historical-speck.lore.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Mark Gross <mgross@linux.intel.com>
To: speck@linutronix.de
Subject: [MODERATED] [PATCH 4/4] more sampling fun 4
Date: Thu, 16 Apr 2020 18:21:51 +0200	[thread overview]
Message-ID: <=?utf-8?q?=3Ca49dc9722824aa7630d3cbe95d43b792b61130aa=2E158800?= =?utf-8?q?1122=2Egit=2Emgross=40linux=2Eintel=2Ecom=3E?=> (raw)
In-Reply-To: <cover.1588001122.git.mgross@linux.intel.com>

From: Mark Gross <mgross@linux.intel.com>
Subject: [PATCH 4/4] x86/speculation: Add SRBDS vulnerability and mitigation

commit 7222a1b5b87417f22265c92deea76a6aecd0fb0f upstream

Add documentation for the SRBDS vulnerability and its mitigation.

 [ bp: Massage.
   jpoimboe: sysfs table strings. ]

Signed-off-by: Mark Gross <mgross@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
 .../special-register-buffer-data-sampling.rst | 148 ++++++++++++++++++
 Documentation/hw-vuln/index.rst               |   1 +
 2 files changed, 149 insertions(+)
 create mode 100644 Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst

diff --git a/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst b/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst
new file mode 100644
index 000000000000..6a473da80b62
--- /dev/null
+++ b/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst
@@ -0,0 +1,148 @@
+.. SPDX-License-Identifier: GPL-2.0
+SRBDS - Special Register Buffer Data Sampling
+SRBDS is a hardware vulnerability that allows MDS :doc:`mds` techniques to
+infer values returned from special register accesses.  Special register
+accesses are accesses to off core registers.  According to Intel's evaluation,
+the special register reads that have a security expectation of privacy are
+When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved
+to the core through the special register mechanism that is susceptible
+to MDS attacks.
+Affected processors
+Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may
+be affected.
+A processor is affected by SRBDS if its Family_Model and stepping is
+in the following list, with the exception of the listed processors
+exporting MDS_NO while Intel TSX is available yet not enabled. The
+latter class of processors are only affected when Intel TSX is enabled
+by software using TSX_CTRL_MSR otherwise they are not affected.
+  =============  ============  ========
+  common name    Family_Model  Stepping
+  =============  ============  ========
+  Haswell        06_3CH        All
+  Haswell_L      06_45H        All
+  Haswell_G      06_46H        All
+  Broadwell_G    06_47H        All
+  Broadwell      06_3DH        All
+  Skylake_L      06_4EH        All
+  Skylake        06_5EH        All
+  Kabylake_L     06_8EH        <=0xC
+  Kabylake       06_9EH        <=0xD
+  =============  ============  ========
+Related CVEs
+The following CVE entry is related to this SRBDS issue:
+    ==============  =====  =====================================
+    CVE-2020-0543   SRBDS  Special Register Buffer Data Sampling
+    ==============  =====  =====================================
+Attack scenarios
+An unprivileged user can extract values returned from RDRAND and RDSEED
+executed on another core or sibling thread using MDS techniques.
+Mitigation mechanism
+Intel will release microcode updates that modify the RDRAND, RDSEED, and
+EGETKEY instructions to overwrite secret special register data in the shared
+staging buffer before the secret data can be accessed by another logical
+During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core
+accesses from other logical processors will be delayed until the special
+register read is complete and the secret data in the shared staging buffer is
+This has three effects on performance:
+#. RDRAND, RDSEED, or EGETKEY instructions have higher latency.
+#. Executing RDRAND at the same time on multiple logical processors will be
+   serialized, resulting in an overall reduction in the maximum RDRAND
+   bandwidth.
+#. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other
+   logical processors that miss their core caches, with an impact similar to
+   legacy locked cache-line-split accesses.
+The microcode updates provide an opt-out mechanism (RNGDS_MITG_DIS) to disable
+the mitigation for RDRAND and RDSEED instructions executed outside of Intel
+Software Guard Extensions (Intel SGX) enclaves. On logical processors that
+disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not
+take longer to execute and do not impact performance of sibling logical
+processors memory accesses. The opt-out mechanism does not affect Intel SGX
+enclaves (including execution of RDRAND or RDSEED inside an enclave, as well
+as EGETKEY execution).
+IA32_MCU_OPT_CTRL MSR Definition
+Along with the mitigation for this issue, Intel added a new thread-scope
+IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and
+RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL =
+9]==1. This MSR is introduced through the microcode update.
+Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor
+disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX
+enclave on that logical processor. Opting out of the mitigation for a
+particular logical processor does not affect the RDRAND and RDSEED mitigations
+for other logical processors.
+Note that inside of an Intel SGX enclave, the mitigation is applied regardless
+of the value of RNGDS_MITG_DS.
+Mitigation control on the kernel command line
+The kernel command line allows control over the SRBDS mitigation at boot time
+with the option "srbds=".  The option for this is:
+  ============= =============================================================
+  off           This option disables SRBDS mitigation for RDRAND and RDSEED on
+                affected platforms.
+  ============= =============================================================
+SRBDS System Information
+The Linux kernel provides vulnerability status information through sysfs.  For
+SRBDS this can be accessed by the following sysfs file:
+The possible values contained in this file are:
+ ============================== =============================================
+ Not affected                   Processor not vulnerable
+ Vulnerable                     Processor vulnerable and mitigation disabled
+ Vulnerable: No microcode       Processor vulnerable and microcode is missing
+                                mitigation
+ Mitigation: Microcode          Processor is vulnerable and mitigation is in
+                                effect.
+ Mitigation: TSX disabled       Processor is only vulnerable when TSX is
+                                enabled while this system was booted with TSX
+                                disabled.
+ Unknown: Dependent on
+ hypervisor status              Running on virtual guest processor that is
+                                affected but with no way to know if host
+                                processor is mitigated or vulnerable.
+ ============================== =============================================
+SRBDS Default mitigation
+This new microcode serializes processor access during execution of RDRAND,
+RDSEED ensures that the shared buffer is overwritten before it is released for
+reuse.  Use the "srbds=off" kernel command line to disable the mitigation for
diff --git a/Documentation/hw-vuln/index.rst b/Documentation/hw-vuln/index.rst
index 24f53c501366..42247f412e63 100644
--- a/Documentation/hw-vuln/index.rst
+++ b/Documentation/hw-vuln/index.rst
@@ -13,3 +13,4 @@ are configurable at compile, boot or run time.
+   special-register-buffer-data-sampling.rst

