• [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:06.microcode

    From FreeBSD Errata Notices@21:1/5 to All on Wed Feb 24 07:00:00 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    ============================================================================= FreeBSD-EN-21:06.microcode Errata Notice
    The FreeBSD Project

    Topic: Boot-time microcode loading causes a boot hang

    Category: core
    Module: x86
    Announced: 2021-02-24
    Affects: FreeBSD 12.2
    Corrected: 2021-02-19 20:57:34 UTC (stable/12, 12.2-STABLE)
    2021-02-24 01:43:50 UTC (releng/12.2, 12.2-RELEASE-p4)

    For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security
    branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>.

    I. Background

    CPU microcode updates may include security fixes or mitigations. The
    boot-time microcode loader applies CPU microcode as early in the boot process as possible, minimizing the amount of code executed without updated
    microcode.

    Microcode updates for many different CPU types are concatenated into one file and loaded by the boot loader. After the kernel has determined the correct update to apply, it frees the memory containing unused microcode updates, keeping only the update for the CPU on which the kernel is running.

    II. Problem Description

    An interaction between the code which frees the unused portions of the microcode file and the rest of the system can cause boot hangs.

    III. Impact

    The kernel may hang during boot if boot-time microcode updates are configured.

    IV. Workaround

    Systems not configured to load microcode at boot-time are unaffected.
    Boot-time microcode loading is currently only supported with Intel CPUs.

    On systems that are configured to load microcode at boot-time, setting the "debug.ucode.release" loader tunable to 0 will prevent the microcode update file from being freed, working around the problem.

    V. Solution

    Upgrade your system to a supported FreeBSD stable or release / security
    branch (releng) dated after the correction date.

    Perform one of the following:

    1) To update your system via a binary patch:

    Systems running a RELEASE version of FreeBSD on the i386 or amd64
    platforms can be updated via the freebsd-update(8) utility:

    # freebsd-update fetch
    # freebsd-update install

    2) To update your system via a source code patch:

    The following patches have been verified to apply to the applicable
    FreeBSD release branches.

    a) Download the relevant patch from the location below, and verify the
    detached PGP signature using your PGP utility.

    # fetch https://security.FreeBSD.org/patches/EN-21:06/microcode.patch
    # fetch https://security.FreeBSD.org/patches/EN-21:06/microcode.patch.asc
    # gpg --verify microcode.patch.asc

    b) Apply the patch. Execute the following commands as root:

    # cd /usr/src
    # patch < /path/to/patch

    c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
    system.

    VI. Correction details

    The following list contains the correction revision numbers for each
    affected branch.

    Branch/path Revision
    - ------------------------------------------------------------------------- stable/12/ r369310 releng/12.2/ r369355
    - -------------------------------------------------------------------------

    To see which files were modified by a particular revision, run the
    following command, replacing NNNNNN with the revision number, on a
    machine with Subversion installed:

    # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

    Or visit the following URL, replacing NNNNNN with the revision number:

    <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

    VII. References

    The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:06.microcode.asc> -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmA15bwACgkQ05eS9J6n 5cLgbg//cottS8aQLl6YmSFs6JIyZwE4RutM2tSrkwkdQmuYLfba3tEyYs3R2iAK x9y5bf9jFG5m7mUVr9QhEPRGrFlKTdTtW682T5ClLrZO1TIWwTUZlEC9omIpAPV3 /A2tFFK253Zhufh2bKol8y8LwEle9MrO2xURj8KOo5dFa0HxSrMeCb+YlINV/iCy hEJPuGvVWr+1rTP0hbKT+lHwtsgV2yB73FuG85p3FtJ4nr7OBlrzDnVgAKANvGTG VTE/g/mqKfQlYqrNccw8Si/K5vh9PNiFjXiercSyMWV1eaYT6WU/a3x94RlISvR7 6t56uWyJ9YTs3+E1bwplIZ/0qrCOvcgYqsv6ANu5/2gysFCNaNACDcAtidcly2UB AL0hDjEQ7sAmsGmjAXfg7bbgUD/1h3saTmI3UmuWayZodMt1w6A0d/3A4bb/yZid rF3gVvgmLBSjsgSXSqYtnS3N+af/rr01/tLaZh/yvO8d0EwFteyGar/dduSCoXbU EK636ZNy+df7k6eCfqeh2/WixqSE7pKw2anQXmn11vHMBWDyuF919jMxrm64OdzT sLlVrGOH8FHbUwnTsNUAfggqO7VUowvfRnYk+CzDElpXqn0Pteq8UCGABLmRKW9u kISBhJwAjnnybyZ5/nvFaAN5UtvG5he0qhpbvArposyvqLdsgZ0=
    =j/+s
    -----END PGP SIGNATURE-----
    _______________________________________________
    freebsd-announce@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-announce
    To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)