Disable RDRAND on AMD family 0x17, models 0x70–0x7f. Change-Id: I634a3077beedf40816a1f6179ccf92d853979601 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/37604 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com>

commit: 398ca1c3d64b7f6ee8df5f9ae0ce0048e9d33a6b [log] [tgz]
author: Adam Langley <agl@google.com> Thu Sep 19 12:38:39 2019 -0700
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Sep 19 21:40:36 2019 +0000
tree: 62f0c321f49668ad96211f244478ee3d5176381f
parent: bb507838057853688ffe6d4ad044aad8ce5bc654 [diff]
diff --git a/crypto/cpu-intel.c b/crypto/cpu-intel.c
index 1621ef6..832e9d6 100644
--- a/crypto/cpu-intel.c
+++ b/crypto/cpu-intel.c

@@ -164,17 +164,23 @@
   if (is_amd) {
     // See https://www.amd.com/system/files/TechDocs/25481.pdf, page 10.
     const uint32_t base_family = (eax >> 8) & 15;
+    const uint32_t base_model = (eax >> 4) & 15;
 
     uint32_t family = base_family;
+    uint32_t model = base_model;
     if (base_family == 0xf) {
       const uint32_t ext_family = (eax >> 20) & 255;
       family += ext_family;
+      const uint32_t ext_model = (eax >> 16) & 15;
+      model |= ext_model << 4;
     }
 
-    if (family < 0x17) {
+    if (family < 0x17 || (family == 0x17 && 0x70 <= model && model <= 0x7f)) {
       // Disable RDRAND on AMD families before 0x17 (Zen) due to reported
       // failures after suspend.
       // https://bugzilla.redhat.com/show_bug.cgi?id=1150286
+      // Also disable for family 0x17, models 0x70–0x7f, due to possible RDRAND
+      // failures there too.
       ecx &= ~(1u << 30);
     }
   }
commit	398ca1c3d64b7f6ee8df5f9ae0ce0048e9d33a6b	[log] [tgz]
author	Adam Langley <agl@google.com>	Thu Sep 19 12:38:39 2019 -0700
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Thu Sep 19 21:40:36 2019 +0000
tree	62f0c321f49668ad96211f244478ee3d5176381f
parent	bb507838057853688ffe6d4ad044aad8ce5bc654 [diff]