -O0 -ggdb3 -march=znver2   -c -o workqueue.o workqueue.c cc -O0 -ggdb3 -march=znver2   -c -o util.o util.c cc -O0 -ggdb3 -march=znver2  -pthread -Wl,-z,noexecstack zenbleed.c zenleak.o pattern.o workqueue.o util.o   -o zenbleed % ./zenbleed -v3 *** EMBARGOED SECURITY ISSUE --  DO NOT DISTRIBUTE! *** ZenBleed Testcase -- taviso@google.com NOTE: Try -h to see configuration options Spawning 32 Threads... Thread 0x800686500 running on CPU 0Thread 0x800687400 running on CPU 3 Thread 0x800687900 running on CPU 4 Thread 0x800687e00 running on CPU 5 Thread 0x800688800 running on CPU 7 Thread 0x800689200 running on CPU 9 Thread 0x800688300 running on CPU 6 Thread 0x800686a00 running on CPU 1 Thread 0x800688d00 running on CPU 8 Thread 0x800689700 running on CPU 10 Thread 0x800689c00 running on CPU 11 Thread 0x80068a100 running on CPU 12 Thread 0x80068a600 running on CPU 13 Thread 0x800774000 running on CPU 15 Thread 0x800774500 running on CPU 16 Thread 0x800774a00 running on CPU 17 Thread 0x800774f00 running on CPU 18 Thread 0x800775400 running on CPU 19 Thread 0x800775900 running on CPU 20 Thread 0x800775e00 running on CPU 21 Thread 0x800776300 running on CPU 22 Thread 0x800776800 running on CPU 23 Thread 0x800776d00 running on CPU 24 Thread 0x800777200 running on CPU 25 Thread 0x800777700 running on CPU 26 Thread 0x800777c00 running on CPU 27 Thread 0x800778100 running on CPU 28 Thread 0x800778600 running on CPU 29 Thread 0x800778b00 running on CPU 30 Thread 0x803253000 running on CPU 31 Thread 0x80068ab00 running on CPU 14 Thread 0x800686f00 running on CPU 2 CPU: AMD EPYC 7302P 16-Core Processor                (3000.06-MHz K8-class CPU) From nobody Thu Jul 27 22:00:41 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RBl7y00sQz4ptQV for ; Thu, 27 Jul 2023 22:00:46 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RBl7x5JsVz4Q3V for ; Thu, 27 Jul 2023 22:00:45 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-io1-xd2f.google.com with SMTP id ca18e2360f4ac-77ac14ff51bso55730839f.3 for ; Thu, 27 Jul 2023 15:00:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1690495245; x=1691100045; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=Os1uwePX+m1S5MJeYHnPaCaLf39yF9gngZ9bpIA1ReE=; b=Me8jT3MtWWlMIRKge+QecFnQar3XdhOVhgSIZ647FbcTCdfxgmWGowqDQce/zUFo63 KsIYzJ9v9A7sApMK7gT8zFs7M+AutxoIPIOHDg+F/lQNLt0svZOcAX2x+A1U6OgXFulV /7PEPiBLCsQLMofPfg1kNAlXP5IV1GS1BN5oJZ4MBBW9bNm4j6ymtOEE9tq6BHDHStgF YKLj2tMI7ZP7yw2KlvCAiKyuTFfAT5uHj1+GMWS0gmyXWFS5Fk6f34tY6VcqtMwX6oUi zuubIxGXKR8dw2Qq6hmd/T7nBCZ70x3w4Ja53HRQ7M/gugA0ZgQwS5VbfX+4uL20RJEd D9Fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690495245; x=1691100045; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Os1uwePX+m1S5MJeYHnPaCaLf39yF9gngZ9bpIA1ReE=; b=hB988ot6vNLq4679D+YZ4JQk6Mw2mI9fie1t/l34tu3al9YX153xlth5YPd+qVmFRr loveRiwqtcTado5DFTlCyZ1VgWMa0WNKUJlxieHWd72zH5830S7ZdAln8cpfhtPzU3fc 8N2h6PaVIgbQMmPgzrrU36gjpr+/VPEBA9OIQLATnjEUIQ9imxcxou8gUOPx/xUq7bb7 iARwM6WmixeHBG/JRWZiTAEAFA9fDAO6hiCNQh04bMwIN7sZ+CyaHmH2fx7jyU/twXgg MJ9BKXsP1iY0TyhnSwqAKecuoekYiI8QBQOE3DMkumoMLhI/3LXmf390IUID5BDLKwev zGCA== X-Gm-Message-State: ABy/qLYSJeyYbyj8/KRORG08IbHBe/1alG5vcvvsfCbotwkUomo8Bcz8 ASeYcomrzuAuG+AVJKbYE5A9E1DFjlH1F6nUI9o= X-Google-Smtp-Source: APBJJlGGqwwATvEtlmDBPgGkUJ7OFmKX18wcwsMasynSBBlJVVEZn+81GH9oItFw/WhayqOVfP3SSw== X-Received: by 2002:a5e:c005:0:b0:783:5e93:1e7f with SMTP id u5-20020a5ec005000000b007835e931e7fmr840135iol.18.1690495244682; Thu, 27 Jul 2023 15:00:44 -0700 (PDT) Received: from mutt-hbsd ([98.38.198.52]) by smtp.gmail.com with ESMTPSA id y25-20020a5ec819000000b0077e35ffac2fsm670923iol.32.2023.07.27.15.00.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Jul 2023 15:00:43 -0700 (PDT) Date: Thu, 27 Jul 2023 18:00:41 -0400 From: Shawn Webb To: mike tancsa Cc: Jung-uk Kim , 0x1eef <0x1eef@protonmail.com>, "freebsd-security@freebsd.org" Subject: Re: Zenbleed Message-ID: <20230727220041.2cjcspcncsmjwqgl@mutt-hbsd> X-Operating-System: FreeBSD mutt-hbsd 14.0-CURRENT-HBSD FreeBSD 14.