From: Josh Poimboeuf <jpoimboe@redhat.com>
To: speck@linutronix.de
Subject: [MODERATED] Re: [patch V4 04/11] x86/speculation/mds: Add mds_clear_cpu_buffer()
Date: Tue, 26 Feb 2019 08:19:37 -0600 [thread overview]
Message-ID: <20190226141937.7bdg2gs5l4d6z3rf@treble> (raw)
In-Reply-To: <20190222224149.440041789@linutronix.de>
On Fri, Feb 22, 2019 at 11:24:22PM +0100, speck for Thomas Gleixner wrote:
> +MFBDS leaks Fill Buffer Entries. Fill buffers are used internally to manage
> +L1 miss situations and to hold data which is returned or sent in response
> +to a memory or I/O operation. Fill buffers can forward data to a load
> +operation and also write data to the cache. When the fill buffer is
> +deallocated it can retain the stale data of the preceding operations which
> +can then be forwarded to a faulting or assisting load operation, which can
> +be exploited under certain conditions. Fill buffers are shared between
> +Hyper-Threads so cross thread leakage is possible.
> +
> +MLDPS leaks Load Port Data. Load ports are used to perform load operations
MLPDS
> +from memory or I/O. The received data is then forwarded to the register
> +file or a subsequent operation. In some implementations the Load Port can
> +contain stale data from a previous operation which can be forwarded to
> +faulting or assisting loads under certain conditions, which again can be
> +exploited eventually. Load ports are shared between Hyper-Threads so cross
> +thread leakage is possible.
> +
> +
> +Exposure assumptions
> +--------------------
> +
> +It is assumed that attack code resides in user space or in a guest with one
> +exception. The rationale behind this assumption is that the code construct
> +needed for exploiting MDS requires:
> +
> + - to control the load to trigger a fault or assist
> +
> + - to have a disclosure gadget which exposes the speculatively accessed
> + data for consumption through a side channel.
> +
> + - to control the pointer through which the disclosure gadget exposes the
> + data
> +
> +The existence of such a construct cannot be excluded with 100% certainty,
> +but the complexity involved makes it extremly unlikely.
The existence of such a construct *in the kernel* cannot be excluded...
> +There is one exception, which is untrusted BPF. The functionality of
> +untrusted BPF is limited, but it needs to be thoroughly investigated
> +whether it can be used to create such a construct.
> +
> +
> +Mitigation strategy
> +-------------------
> +
> +All variants have the same mitigation strategy at least for the single CPU
> +thread case (SMT off): Force the CPU to clear the affected buffers.
> +
> +This is achieved by using the otherwise unused and obsolete VERW
> +instruction in combination with a microcode update. The microcode clears
> +the affected CPU buffers when the VERW instruction is executed.
> +
> +For virtualization there are two ways to achieve CPU buffer
> +clearing. Either the modified VERW instruction or via the L1D Flush
> +command. The latter is issued when L1TF mitigation is enabled so the extra
> +VERW can be avoided. If the CPU is not affected by L1TF then VERW needs to
> +be issued.
> +
> +If the VERW instruction with the supplied segment selector argument is
> +executed on a CPU without the microcode update there is no side effect
> +other than a small number of pointlessly wasted CPU cycles.
> +
> +This does not protect against cross Hyper-Thread attacks except for MSBDS
> +which is only exploitable cross Hyper-thread when one of the Hyper-Threads
> +enters a C-state.
> +
> +The kernel provides a function to invoke the buffer clearing:
> +
> + mds_clear_cpu_buffers()
> +
> +The mitigation is invoked on kernel/userspace, hypervisor/guest and C-state
> +(idle) transitions. Depending on the mitigation mode and the system state
> +the invocation can be enforced or conditional.
The conditional bit isn't true (yet?).
What does "enforced" mean in this context? s/enforced/unconditional ?
Maybe the last sentence can be removed entirely.
