Commit 8b4d37db authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'x86/srbds' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 

Pull x86 srbds fixes from Thomas Gleixner:
 "The 9th episode of the dime novel "The performance killer" with the
  subtitle "Slow Randomizing Boosts Denial of Service".

  SRBDS is an MDS-like speculative side channel that can leak bits from
  the random number generator (RNG) across cores and threads. New
  microcode serializes the processor access during the execution of
  RDRAND and RDSEED. This ensures that the shared buffer is overwritten
  before it is released for reuse. This is equivalent to a full bus
  lock, which means that many threads running the RNG instructions in
  parallel have the same effect as the same amount of threads issuing a
  locked instruction targeting an address which requires locking of two
  cachelines at once.

  The mitigation support comes with the usual pile of unpleasant
  ingredients:

   - command line options

   - sysfs file

   - microcode checks

   - a list of vulnerable CPUs identified by model and stepping this
     time which requires stepping match support for the cpu match logic.

   - the inevitable slowdown of affected CPUs"

* branch 'x86/srbds' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/speculation: Add Ivy Bridge to affected list
  x86/speculation: Add SRBDS vulnerability and mitigation documentation
  x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation
  x86/cpu: Add 'table' argument to cpu_matches()
parents abfbb292 3798cc4d

Documentation/ABI/testing/sysfs-devices-system-cpu

+1 −0
Original line number Diff line number Diff line
@@ -486,6 +486,7 @@ What: /sys/devices/system/cpu/vulnerabilities 
		/sys/devices/system/cpu/vulnerabilities/spec_store_bypass

		/sys/devices/system/cpu/vulnerabilities/l1tf

		/sys/devices/system/cpu/vulnerabilities/mds

		/sys/devices/system/cpu/vulnerabilities/srbds

		/sys/devices/system/cpu/vulnerabilities/tsx_async_abort

		/sys/devices/system/cpu/vulnerabilities/itlb_multihit

Date:		January 2018

Documentation/admin-guide/hw-vuln/index.rst

+1 −0
Original line number Diff line number Diff line
@@ -14,3 +14,4 @@ are configurable at compile, boot or run time. 
   mds

   tsx_async_abort

   multihit.rst

   special-register-buffer-data-sampling.rst

Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst

0 → 100644
+149 −0
Original line number Diff line number Diff line 
.. SPDX-License-Identifier: GPL-2.0



SRBDS - Special Register Buffer Data Sampling

=============================================



SRBDS is a hardware vulnerability that allows MDS :doc:`mds` techniques to

infer values returned from special register accesses.  Special register

accesses are accesses to off core registers.  According to Intel's evaluation,

the special register reads that have a security expectation of privacy are

RDRAND, RDSEED and SGX EGETKEY.



When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved

to the core through the special register mechanism that is susceptible

to MDS attacks.



Affected processors

--------------------

Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may

be affected.



A processor is affected by SRBDS if its Family_Model and stepping is

in the following list, with the exception of the listed processors

exporting MDS_NO while Intel TSX is available yet not enabled. The

latter class of processors are only affected when Intel TSX is enabled

by software using TSX_CTRL_MSR otherwise they are not affected.



  =============  ============  ========

  common name    Family_Model  Stepping

  =============  ============  ========

  IvyBridge      06_3AH        All



  Haswell        06_3CH        All

  Haswell_L      06_45H        All

  Haswell_G      06_46H        All



  Broadwell_G    06_47H        All

  Broadwell      06_3DH        All



  Skylake_L      06_4EH        All

  Skylake        06_5EH        All



  Kabylake_L     06_8EH        <= 0xC

  Kabylake       06_9EH        <= 0xD

  =============  ============  ========



Related CVEs

------------



The following CVE entry is related to this SRBDS issue:



    ==============  =====  =====================================

    CVE-2020-0543   SRBDS  Special Register Buffer Data Sampling

    ==============  =====  =====================================



Attack scenarios

----------------

An unprivileged user can extract values returned from RDRAND and RDSEED

executed on another core or sibling thread using MDS techniques.





Mitigation mechanism

-------------------

Intel will release microcode updates that modify the RDRAND, RDSEED, and

EGETKEY instructions to overwrite secret special register data in the shared

staging buffer before the secret data can be accessed by another logical

processor.



During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core

accesses from other logical processors will be delayed until the special

register read is complete and the secret data in the shared staging buffer is

overwritten.



This has three effects on performance:



#. RDRAND, RDSEED, or EGETKEY instructions have higher latency.



#. Executing RDRAND at the same time on multiple logical processors will be

   serialized, resulting in an overall reduction in the maximum RDRAND

   bandwidth.



#. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other

   logical processors that miss their core caches, with an impact similar to

   legacy locked cache-line-split accesses.



