diff --git a/.gitignore b/.gitignore index 23c20b3..c4fca8e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/06-2d-07 SOURCES/06-55-04 -SOURCES/microcode-20200508.tar.gz +SOURCES/microcode-20200602.tar.gz diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata index 449b5ee..5e26097 100644 --- a/.microcode_ctl.metadata +++ b/.microcode_ctl.metadata @@ -1,3 +1,3 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07 2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04 -773599d13ebe640749768d630357ca60cb52b5ee SOURCES/microcode-20200508.tar.gz +ea699fd62ba3625062cae60d4a657fa11822b372 SOURCES/microcode-20200602.tar.gz diff --git a/SOURCES/06-2d-07_readme b/SOURCES/06-2d-07_readme index 18c676d..2a9f5ec 100644 --- a/SOURCES/06-2d-07_readme +++ b/SOURCES/06-2d-07_readme @@ -12,6 +12,7 @@ For the reference, SHA1 checksums of 06-2d-07 microcode files containing microcode revisions in question are listed below: * 06-2d-07, revision 0x714: bcf2173cd3dd499c37defbc2533703cfa6ec2430 * 06-2d-07, revision 0x718: 837cfebbfc09b911151dfd179082ad99cf87e85d + * 06-2d-07, revision 0x71a: 4512c8149e63e5ed15f45005d7fb5be0041f66f6 Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions diff --git a/SOURCES/check_caveats b/SOURCES/check_caveats index c7f0e8a..f43fb4a 100755 --- a/SOURCES/check_caveats +++ b/SOURCES/check_caveats @@ -621,19 +621,19 @@ for cfg in $(echo "${configs}"); do # Note that the model filter check is done inside check_pci_config_val # based on the 'mode=' parameter. if [ -n "$cfg_pci" ]; then - pci_res=0 - pci_line= - while read -r pci_line; do - [ -n "$pci_line" ] || continue - pci_res=$(check_pci_config_val "$pci_line" "$match_model") - [ "x$pci_res" = x0 ] || break - done <<- EOF - $cfg_pci - EOF - - [ "x$pci_res" = x0 ] || { - debug "PCI configuration word check '$pci_line' " \ - "failed (with return code $pci_res)" + pci_line="$(printf "%s\n" "$cfg_pci" | while read -r pci_line; do + [ -n "$pci_line" ] || continue + pci_res=$(check_pci_config_val "$pci_line" \ + "$match_model") + [ 0 != "$pci_res" ] || continue + echo "$pci_res $pci_line" + break + done + echo "0 ")" + + [ -z "${pci_line#* }" ] || { + debug "PCI configuration word check '${pci_line#* }'" \ + "failed (with return code ${pci_line%% *})" fail continue } diff --git a/SOURCES/gen_provides.sh b/SOURCES/gen_provides.sh index f963bf6..5e2a2a4 100755 --- a/SOURCES/gen_provides.sh +++ b/SOURCES/gen_provides.sh @@ -21,31 +21,75 @@ for f in $(grep -E '/intel-ucode.*/[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]-[0-9a-f][0- ucode_fname="$ucode_caveat/$ucode" file_sz="$(stat -c "%s" "$f")" skip=0 + ext_hdr=0 + ext_sig_cnt=0 + ext_sig_pos=0 + next_skip=0 + # Microcode header format description: + # https://gitlab.com/iucode-tool/iucode-tool/blob/master/intel_microcode.c while :; do [ "$skip" -lt "$file_sz" ] || break - # Microcode header format description: - # https://gitlab.com/iucode-tool/iucode-tool/blob/master/intel_microcode.c - IFS=' ' read hdrver rev \ - date_y date_d date_m \ - cpuid cksum ldrver \ - pf_mask datasz totalsz <<- EOF - $(hexdump -s "$skip" -n 36 \ - -e '"" 1/4 "%u " 1/4 "%#x " \ - 1/2 "%04x " 1/1 "%02x " 1/1 "%02x " \ - 1/4 "%08x " 1/4 "%x " 1/4 "%#x " \ - 1/4 "%u " 1/4 "%u " 1/4 "%u" "\n"' "$f") - EOF - - [ 0 != "$datasz" ] || datasz=2000 - [ 0 != "$totalsz" ] || totalsz=2048 - - # TODO: add some sanity/safety checks here. As of now, there's - # a (pretty fragile) assumption that all the matched files - # are valid Intel microcode files in the expected format. - - skip=$((skip + totalsz)) + # Do we parse ext_sig table or another microcode header? + if [ 0 != "$next_skip" ]; then + # Check whether we should abort ext_sig table parsing + [ \( "${skip}" -lt "${next_skip}" \) -a \ + \( "${ext_sig_pos}" -lt "${ext_sig_cnt}" \) ] || { + skip="${next_skip}" + next_skip=0 + continue + } + + # ext_sig, 12 bytes in size + IFS=' ' read cpuid pf_mask <<- EOF + $(hexdump -s "$skip" -n 8 \ + -e '"" 1/4 "%08x " 1/4 "%u" "\n"' "$f") + EOF + + skip="$((skip + 12))" + ext_sig_pos="$((ext_sig_pos + 1))" + else + # Microcode header, 48 bytes, last 3 fields reserved + IFS=' ' read