From nobody Thu Jul 27 22:00:41 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RBl7y00sQz4ptQV for ; Thu, 27 Jul 2023 22:00:46 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RBl7x5JsVz4Q3V for ; Thu, 27 Jul 2023 22:00:45 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-io1-xd2f.google.com with SMTP id ca18e2360f4ac-77ac14ff51bso55730839f.3 for ; Thu, 27 Jul 2023 15:00:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1690495245; x=1691100045; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=Os1uwePX+m1S5MJeYHnPaCaLf39yF9gngZ9bpIA1ReE=; b=Me8jT3MtWWlMIRKge+QecFnQar3XdhOVhgSIZ647FbcTCdfxgmWGowqDQce/zUFo63 KsIYzJ9v9A7sApMK7gT8zFs7M+AutxoIPIOHDg+F/lQNLt0svZOcAX2x+A1U6OgXFulV /7PEPiBLCsQLMofPfg1kNAlXP5IV1GS1BN5oJZ4MBBW9bNm4j6ymtOEE9tq6BHDHStgF YKLj2tMI7ZP7yw2KlvCAiKyuTFfAT5uHj1+GMWS0gmyXWFS5Fk6f34tY6VcqtMwX6oUi zuubIxGXKR8dw2Qq6hmd/T7nBCZ70x3w4Ja53HRQ7M/gugA0ZgQwS5VbfX+4uL20RJEd D9Fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690495245; x=1691100045; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Os1uwePX+m1S5MJeYHnPaCaLf39yF9gngZ9bpIA1ReE=; b=hB988ot6vNLq4679D+YZ4JQk6Mw2mI9fie1t/l34tu3al9YX153xlth5YPd+qVmFRr loveRiwqtcTado5DFTlCyZ1VgWMa0WNKUJlxieHWd72zH5830S7ZdAln8cpfhtPzU3fc 8N2h6PaVIgbQMmPgzrrU36gjpr+/VPEBA9OIQLATnjEUIQ9imxcxou8gUOPx/xUq7bb7 iARwM6WmixeHBG/JRWZiTAEAFA9fDAO6hiCNQh04bMwIN7sZ+CyaHmH2fx7jyU/twXgg MJ9BKXsP1iY0TyhnSwqAKecuoekYiI8QBQOE3DMkumoMLhI/3LXmf390IUID5BDLKwev zGCA== X-Gm-Message-State: ABy/qLYSJeyYbyj8/KRORG08IbHBe/1alG5vcvvsfCbotwkUomo8Bcz8 ASeYcomrzuAuG+AVJKbYE5A9E1DFjlH1F6nUI9o= X-Google-Smtp-Source: APBJJlGGqwwATvEtlmDBPgGkUJ7OFmKX18wcwsMasynSBBlJVVEZn+81GH9oItFw/WhayqOVfP3SSw== X-Received: by 2002:a5e:c005:0:b0:783:5e93:1e7f with SMTP id u5-20020a5ec005000000b007835e931e7fmr840135iol.18.1690495244682; Thu, 27 Jul 2023 15:00:44 -0700 (PDT) Received: from mutt-hbsd ([98.38.198.52]) by smtp.gmail.com with ESMTPSA id y25-20020a5ec819000000b0077e35ffac2fsm670923iol.32.2023.07.27.15.00.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Jul 2023 15:00:43 -0700 (PDT) Date: Thu, 27 Jul 2023 18:00:41 -0400 From: Shawn Webb To: mike tancsa Cc: Jung-uk Kim , 0x1eef <0x1eef@protonmail.com>, "freebsd-security@freebsd.org" Subject: Re: Zenbleed Message-ID: <20230727220041.2cjcspcncsmjwqgl@mutt-hbsd> X-Operating-System: FreeBSD mutt-hbsd 14.0-CURRENT-HBSD FreeBSD 14.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <20230726214636.yblem2s4sgapb6cw@mutt-hbsd> <5ca207d8-b947-12da-46b2-f83e55fcc98c@sentex.net> <33df09fb-0631-3db6-694a-4d3cad754a10@sentex.net> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ug6hkdjcv3gdi75p" Content-Disposition: inline In-Reply-To: <33df09fb-0631-3db6-694a-4d3cad754a10@sentex.net> X-Rspamd-Queue-Id: 4RBl7x5JsVz4Q3V X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated --ug6hkdjcv3gdi75p Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 27, 2023 at 04:46:22PM -0400, mike tancsa wrote: > On 7/27/2023 4:42 PM, Jung-uk Kim wrote: > > Can you please the attached patch?