~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst (Version linux-6.12-rc7) and /Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst (Version linux-5.15.171)


  1 .. SPDX-License-Identifier: GPL-2.0                 1 .. SPDX-License-Identifier: GPL-2.0
  2                                                     2 
  3 SRBDS - Special Register Buffer Data Sampling       3 SRBDS - Special Register Buffer Data Sampling
  4 =============================================       4 =============================================
  5                                                     5 
  6 SRBDS is a hardware vulnerability that allows       6 SRBDS is a hardware vulnerability that allows MDS
  7 Documentation/admin-guide/hw-vuln/mds.rst tech      7 Documentation/admin-guide/hw-vuln/mds.rst techniques to
  8 infer values returned from special register ac      8 infer values returned from special register accesses.  Special register
  9 accesses are accesses to off core registers.        9 accesses are accesses to off core registers.  According to Intel's evaluation,
 10 the special register reads that have a securit     10 the special register reads that have a security expectation of privacy are
 11 RDRAND, RDSEED and SGX EGETKEY.                    11 RDRAND, RDSEED and SGX EGETKEY.
 12                                                    12 
 13 When RDRAND, RDSEED and EGETKEY instructions a     13 When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved
 14 to the core through the special register mecha     14 to the core through the special register mechanism that is susceptible
 15 to MDS attacks.                                    15 to MDS attacks.
 16                                                    16 
 17 Affected processors                                17 Affected processors
 18 -------------------                                18 -------------------
 19 Core models (desktop, mobile, Xeon-E3) that im     19 Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may
 20 be affected.                                       20 be affected.
 21                                                    21 
 22 A processor is affected by SRBDS if its Family     22 A processor is affected by SRBDS if its Family_Model and stepping is
 23 in the following list, with the exception of t     23 in the following list, with the exception of the listed processors
 24 exporting MDS_NO while Intel TSX is available      24 exporting MDS_NO while Intel TSX is available yet not enabled. The
 25 latter class of processors are only affected w     25 latter class of processors are only affected when Intel TSX is enabled
 26 by software using TSX_CTRL_MSR otherwise they      26 by software using TSX_CTRL_MSR otherwise they are not affected.
 27                                                    27 
 28   =============  ============  ========            28   =============  ============  ========
 29   common name    Family_Model  Stepping            29   common name    Family_Model  Stepping
 30   =============  ============  ========            30   =============  ============  ========
 31   IvyBridge      06_3AH        All                 31   IvyBridge      06_3AH        All
 32                                                    32 
 33   Haswell        06_3CH        All                 33   Haswell        06_3CH        All
 34   Haswell_L      06_45H        All                 34   Haswell_L      06_45H        All
 35   Haswell_G      06_46H        All                 35   Haswell_G      06_46H        All
 36                                                    36 
 37   Broadwell_G    06_47H        All                 37   Broadwell_G    06_47H        All
 38   Broadwell      06_3DH        All                 38   Broadwell      06_3DH        All
 39                                                    39 
 40   Skylake_L      06_4EH        All                 40   Skylake_L      06_4EH        All
 41   Skylake        06_5EH        All                 41   Skylake        06_5EH        All
 42                                                    42 
 43   Kabylake_L     06_8EH        <= 0xC              43   Kabylake_L     06_8EH        <= 0xC
 44   Kabylake       06_9EH        <= 0xD              44   Kabylake       06_9EH        <= 0xD
 45   =============  ============  ========            45   =============  ============  ========
 46                                                    46 
 47 Related CVEs                                       47 Related CVEs
 48 ------------                                       48 ------------
 49                                                    49 
 50 The following CVE entry is related to this SRB     50 The following CVE entry is related to this SRBDS issue:
 51                                                    51 
 52     ==============  =====  ===================     52     ==============  =====  =====================================
 53     CVE-2020-0543   SRBDS  Special Register Bu     53     CVE-2020-0543   SRBDS  Special Register Buffer Data Sampling
 54     ==============  =====  ===================     54     ==============  =====  =====================================
 55                                                    55 
 56 Attack scenarios                                   56 Attack scenarios
 57 ----------------                                   57 ----------------
 58 An unprivileged user can extract values return     58 An unprivileged user can extract values returned from RDRAND and RDSEED
 59 executed on another core or sibling thread usi     59 executed on another core or sibling thread using MDS techniques.
 60                                                    60 
 61                                                    61 
 62 Mitigation mechanism                               62 Mitigation mechanism
 63 --------------------                               63 --------------------
 64 Intel will release microcode updates that modi     64 Intel will release microcode updates that modify the RDRAND, RDSEED, and
 65 EGETKEY instructions to overwrite secret speci     65 EGETKEY instructions to overwrite secret special register data in the shared
 66 staging buffer before the secret data can be a     66 staging buffer before the secret data can be accessed by another logical
 67 processor.                                         67 processor.
 68                                                    68 
 69 During execution of the RDRAND, RDSEED, or EGE     69 During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core
 70 accesses from other logical processors will be     70 accesses from other logical processors will be delayed until the special
 71 register read is complete and the secret data      71 register read is complete and the secret data in the shared staging buffer is
 72 overwritten.                                       72 overwritten.
