diff --git a/debian/changelog b/debian/changelog index b62d4fff2..c4b68d255 100644 --- a/debian/changelog +++ b/debian/changelog @@ -480,7 +480,6 @@ linux (4.19.128-1) UNRELEASED; urgency=medium - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK - CDC-ACM: heed quirk also in error handling - nvmem: qfprom: remove incorrect write support - - x86/speculation: Add SRBDS vulnerability and mitigation documentation - x86/speculation: Add Ivy Bridge to affected list - uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned - Revert "net/mlx5: Annotate mutex destroy for root ns" diff --git a/debian/patches/bugfix/x86/srbds/0004-x86-speculation-Add-SRBDS-vulnerability-and-mitigati.patch b/debian/patches/bugfix/x86/srbds/0004-x86-speculation-Add-SRBDS-vulnerability-and-mitigati.patch deleted file mode 100644 index 08adbaa12..000000000 --- a/debian/patches/bugfix/x86/srbds/0004-x86-speculation-Add-SRBDS-vulnerability-and-mitigati.patch +++ /dev/null @@ -1,185 +0,0 @@ -From: Mark Gross -Date: Thu, 16 Apr 2020 18:21:51 +0200 -Subject: [4/5] x86/speculation: Add SRBDS vulnerability and mitigation - documentation -Origin: https://git.kernel.org/linus/7222a1b5b87417f22265c92deea76a6aecd0fb0f -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-0543 - -Add documentation for the SRBDS vulnerability and its mitigation. - - [ bp: Massage. - jpoimboe: sysfs table strings. ] - -Signed-off-by: Mark Gross -Signed-off-by: Borislav Petkov -Reviewed-by: Tony Luck -Reviewed-by: Josh Poimboeuf ---- - Documentation/admin-guide/hw-vuln/index.rst | 1 + - .../special-register-buffer-data-sampling.rst | 148 ++++++++++++++++++ - 2 files changed, 149 insertions(+) - create mode 100644 Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst - -diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst -index 0795e3c2643f..ca4dbdd9016d 100644 ---- a/Documentation/admin-guide/hw-vuln/index.rst -+++ b/Documentation/admin-guide/hw-vuln/index.rst -@@ -14,3 +14,4 @@ are configurable at compile, boot or run time. - mds - tsx_async_abort - multihit.rst -+ special-register-buffer-data-sampling.rst -diff --git a/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst b/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst -new file mode 100644 -index 000000000000..6a473da80b62 ---- /dev/null -+++ b/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst -@@ -0,0 +1,148 @@ -+.. SPDX-License-Identifier: GPL-2.0 -+ -+SRBDS - Special Register Buffer Data Sampling -+============================================= -+ -+SRBDS is a hardware vulnerability that allows MDS :doc:`mds` techniques to -+infer values returned from special register accesses. Special register -+accesses are accesses to off core registers. According to Intel's evaluation, -+the special register reads that have a security expectation of privacy are -+RDRAND, RDSEED and SGX EGETKEY. -+ -+When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved -+to the core through the special register mechanism that is susceptible -+to MDS attacks. -+ -+Affected processors -+-------------------- -+Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may -+be affected. -+ -+A processor is affected by SRBDS if its Family_Model and stepping is -+in the following list, with the exception of the listed processors -+exporting MDS_NO while Intel TSX is available yet not enabled. The -+latter class of processors are only affected when Intel TSX is enabled -+by software using TSX_CTRL_MSR otherwise they are not affected. -+ -+ ============= ============ ======== -+ common name Family_Model Stepping -+ ============= ============ ======== -+ Haswell 06_3CH All -+ Haswell_L 06_45H All -+ Haswell_G 06_46H All -+ -+ Broadwell_G 06_47H All -+ Broadwell 06_3DH All -+ -+ Skylake_L 06_4EH All -+ Skylake 06_5EH All -+ -+ Kabylake_L 06_8EH <=0xC -+ -+ Kabylake 06_9EH <=0xD -+ ============= ============ ======== -+ -+Related CVEs -+------------ -+ -+The following CVE entry is related to this SRBDS issue: -+ -+ ============== ===== ===================================== -+ CVE-2020-0543 SRBDS Special Register Buffer Data Sampling -+ ============== ===== ===================================== -+ -+Attack scenarios -+---------------- -+An unprivileged user can extract values returned from RDRAND and RDSEED -+executed on another core or sibling thread using MDS techniques. -+ -+ -+Mitigation mechanism -+------------------- -+Intel will release microcode updates that modify the RDRAND, RDSEED, and -+EGETKEY instructions