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> <5ca207d8-b947-12da-46b2-f83e55fcc98c@sentex.net> <33df09fb-0631-3db6-694a-4d3cad754a10@sentex.net> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ug6hkdjcv3gdi75p" Content-Disposition: inline In-Reply-To: <33df09fb-0631-3db6-694a-4d3cad754a10@sentex.net> X-Rspamd-Queue-Id: 4RBl7x5JsVz4Q3V X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated --ug6hkdjcv3gdi75p Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 27, 2023 at 04:46:22PM -0400, mike tancsa wrote: > On 7/27/2023 4:42 PM, Jung-uk Kim wrote: > > Can you please the attached patch?=A0 Sorry about the trouble. > >=20 > thank you for all the help! Looks good on RELENG_12 now >=20 > % gmake > nasm=A0 -O0 -felf64 -o zenleak.o zenleak.asm > cc -O0 -ggdb3 -march=3Dznver2=A0=A0 -c -o pattern.o pattern.c > cc -O0 -ggdb3 -march=3Dznver2=A0=A0 -c -o workqueue.o workqueue.c > cc -O0 -ggdb3 -march=3Dznver2=A0=A0 -c -o util.o util.c > cc -O0 -ggdb3 -march=3Dznver2=A0 -pthread -Wl,-z,noexecstack zenbleed.c > zenleak.o pattern.o workqueue.o util.o=A0=A0 -o zenbleed >=20 > % ./zenbleed -v3 > *** EMBARGOED SECURITY ISSUE --=A0 DO NOT DISTRIBUTE! *** > ZenBleed Testcase -- taviso@google.com >=20 > NOTE: Try -h to see configuration options >=20 > Spawning 32 Threads... > Thread 0x800686500 running on CPU 0Thread 0x800687400 running on CPU 3 >=20 > Thread 0x800687900 running on CPU 4 > Thread 0x800687e00 running on CPU 5 > Thread 0x800688800 running on CPU 7 > Thread 0x800689200 running on CPU 9 > Thread 0x800688300 running on CPU 6 > Thread 0x800686a00 running on CPU 1 > Thread 0x800688d00 running on CPU 8 > Thread 0x800689700 running on CPU 10 > Thread 0x800689c00 running on CPU 11 > Thread 0x80068a100 running on CPU 12 > Thread 0x80068a600 running on CPU 13 > Thread 0x800774000 running on CPU 15 > Thread 0x800774500 running on CPU 16 > Thread 0x800774a00 running on CPU 17 > Thread 0x800774f00 running on CPU 18 > Thread 0x800775400 running on CPU 19 > Thread 0x800775900 running on CPU 20 > Thread 0x800775e00 running on CPU 21 > Thread 0x800776300 running on CPU 22 > Thread 0x800776800 running on CPU 23 > Thread 0x800776d00 running on CPU 24 > Thread 0x800777200 running on CPU 25 > Thread 0x800777700 running on CPU 26 > Thread 0x800777c00 running on CPU 27 > Thread 0x800778100 running on CPU 28 > Thread 0x800778600 running on CPU 29 > Thread 0x800778b00 running on CPU 30 > Thread 0x803253000 running on CPU 31 > Thread 0x80068ab00 running on CPU 14 > Thread 0x800686f00 running on CPU 2 >=20 >=20 > CPU: AMD EPYC 7302P 16-Core Processor=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0 (3000.06-MHz K8-class > CPU) I've reverted the old work in favor of Jung-uk Kim's patch in my feature branch (shawn.webb/bsd/main). My next commit will be to remove gmake as a dependency (in favor of in-base BSD Make). Perhaps I'll submit a ports entry when I feel the codebase is ready. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --ug6hkdjcv3gdi75p Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmTC6QMACgkQ/y5nonf4 4foEYQ/8Dx2dgUI3uyE0pX4z/oGrR4iMqbgyKwejsvwsTV+3mR2w1RH0hcmYtVCO 8t2waliSy+j5e8L+/8htgfU2Q89VpmivzdpJch1LoRlJ9m3uEDGRBj09FGoVbV2h 8SZNkZGs4HYm83YhKftyu/hRAt846Lkz74feO/jIBq/TmW8DLaep23vftGmBl20U ZheSpqJtix6MXOqL/Ei0V1eVCDjW+YcVauArfl5Q9OTJ5hOziK5j/vcd4FlGWFyo b/uZSCXUK3aw3FGxIxukZy1Z+OWqgDdTEsZhjCAixzRiJ7PL/B0KyCDtOQ6zFVXZ hzAG3l+1XCcQWoDrKE/AxOlGB2ujDanrSpjGXuTce0YrpUQbV1KOopalGbxK8T7E JC2aYzWgCHw7zNZY6DqkhhYqjj5Es3DqZl3Grfig7ucfhKZ7O4JC5PT/GchUK7Cl 9g8lYydXO7hsYGcYo+VEPmy15abyA3R0/mKe8geFfIzaoYUXlmSxxBQMBhd0JB+3 P2mMKoM9b7iKSuOPX9NWJox48kkbzFRKwbxTE7zRCAZoHNfi50vQI1sEjnQdZFqu ug03WYPWIamXUKCWT+HAzo8ulIxWj0ZvQ/pseAsSwgOQLEm8qEidNq45TzLbBBBl F8x/DUq3kQZthJyxrLyDUTtWfHYHeLHS8mcXlyuLj9fv5x/4Qgs= =EP61 -----END PGP SIGNATURE----- --ug6hkdjcv3gdi75p--