--
Josh
next prev parent reply other threads:[~2019-02-26 14:19 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-22 22:24 [patch V4 00/11] MDS basics Thomas Gleixner
2019-02-22 22:24 ` [patch V4 01/11] x86/msr-index: Cleanup bit defines Thomas Gleixner
2019-02-22 22:24 ` [patch V4 02/11] x86/speculation/mds: Add basic bug infrastructure for MDS Thomas Gleixner
2019-02-23 1:28 ` [MODERATED] " Linus Torvalds
2019-02-23 7:42 ` Thomas Gleixner
2019-02-27 13:04 ` Thomas Gleixner
2019-02-22 22:24 ` [patch V4 03/11] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests Thomas Gleixner
2019-02-22 22:24 ` [patch V4 04/11] x86/speculation/mds: Add mds_clear_cpu_buffer() Thomas Gleixner
2019-02-25 16:06 ` [MODERATED] " Frederic Weisbecker
2019-02-26 14:19 ` Josh Poimboeuf [this message]
2019-03-01 20:58 ` [MODERATED] Encrypted Message Jon Masters
2019-03-01 22:14 ` Jon Masters
2019-02-26 15:00 ` [MODERATED] Re: [patch V4 04/11] x86/speculation/mds: Add mds_clear_cpu_buffer() David Woodhouse
2019-02-22 22:24 ` [patch V4 05/11] x86/speculation/mds: Clear CPU buffers on exit to user Thomas Gleixner
2019-02-25 21:04 ` [MODERATED] " Greg KH
2019-02-26 15:20 ` Josh Poimboeuf
2019-02-26 20:26 ` Thomas Gleixner
2019-02-22 22:24 ` [patch V4 06/11] x86/speculation/mds: Conditionally clear CPU buffers on idle entry Thomas Gleixner
2019-02-25 21:09 ` [MODERATED] " Greg KH
2019-02-26 15:31 ` Josh Poimboeuf
2019-02-26 20:20 ` Thomas Gleixner
2019-02-22 22:24 ` [patch V4 07/11] x86/speculation/mds: Add mitigation control for MDS Thomas Gleixner
2019-02-25 20:17 ` [MODERATED] " mark gross
2019-02-26 15:50 ` Josh Poimboeuf
2019-02-26 20:16 ` Thomas Gleixner
2019-02-22 22:24 ` [patch V4 08/11] x86/speculation/mds: Add sysfs reporting " Thomas Gleixner
2019-02-22 22:24 ` [patch V4 09/11] x86/speculation/mds: Add mitigation mode VMWERV Thomas Gleixner
2019-02-23 9:52 ` [MODERATED] " Greg KH
2019-02-25 20:31 ` mark gross
2019-02-26 0:34 ` Andrew Cooper
2019-02-26 18:51 ` mark gross
2019-02-26 19:29 ` Thomas Gleixner
2019-02-22 22:24 ` [patch V4 10/11] Documentation: Move L1TF to separate directory Thomas Gleixner
2019-02-23 8:41 ` [MODERATED] " Greg KH
2019-02-22 22:24 ` [patch V4 11/11] Documentation: Add MDS vulnerability documentation Thomas Gleixner
2019-02-23 9:58 ` [MODERATED] " Greg KH
2019-02-26 20:11 ` Thomas Gleixner
2019-02-25 18:02 ` [MODERATED] " Dave Hansen
2019-02-26 20:10 ` Thomas Gleixner
2019-02-23 0:53 ` [MODERATED] Re: [patch V4 00/11] MDS basics Andrew Cooper
2019-02-23 14:12 ` Peter Zijlstra
2019-02-25 16:38 ` mark gross
2019-02-26 19:58 ` Thomas Gleixner
2019-02-26 16:28 ` [MODERATED] " Tyler Hicks
2019-02-26 19:58 ` Thomas Gleixner
2019-02-26 18:58 ` [MODERATED] " Kanth Ghatraju
2019-02-26 19:59 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190226141937.7bdg2gs5l4d6z3rf@treble \
--to=jpoimboe@redhat.com \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).