=A0 Sorry about the trouble. > >=20 > thank you for all the help! Looks good on RELENG_12 now >=20 > % gmake > nasm=A0 -O0 -felf64 -o zenleak.o zenleak.asm > cc -O0 -ggdb3 -march=3Dznver2=A0=A0 -c -o pattern.o pattern.c > cc -O0 -ggdb3 -march=3Dznver2=A0=A0 -c -o workqueue.o workqueue.c > cc -O0 -ggdb3 -march=3Dznver2=A0=A0 -c -o util.o util.c > cc -O0 -ggdb3 -march=3Dznver2=A0 -pthread -Wl,-z,noexecstack zenbleed.c > zenleak.o pattern.o workqueue.o util.o=A0=A0 -o zenbleed >=20 > % ./zenbleed -v3 > *** EMBARGOED SECURITY ISSUE --=A0 DO NOT DISTRIBUTE! *** > ZenBleed Testcase -- taviso@google.com >=20 > NOTE: Try -h to see configuration options >=20 > Spawning 32 Threads... > Thread 0x800686500 running on CPU 0Thread 0x800687400 running on CPU 3 >=20 > Thread 0x800687900 running on CPU 4 > Thread 0x800687e00 running on CPU 5 > Thread 0x800688800 running on CPU 7 > Thread 0x800689200 running on CPU 9 > Thread 0x800688300 running on CPU 6 > Thread 0x800686a00 running on CPU 1 > Thread 0x800688d00 running on CPU 8 > Thread 0x800689700 running on CPU 10 > Thread 0x800689c00 running on CPU 11 > Thread 0x80068a100 running on CPU 12 > Thread 0x80068a600 running on CPU 13 > Thread 0x800774000 running on CPU 15 > Thread 0x800774500 running on CPU 16 > Thread 0x800774a00 running on CPU 17 > Thread 0x800774f00 running on CPU 18 > Thread 0x800775400 running on CPU 19 > Thread 0x800775900 running on CPU 20 > Thread 0x800775e00 running on CPU 21 > Thread 0x800776300 running on CPU 22 > Thread 0x800776800 running on CPU 23 > Thread 0x800776d00 running on CPU 24 > Thread 0x800777200 running on CPU 25 > Thread 0x800777700 running on CPU 26 > Thread 0x800777c00 running on CPU 27 > Thread 0x800778100 running on CPU 28 > Thread 0x800778600 running on CPU 29 > Thread 0x800778b00 running on CPU 30 > Thread 0x803253000 running on CPU 31 > Thread 0x80068ab00 running on CPU 14 > Thread 0x800686f00 running on CPU 2 >=20 >=20 > CPU: AMD EPYC 7302P 16-Core Processor=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0 (3000.06-MHz K8-class > CPU) I've reverted the old work in favor of Jung-uk Kim's patch in my feature branch (shawn.webb/bsd/main). My next commit will be to remove gmake as a dependency (in favor of in-base BSD Make). Perhaps I'll submit a ports entry when I feel the codebase is ready. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --ug6hkdjcv3gdi75p Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmTC6QMACgkQ/y5nonf4 4foEYQ/8Dx2dgUI3uyE0pX4z/oGrR4iMqbgyKwejsvwsTV+3mR2w1RH0hcmYtVCO 8t2waliSy+j5e8L+/8htgfU2Q89VpmivzdpJch1LoRlJ9m3uEDGRBj09FGoVbV2h 8SZNkZGs4HYm83YhKftyu/hRAt846Lkz74feO/jIBq/TmW8DLaep23vftGmBl20U ZheSpqJtix6MXOqL/Ei0V1eVCDjW+YcVauArfl5Q9OTJ5hOziK5j/vcd4FlGWFyo b/uZSCXUK3aw3FGxIxukZy1Z+OWqgDdTEsZhjCAixzRiJ7PL/B0KyCDtOQ6zFVXZ hzAG3l+1XCcQWoDrKE/AxOlGB2ujDanrSpjGXuTce0YrpUQbV1KOopalGbxK8T7E JC2aYzWgCHw7zNZY6DqkhhYqjj5Es3DqZl3Grfig7ucfhKZ7O4JC5PT/GchUK7Cl 9g8lYydXO7hsYGcYo+VEPmy15abyA3R0/mKe8geFfIzaoYUXlmSxxBQMBhd0JB+3 P2mMKoM9b7iKSuOPX9NWJox48kkbzFRKwbxTE7zRCAZoHNfi50vQI1sEjnQdZFqu ug03WYPWIamXUKCWT+HAzo8ulIxWj0ZvQ/pseAsSwgOQLEm8qEidNq45TzLbBBBl F8x/DUq3kQZthJyxrLyDUTtWfHYHeLHS8mcXlyuLj9fv5x/4Qgs= =EP61 -----END PGP SIGNATURE----- --ug6hkdjcv3gdi75p--