historical-speck.lore.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Josh Poimboeuf <jpoimboe@redhat.com>
To: speck@linutronix.de
Subject: [MODERATED] Re: [PATCH 3/3] v4 more sampling fun 3
Date: Wed, 25 Mar 2020 22:25:21 -0500	[thread overview]
Message-ID: <20200326032521.mex4v6er77nlbgft@treble> (raw)
In-Reply-To: =?utf-8?q?=3Cdf0d532bc07ae6078a1051f41d40bc3a4487b51d=2E15845?= =?utf-8?q?66871=2Egit=2Emgross=40linux=2Eintel=2Ecom=3E?=

On Thu, Jan 30, 2020 at 11:12:02AM -0800, speck for mark gross wrote:
> From: mark gross <mgross@linux.intel.com>
> Subject: [PATCH 3/3] x86/speculation: SRBDS vulnerability and mitigation
>  documentation
> 
> Add documentation for the SRBDS vulnerability and its mitigation.
> 
> Reviewed-by: Tony Luck <tony.luck@intel.com>
> Signed-off-by: Mark Gross <mgross@linux.intel.com>
> ---
>  Documentation/admin-guide/hw-vuln/index.rst   |   2 +
>  .../special-register-buffer-data-sampling.rst | 150 ++++++++++++++++++
>  2 files changed, 152 insertions(+)
>  create mode 100644 Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst
> 
> diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst
> index 0795e3c2643f..99d5b3244ef9 100644
> --- a/Documentation/admin-guide/hw-vuln/index.rst
> +++ b/Documentation/admin-guide/hw-vuln/index.rst
> @@ -14,3 +14,5 @@ are configurable at compile, boot or run time.
>     mds
>     tsx_async_abort
>     multihit.rst
> +   special-register-buffer-data-sampling.rst
> +
> diff --git a/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst b/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst
> new file mode 100644
> index 000000000000..1fae5f455eb8
> --- /dev/null
> +++ b/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst
> @@ -0,0 +1,150 @@
> +.. SPDX-License-Identifier: GPL-2.0
> +
> +SRBDS - Special Register Buffer Data Sampling
> +=============================================
> +
> +SRBDS is a hardware vulnerability that allows MDS :doc:`mds` techniques to
> +infer values returned from special register accesses.  Special register
> +accesses are accesses to off core registers.  According to Intels evaluation,

Intel's

> +the special register reads that have a security expectation of privacy are:
> +RDRAND, RDSEED and SGX EGETKEY.
> +
> +When RDRAND RDSEED and EGETKEY instructions are used the data is moved to the
> +core through the special register mechanism that is susceptible to MDS attacks.
> +
> +Affected processors
> +--------------------
> +Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED and
> +are vulnerable to MFBDS (Micro architectural Fill Buffer Data Sampling) variant
> +of MDS (Micro architectural Data Sampling) or to the TAA (TSX Asynchronous
> +Abort) when TSX is enabled,
> +
> +  =============  ============  ==========================
> +  common name    Family_Model  Stepping
> +  =============  ============  ==========================
> +  Ivybridge      06_3AH        All
> +
> +  Haswell        06_3CH        All
> +  Haswell_L      06_45H        All
> +  Haswell_G      06_46H        All
> +
> +  Broadwell_G    06_47H        All
> +  Broadwell      06_3DH        All
> +
> +  Skylake_L      06_4EH        All
> +  Skylake        06_5EH        All
> +
> +  Kabylake_L     06_8EH        <=A
> +  Kabylake_L     06_8EH        0xB only if TSX is enabled
> +  Kabylake_L     06_8EH        0xC only if TSX is enabled
> +
> +  Kabylake       06_9EH        <=B
> +  Kabylake       06_9EH        0xC only if TSX is enabled
> +  Kabylake       06_9EH        0xD only if TSX is enabled
> +  =============  ============  ==========================
> +
> +Related CVEs
> +------------
> +
> +The following CVE entry is related to this SRBDS issue:
> +
> +    ==============  =====  =====================================
> +    CVE-2020-0543   SRBDS  Speical Register Buffer Data Sampling
> +    ==============  =====  =====================================
> +
> +Attack scenarios
> +----------------
> +An unprivileged user can extract returned values from RDRAND and RDSEED
> +executed on another core or sibling thread using MDS techniques.
> +
> +
> +Mitigtion mechanism

