Drop "x86/speculation: Add SRBDS vulnerability and mitigation documentation"
This commit is contained in:
parent
68c22bc508
commit
bac476321f
|
@ -480,7 +480,6 @@ linux (4.19.128-1) UNRELEASED; urgency=medium
|
|||
- staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
|
||||
- CDC-ACM: heed quirk also in error handling
|
||||
- nvmem: qfprom: remove incorrect write support
|
||||
- x86/speculation: Add SRBDS vulnerability and mitigation documentation
|
||||
- x86/speculation: Add Ivy Bridge to affected list
|
||||
- uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned
|
||||
- Revert "net/mlx5: Annotate mutex destroy for root ns"
|
||||
|
|
|
@ -1,185 +0,0 @@
|
|||
From: Mark Gross <mgross@linux.intel.com>
|
||||
Date: Thu, 16 Apr 2020 18:21:51 +0200
|
||||
Subject: [4/5] x86/speculation: Add SRBDS vulnerability and mitigation
|
||||
documentation
|
||||
Origin: https://git.kernel.org/linus/7222a1b5b87417f22265c92deea76a6aecd0fb0f
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-0543
|
||||
|
||||
Add documentation for the SRBDS vulnerability and its mitigation.
|
||||
|
||||
[ bp: Massage.
|
||||
jpoimboe: sysfs table strings. ]
|
||||
|
||||
Signed-off-by: Mark Gross <mgross@linux.intel.com>
|
||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
||||
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
|
||||
---
|
||||
Documentation/admin-guide/hw-vuln/index.rst | 1 +
|
||||
.../special-register-buffer-data-sampling.rst | 148 ++++++++++++++++++
|
||||
2 files changed, 149 insertions(+)
|
||||
create mode 100644 Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst
|
||||
|
||||
diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst
|
||||
index 0795e3c2643f..ca4dbdd9016d 100644
|
||||
--- a/Documentation/admin-guide/hw-vuln/index.rst
|
||||
+++ b/Documentation/admin-guide/hw-vuln/index.rst
|
||||
@@ -14,3 +14,4 @@ are configurable at compile, boot or run time.
|
||||
mds
|
||||
tsx_async_abort
|
||||
multihit.rst
|
||||
+ special-register-buffer-data-sampling.rst
|
||||
diff --git a/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst b/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst
|
||||
new file mode 100644
|
||||
index 000000000000..6a473da80b62
|
||||
--- /dev/null
|
||||
+++ b/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst
|
||||
@@ -0,0 +1,148 @@
|
||||
+.. SPDX-License-Identifier: GPL-2.0
|
||||
+
|
||||
+SRBDS - Special Register Buffer Data Sampling
|
||||
+=============================================
|
||||
+
|
||||
+SRBDS is a hardware vulnerability that allows MDS :doc:`mds` techniques to
|
||||
+infer values returned from special register accesses. Special register
|
||||
+accesses are accesses to off core registers. According to Intel's evaluation,
|
||||
+the special register reads that have a security expectation of privacy are
|
||||
+RDRAND, RDSEED and SGX EGETKEY.
|
||||
+
|
||||
+When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved
|
||||
+to the core through the special register mechanism that is susceptible
|
||||
+to MDS attacks.
|
||||
+
|
||||
+Affected processors
|
||||
+--------------------
|
||||
+Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may
|
||||
+be affected.
|
||||
+
|
||||
+A processor is affected by SRBDS if its Family_Model and stepping is
|
||||
+in the following list, with the exception of the listed processors
|
||||
+exporting MDS_NO while Intel TSX is available yet not enabled. The
|
||||
+latter class of processors are only affected when Intel TSX is enabled
|
||||
+by software using TSX_CTRL_MSR otherwise they are not affected.
|
||||
+
|
||||
+ ============= ============ ========
|
||||
+ common name Family_Model Stepping
|
||||
+ ============= ============ ========
|
||||
+ Haswell 06_3CH All
|
||||
+ Haswell_L 06_45H All
|
||||
+ Haswell_G 06_46H All
|
||||
+
|
||||
+ Broadwell_G 06_47H All
|
||||
+ Broadwell 06_3DH All
|
||||
+
|
||||
+ Skylake_L 06_4EH All
|
||||
+ Skylake 06_5EH All
|
||||
+
|
||||
+ Kabylake_L 06_8EH <=0xC
|
||||
+
|
||||
+ Kabylake 06_9EH <=0xD
|
||||
+ ============= ============ ========
|
||||
+
|
||||
+Related CVEs
|
||||
+------------
|
||||
+
|
||||
+The following CVE entry is related to this SRBDS issue:
|
||||
+
|
||||
+ ============== ===== =====================================
|
||||
+ CVE-2020-0543 SRBDS Special Register Buffer Data Sampling
|
||||
+ ============== ===== =====================================
|
||||
+
|
||||
+Attack scenarios
|
||||
+----------------
|
||||
+An unprivileged user can extract values returned from RDRAND and RDSEED
|
||||
+executed on another core or sibling thread using MDS techniques.