  parent reply	other threads:[~2020-04-27 15:35 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-27 15:25 [MODERATED] [PATCH 0/4] more sampling fun 0 mark gross
2020-04-16 15:23 ` [MODERATED] [PATCH 1/4] more sampling fun 1 Mark Gross
2020-04-16 15:32 ` [MODERATED] [PATCH 2/4] more sampling fun 2 Mark Gross
2020-04-16 15:54 ` [MODERATED] [PATCH 3/4] more sampling fun 3 Mark Gross
2020-04-16 16:21 ` Mark Gross [this message]
     [not found] ` <a49dc9722824aa7630d3cbe95d43b792b61130aa.158800=?utf-8?q?1122?= .git.mgross@linux.intel.com>
2020-05-04 23:54   ` [MODERATED] Re: [PATCH 4/4] more sampling fun 4 Ben Hutchings
2020-05-05 21:26     ` mark gross
2020-06-07 14:57     ` Salvatore Bonaccorso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='=?utf-8?q?=3Ca49dc9722824aa7630d3cbe95d43b792b61130aa=2E158800?= =?utf-8?q?1122=2Egit=2Emgross=40linux=2Eintel=2Ecom=3E?=' \
    --to=mgross@linux.intel.com \
    --cc=speck@linutronix.de \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).