Mitigation

> +-------------------
> +Intel will release microcode updates that modify the RDRAND, RDSEED, and
> +EGETKEY instructions to overwrite secret special register data in the shared
> +staging buffer before the secret data can be accessed by another logical
> +processor.
> +
> +During execution of the RDRAND, RDSEED, or EGETKEY instruction, off-core
> +accesses from other logical processors will be delayed until the special
> +register read is complete and the secret data in the shared staging buffer is
> +overwritten.
> +
> +This has three effects on performance:
> +
> +#. RDRAND, RDSEED, or EGETKEY instruction have higher latency.
> +
> +#. Executing RDRAND at the same time on multiple logical processors will be
> +   serialized, resulting in an overall reduction in the maximum RDRAND
> +   bandwidth.
> +
> +#. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other
> +   logical processors that miss their core caches, with an impact similar to
> +   legacy locked cache-line-split accesses.
> +
> +Because of the performance impact of the mitigation, the microcode updates also
> +provide an opt-out mechanism (RNGDS_MITG_DIS) to disable the mitigation for
> +RDRAND and RDSEED instructions executed outside of Intel Software Guard
> +Extensions (Intel SGX) enclaves. On logical processors that disable the
> +mitigation using this opt-out mechanism, RDRAND and RDSEED do not take longer
> +to execute and do not impact performance of sibling logical processors memory
> +accesses. The opt-out mechanism does not affect Intel SGX enclaves (including
> +execution of RDRAND or RDSEED inside of an enclave, as well as EGETKEY
> +execution).
> +
> +IA32_MCU_OPT_CTRL MSR Definition
> +--------------------------------
> +Along with the mitigation for this issue, Intel added a new thread-scope
> +IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and
> +RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL =
> +9]==1. This MSR is introduced through the microcode update.
> +
> +Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor
> +disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX
> +enclave on that logical processor. Opting out of the mitigation for a
> +particular logical processor does not affect the RDRAND and RDSEED mitigations
> +for other logical processors.
> +
> +Note that inside of an Intel SGX enclave, the mitigation is applied regardless
> +of the value of RNGDS_MITG_DS.
> +
> +Mitigation control on the kernel command line
> +---------------------------------------------
> +The kernel command line allows control over the SRBDS mitigation at boot time
> +with the option "srbds=".  The option for this is:
> +
> +  ============= =============================================================
> +  off           This option disables SRBS mitigation for RDRAND and RDSEED on
> +                affected platforms.
> +  ============= =============================================================
> +
> +SRBS System Information

SRBDS

> +-----------------------
> +The Linux kernel provides vulnerability status information through sysfs.  For
> +SRBDS this can be accessed by the following sysfs file:
> +/sys/devices/system/cpu/vulnerabilities/special_register_data_sampling

should be the full name, or "srbds" as I said in my review for patch 2

> +
> +The possible values contained in this file are:
> +
> + ============================== =============================================
> + Not affected                   Processor not vulnerable
> + Vulnerable                     Processor vulnerable and mitigation disabled
> + Vulnerable: no microcode       Processor vulnerable and microcode is missing
> +                                mitigation
> + Mitigated                      Processor is vulnerable and mitigation is in
> +                                effect.
> + Not affected (TSX disabled)    Processor is only vulnerable when TSX is
> +                                enabled while this system was booted with TSX
> +                                disabled.
> + Unknown                        Running on virtual guest processor that is
> +                                affected but with no way to know if host
> +                                processor is mitigated or vulnerable.
> + ============================== =============================================
> +
> +SRBDS Default mitigation
> +------------------------
> +This new microcode serializes processor access during execution of RDRAND,
> +RDSEED ensures that the shared buffer is overwritten before it is released for
> +reuse use the "srbds=off" kernel command line to disable the mitigation for
> +RDRAND and RDSEED.

Run-on sentence...

-- 
Josh

  parent reply	other threads:[~2020-03-26  3:25 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-18 21:27 [MODERATED] [PATCH 0/3] v4 more sampling fun 0 mark gross
2020-01-16 22:16 ` [MODERATED] [PATCH 2/3] v4 more sampling fun 2 mark gross
2020-01-30 19:12 ` [MODERATED] [PATCH 3/3] v4 more sampling fun 3 mark gross
2020-03-17  0:56 ` [MODERATED] [PATCH 1/3] v4 more sampling fun 1 mark gross
     [not found] ` <5e7296c7.1c69fb81.f9a2f.00ebSMTPIN_ADDED_BROKEN@mx.google.com>
2020-03-19  8:50   ` [MODERATED] " Greg KH
2020-03-19 15:40     ` mark gross
2020-03-19 15:50       ` Luck, Tony
2020-03-19 16:34         ` Greg KH
2020-03-19 18:13     ` Thomas Gleixner
2020-03-26  3:19 ` [MODERATED] Re: [PATCH 2/3] v4 more sampling fun 2 Josh Poimboeuf
2020-03-27 16:20   ` mark gross
2020-03-27 17:23     ` Luck, Tony
2020-03-27 19:12       ` mark gross
2020-03-27 17:37     ` Josh Poimboeuf
2020-03-27 19:27       ` mark gross
2020-03-26  3:25 ` Josh Poimboeuf [this message]
2020-03-27 16:28   ` [MODERATED] Re: [PATCH 3/3] v4 more sampling fun 3 mark gross

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200326032521.mex4v6er77nlbgft@treble \
    --to=jpoimboe@redhat.com \
    --cc=speck@linutronix.de \
    --subject='[MODERATED] Re: [PATCH 3/3] v4 more sampling fun 3' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).