|
||||
+
|
||||
+
|
||||
+Mitigation mechanism
|
||||
+-------------------
|
||||
+Intel will release microcode updates that modify the RDRAND, RDSEED, and
|
||||
+EGETKEY instructions to overwrite secret special register data in the shared
|
||||
+staging buffer before the secret data can be accessed by another logical
|
||||
+processor.
|
||||
+
|
||||
+During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core
|
||||
+accesses from other logical processors will be delayed until the special
|
||||
+register read is complete and the secret data in the shared staging buffer is
|
||||
+overwritten.
|
||||
+
|
||||
+This has three effects on performance:
|
||||
+
|
||||
+#. RDRAND, RDSEED, or EGETKEY instructions have higher latency.
|
||||
+
|
||||
+#. Executing RDRAND at the same time on multiple logical processors will be
|
||||
+ serialized, resulting in an overall reduction in the maximum RDRAND
|
||||
+ bandwidth.
|
||||
+
|
||||
+#. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other
|
||||
+ logical processors that miss their core caches, with an impact similar to
|
||||
+ legacy locked cache-line-split accesses.
|
||||
+
|
||||
+The microcode updates provide an opt-out mechanism (RNGDS_MITG_DIS) to disable
|
||||
+the mitigation for RDRAND and RDSEED instructions executed outside of Intel
|
||||
+Software Guard Extensions (Intel SGX) enclaves. On logical processors that
|
||||
+disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not
|
||||
+take longer to execute and do not impact performance of sibling logical
|
||||
+processors memory accesses. The opt-out mechanism does not affect Intel SGX
|
||||
+enclaves (including execution of RDRAND or RDSEED inside an enclave, as well
|
||||
+as EGETKEY execution).
|
||||
+
|
||||
+IA32_MCU_OPT_CTRL MSR Definition
|
||||
+--------------------------------
|
||||
+Along with the mitigation for this issue, Intel added a new thread-scope
|
||||
+IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and
|
||||
+RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL =
|
||||
+9]==1. This MSR is introduced through the microcode update.
|
||||
+
|
||||
+Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor
|
||||
+disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX
|
||||
+enclave on that logical processor. Opting out of the mitigation for a
|
||||
+particular logical processor does not affect the RDRAND and RDSEED mitigations
|
||||
+for other logical processors.
|
||||
+
|
||||
+Note that inside of an Intel SGX enclave, the mitigation is applied regardless
|
||||
+of the value of RNGDS_MITG_DS.
|
||||
+
|
||||
+Mitigation control on the kernel command line
|
||||
+---------------------------------------------
|
||||
+The kernel command line allows control over the SRBDS mitigation at boot time
|
||||
+with the option "srbds=". The option for this is:
|
||||
+
|
||||
+ ============= =============================================================
|
||||
+ off This option disables SRBDS mitigation for RDRAND and RDSEED on
|
||||
+ affected platforms.
|
||||
+ ============= =============================================================
|
||||
+
|
||||
+SRBDS System Information
|
||||
+-----------------------
|
||||
+The Linux kernel provides vulnerability status information through sysfs. For
|
||||
+SRBDS this can be accessed by the following sysfs file:
|
||||
+/sys/devices/system/cpu/vulnerabilities/srbds
|
||||
+
|
||||
+The possible values contained in this file are:
|
||||
+
|
||||
+ ============================== =============================================
|
||||
+ Not affected Processor not vulnerable
|
||||
+ Vulnerable Processor vulnerable and mitigation disabled
|
||||
+ Vulnerable: No microcode Processor vulnerable and microcode is missing
|
||||
+ mitigation
|
||||
+ Mitigation: Microcode Processor is vulnerable and mitigation is in
|
||||
+ effect.
|
||||
+ Mitigation: TSX disabled Processor is only vulnerable when TSX is
|
||||
+ enabled while this system was booted with TSX
|
||||
+ disabled.
|
||||
+ Unknown: Dependent on
|
||||
+ hypervisor status Running on virtual guest processor that is
|
||||
+ affected but with no way to know if host
|
||||
+ processor is mitigated or vulnerable.
|
||||
+ ============================== =============================================
|
||||
+
|
||||
+SRBDS Default mitigation
|
||||
+------------------------
|
||||
+This new microcode serializes processor access during execution of RDRAND,
|
||||
+RDSEED ensures that the shared buffer is overwritten before it is released for
|
||||
+reuse. Use the "srbds=off" kernel command line to disable the mitigation for
|
||||
+RDRAND and RDSEED.
|
|
@ -296,7 +296,6 @@ features/arm/staging-vc04_services-Use-correct-cache-line-size.patch
|
|||
# Security fixes
|
||||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||
debian/ntfs-mark-it-as-broken.patch
|
||||
bugfix/x86/srbds/0004-x86-speculation-Add-SRBDS-vulnerability-and-mitigati.patch
|
||||
bugfix/x86/srbds/0005-x86-speculation-Add-Ivy-Bridge-to-affected-list.patch
|
||||
|
||||
# ABI maintenance
|
||||
|
|
Loading…
Reference in New Issue