to overwrite secret special register data in the shared -+staging buffer before the secret data can be accessed by another logical -+processor. -+ -+During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core -+accesses from other logical processors will be delayed until the special -+register read is complete and the secret data in the shared staging buffer is -+overwritten. -+ -+This has three effects on performance: -+ -+#. RDRAND, RDSEED, or EGETKEY instructions have higher latency. -+ -+#. Executing RDRAND at the same time on multiple logical processors will be -+ serialized, resulting in an overall reduction in the maximum RDRAND -+ bandwidth. -+ -+#. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other -+ logical processors that miss their core caches, with an impact similar to -+ legacy locked cache-line-split accesses. -+ -+The microcode updates provide an opt-out mechanism (RNGDS_MITG_DIS) to disable -+the mitigation for RDRAND and RDSEED instructions executed outside of Intel -+Software Guard Extensions (Intel SGX) enclaves. On logical processors that -+disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not -+take longer to execute and do not impact performance of sibling logical -+processors memory accesses. The opt-out mechanism does not affect Intel SGX -+enclaves (including execution of RDRAND or RDSEED inside an enclave, as well -+as EGETKEY execution). -+ -+IA32_MCU_OPT_CTRL MSR Definition -+-------------------------------- -+Along with the mitigation for this issue, Intel added a new thread-scope -+IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and -+RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL = -+9]==1. This MSR is introduced through the microcode update. -+ -+Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor -+disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX -+enclave on that logical processor. Opting out of the mitigation for a -+particular logical processor does not affect the RDRAND and RDSEED mitigations -+for other logical processors. -+ -+Note that inside of an Intel SGX enclave, the mitigation is applied regardless -+of the value of RNGDS_MITG_DS. -+ -+Mitigation control on the kernel command line -+--------------------------------------------- -+The kernel command line allows control over the SRBDS mitigation at boot time -+with the option "srbds=". The option for this is: -+ -+ ============= ============================================================= -+ off This option disables SRBDS mitigation for RDRAND and RDSEED on -+ affected platforms. -+ ============= ============================================================= -+ -+SRBDS System Information -+----------------------- -+The Linux kernel provides vulnerability status information through sysfs. For -+SRBDS this can be accessed by the following sysfs file: -+/sys/devices/system/cpu/vulnerabilities/srbds -+ -+The possible values contained in this file are: -+ -+ ============================== ============================================= -+ Not affected Processor not vulnerable -+ Vulnerable Processor vulnerable and mitigation disabled -+ Vulnerable: No microcode Processor vulnerable and microcode is missing -+ mitigation -+ Mitigation: Microcode Processor is vulnerable and mitigation is in -+ effect. -+ Mitigation: TSX disabled Processor is only vulnerable when TSX is -+ enabled while this system was booted with TSX -+ disabled. -+ Unknown: Dependent on -+ hypervisor status Running on virtual guest processor that is -+ affected but with no way to know if host -+ processor is mitigated or vulnerable. -+ ============================== ============================================= -+ -+SRBDS Default mitigation -+------------------------ -+This new microcode serializes processor access during execution of RDRAND, -+RDSEED ensures that the shared buffer is overwritten before it is released for -+reuse. Use the "srbds=off" kernel command line to disable the mitigation for -+RDRAND and RDSEED. diff --git a/debian/patches/series b/debian/patches/series index f97faebd4..7275f8125 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -296,7 +296,6 @@ features/arm/staging-vc04_services-Use-correct-cache-line-size.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch debian/ntfs-mark-it-as-broken.patch -bugfix/x86/srbds/0004-x86-speculation-Add-SRBDS-vulnerability-and-mitigati.patch bugfix/x86/srbds/0005-x86-speculation-Add-Ivy-Bridge-to-affected-list.patch # ABI maintenance