The microcode updates provide an opt-out mechanism (RNGDS_MITG_DIS) to disable

the mitigation for RDRAND and RDSEED instructions executed outside of Intel

Software Guard Extensions (Intel SGX) enclaves. On logical processors that

disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not

take longer to execute and do not impact performance of sibling logical

processors memory accesses. The opt-out mechanism does not affect Intel SGX

enclaves (including execution of RDRAND or RDSEED inside an enclave, as well

as EGETKEY execution).



IA32_MCU_OPT_CTRL MSR Definition

--------------------------------

Along with the mitigation for this issue, Intel added a new thread-scope

IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and

RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL =

9]==1. This MSR is introduced through the microcode update.



Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor

disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX

enclave on that logical processor. Opting out of the mitigation for a

particular logical processor does not affect the RDRAND and RDSEED mitigations

for other logical processors.



Note that inside of an Intel SGX enclave, the mitigation is applied regardless

of the value of RNGDS_MITG_DS.



Mitigation control on the kernel command line

---------------------------------------------

The kernel command line allows control over the SRBDS mitigation at boot time

with the option "srbds=".  The option for this is:



  ============= =============================================================

  off           This option disables SRBDS mitigation for RDRAND and RDSEED on

                affected platforms.

  ============= =============================================================



SRBDS System Information

-----------------------

The Linux kernel provides vulnerability status information through sysfs.  For

SRBDS this can be accessed by the following sysfs file:

/sys/devices/system/cpu/vulnerabilities/srbds



The possible values contained in this file are:



 ============================== =============================================

 Not affected                   Processor not vulnerable

 Vulnerable                     Processor vulnerable and mitigation disabled

 Vulnerable: No microcode       Processor vulnerable and microcode is missing

                                mitigation

 Mitigation: Microcode          Processor is vulnerable and mitigation is in

                                effect.

 Mitigation: TSX disabled       Processor is only vulnerable when TSX is

                                enabled while this system was booted with TSX

                                disabled.

 Unknown: Dependent on

 hypervisor status              Running on virtual guest processor that is

                                affected but with no way to know if host

                                processor is mitigated or vulnerable.

 ============================== =============================================



SRBDS Default mitigation

------------------------

This new microcode serializes processor access during execution of RDRAND,

RDSEED ensures that the shared buffer is overwritten before it is released for

reuse.  Use the "srbds=off" kernel command line to disable the mitigation for

RDRAND and RDSEED.

Documentation/admin-guide/kernel-parameters.txt

+20 −0
Original line number Diff line number Diff line
@@ -4837,6 +4837,26 @@ 
			the kernel will oops in either "warn" or "fatal"

			mode.



	srbds=		[X86,INTEL]

			Control the Special Register Buffer Data Sampling

			(SRBDS) mitigation.



			Certain CPUs are vulnerable to an MDS-like

			exploit which can leak bits from the random

			number generator.



			By default, this issue is mitigated by

			microcode.  However, the microcode fix can cause

			the RDRAND and RDSEED instructions to become

			much slower.  Among other effects, this will

			result in reduced throughput from /dev/urandom.



			The microcode mitigation can be disabled with

			the following option:



			off:    Disable mitigation and remove

				performance impact to RDRAND and RDSEED



	srcutree.counter_wrap_check [KNL]

			Specifies how frequently to check for

			grace-period sequence counter wrap for the

arch/x86/include/asm/cpufeatures.h

+2 −0
Original line number Diff line number Diff line
@@ -362,6 +362,7 @@ 
#define X86_FEATURE_AVX512_4FMAPS	(18*32+ 3) /* AVX-512 Multiply Accumulation Single precision */

#define X86_FEATURE_FSRM		(18*32+ 4) /* Fast Short Rep Mov */

#define X86_FEATURE_AVX512_VP2INTERSECT (18*32+ 8) /* AVX-512 Intersect for D/Q */

#define X86_FEATURE_SRBDS_CTRL		(18*32+ 9) /* "" SRBDS mitigation MSR available */

#define X86_FEATURE_MD_CLEAR		(18*32+10) /* VERW clears CPU buffers */

#define X86_FEATURE_TSX_FORCE_ABORT	(18*32+13) /* "" TSX_FORCE_ABORT */

#define X86_FEATURE_PCONFIG		(18*32+18) /* Intel PCONFIG */
@@ -407,5 +408,6 @@ 
#define X86_BUG_SWAPGS			X86_BUG(21) /* CPU is affected by speculation through SWAPGS */

#define X86_BUG_TAA			X86_BUG(22) /* CPU is affected by TSX Async Abort(TAA) */

#define X86_BUG_ITLB_MULTIHIT		X86_BUG(23) /* CPU may incur MCE during certain page attribute changes */

#define X86_BUG_SRBDS			X86_BUG(24) /* CPU may leak RNG bits if not mitigated */



#endif /* _ASM_X86_CPUFEATURES_H */