hdrver rev \ + date_y date_d date_m \ + cpuid cksum ldrver \ + pf_mask datasz totalsz <<- EOF + $(hexdump -s "$skip" -n 36 \ + -e '"" 1/4 "%u " 1/4 "%#x " \ + 1/2 "%04x " 1/1 "%02x " 1/1 "%02x " \ + 1/4 "%08x " 1/4 "%x " 1/4 "%#x " \ + 1/4 "%u " 1/4 "%u " 1/4 "%u" "\n"' "$f") + EOF + + [ 0 != "$datasz" ] || datasz=2000 + [ 0 != "$totalsz" ] || totalsz=2048 + + # TODO: add some sanity/safety checks here. As of now, + # there's a (pretty fragile) assumption that all + # the matched files are valid Intel microcode + # files in the expected format. + + # ext_sig table is after the microcode payload, + # check for its presence + if [ 48 -lt "$((totalsz - datasz))" ]; then + next_skip="$((skip + totalsz))" + skip="$((skip + datasz + 48))" + ext_sig_pos=0 + + # ext_sig table header, 20 bytes in size, + # last 3 fields are reserved. + IFS=' ' read ext_sig_cnt <<- EOF + $(hexdump -s "$skip" -n 4 \ + -e '"" 1/4 "%u" "\n"' "$f") + EOF + + skip="$((skip + 20))" + else + skip="$((skip + totalsz))" + next_skip=0 + fi + fi #[ -n "$rev" ] || continue diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec index 343e7af..13bae31 100644 --- a/SPECS/microcode_ctl.spec +++ b/SPECS/microcode_ctl.spec @@ -1,4 +1,4 @@ -%define intel_ucode_version 20200508 +%define intel_ucode_version 20200602 %global debug_package %{nil} %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats @@ -13,7 +13,7 @@ Summary: CPU microcode updates for Intel x86 processors Name: microcode_ctl Version: %{intel_ucode_version} -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 4 License: CC0 and Redistributable, no modification permitted URL: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files @@ -420,6 +420,60 @@ rm -rf %{buildroot} %changelog +* Thu Jun 04 2020 Eugene Syromiatnikov - 4:20200602-2 +- Avoid temporary file creation, used for here-documents in check_caveats + (#1839163). + +* Wed Jun 03 2020 Eugene Syromiatnikov - 4:20200602-1 +- Update Intel CPU microcode to microcode-20200602 release, addresses + CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1795354, #1795356, #1827184): + - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28; + - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e + up to 0x2f; + - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 + up to 0x26; + - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c; + - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 + up to 0x22; + - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6 + up to 0xdc; + - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151 + up to 0x1000157; + - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode + (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065 + up to 0x2006906; + - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c + up to 0x4002f01; + - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c + up to 0x5002f01; + - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6 + up to 0xdc; + - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca + up to 0xd6; + - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca + up to 0xd6; + - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca + up to 0xd6; + - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca + up to 0xd6; + - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode + from revision 0xca up to 0xd6; + - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision + 0xca up to 0xd6; + - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca + up to 0xd6; + - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6; + - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca + up to 0xd6; + - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6. + +* Fri May 22 2020 Eugene Syromiatnikov - 4:20200520-1 +- Update Intel CPU microcode to microcode-20200520 release (#1783103): + - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f + up to 0x621; + - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718 + up to 0x71a. + * Tue May 12 2020 Eugene Syromiatnikov - 4:20200508-1 - Update Intel CPU microcode to microcode-20200508 release (#1783103): - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46