 73                                                    73 
 74 This has three effects on performance:             74 This has three effects on performance:
 75                                                    75 
 76 #. RDRAND, RDSEED, or EGETKEY instructions hav     76 #. RDRAND, RDSEED, or EGETKEY instructions have higher latency.
 77                                                    77 
 78 #. Executing RDRAND at the same time on multip     78 #. Executing RDRAND at the same time on multiple logical processors will be
 79    serialized, resulting in an overall reducti     79    serialized, resulting in an overall reduction in the maximum RDRAND
 80    bandwidth.                                      80    bandwidth.
 81                                                    81 
 82 #. Executing RDRAND, RDSEED or EGETKEY will de     82 #. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other
 83    logical processors that miss their core cac     83    logical processors that miss their core caches, with an impact similar to
 84    legacy locked cache-line-split accesses.        84    legacy locked cache-line-split accesses.
 85                                                    85 
 86 The microcode updates provide an opt-out mecha     86 The microcode updates provide an opt-out mechanism (RNGDS_MITG_DIS) to disable
 87 the mitigation for RDRAND and RDSEED instructi     87 the mitigation for RDRAND and RDSEED instructions executed outside of Intel
 88 Software Guard Extensions (Intel SGX) enclaves     88 Software Guard Extensions (Intel SGX) enclaves. On logical processors that
 89 disable the mitigation using this opt-out mech     89 disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not
 90 take longer to execute and do not impact perfo     90 take longer to execute and do not impact performance of sibling logical
 91 processors memory accesses. The opt-out mechan     91 processors memory accesses. The opt-out mechanism does not affect Intel SGX
 92 enclaves (including execution of RDRAND or RDS     92 enclaves (including execution of RDRAND or RDSEED inside an enclave, as well
 93 as EGETKEY execution).                             93 as EGETKEY execution).
 94                                                    94 
 95 IA32_MCU_OPT_CTRL MSR Definition                   95 IA32_MCU_OPT_CTRL MSR Definition
 96 --------------------------------                   96 --------------------------------
 97 Along with the mitigation for this issue, Inte     97 Along with the mitigation for this issue, Intel added a new thread-scope
 98 IA32_MCU_OPT_CTRL MSR, (address 0x123). The pr     98 IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and
 99 RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.     99 RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL =
100 9]==1. This MSR is introduced through the micr    100 9]==1. This MSR is introduced through the microcode update.
101                                                   101 
102 Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS)     102 Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor
103 disables the mitigation for RDRAND and RDSEED     103 disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX
104 enclave on that logical processor. Opting out     104 enclave on that logical processor. Opting out of the mitigation for a
105 particular logical processor does not affect t    105 particular logical processor does not affect the RDRAND and RDSEED mitigations
106 for other logical processors.                     106 for other logical processors.
107                                                   107 
108 Note that inside of an Intel SGX enclave, the     108 Note that inside of an Intel SGX enclave, the mitigation is applied regardless
109 of the value of RNGDS_MITG_DS.                    109 of the value of RNGDS_MITG_DS.
110                                                   110 
111 Mitigation control on the kernel command line     111 Mitigation control on the kernel command line
112 ---------------------------------------------     112 ---------------------------------------------
113 The kernel command line allows control over th    113 The kernel command line allows control over the SRBDS mitigation at boot time
114 with the option "srbds=".  The option for this    114 with the option "srbds=".  The option for this is:
115                                                   115 
116   ============= ==============================    116   ============= =============================================================
117   off           This option disables SRBDS mit    117   off           This option disables SRBDS mitigation for RDRAND and RDSEED on
118                 affected platforms.               118                 affected platforms.
119   ============= ==============================    119   ============= =============================================================
120                                                   120 
121 SRBDS System Information                          121 SRBDS System Information
122 ------------------------                          122 ------------------------
123 The Linux kernel provides vulnerability status    123 The Linux kernel provides vulnerability status information through sysfs.  For
124 SRBDS this can be accessed by the following sy    124 SRBDS this can be accessed by the following sysfs file:
125 /sys/devices/system/cpu/vulnerabilities/srbds     125 /sys/devices/system/cpu/vulnerabilities/srbds
126                                                   126 
127 The possible values contained in this file are    127 The possible values contained in this file are:
128                                                   128 
129  ============================== ==============    129  ============================== =============================================
130  Not affected                   Processor not     130  Not affected                   Processor not vulnerable
131  Vulnerable                     Processor vuln    131  Vulnerable                     Processor vulnerable and mitigation disabled
132  Vulnerable: No microcode       Processor vuln    132  Vulnerable: No microcode       Processor vulnerable and microcode is missing
133                                 mitigation        133                                 mitigation
134  Mitigation: Microcode          Processor is v    134  Mitigation: Microcode          Processor is vulnerable and mitigation is in
135                                 effect.           135                                 effect.
136  Mitigation: TSX disabled       Processor is o    136  Mitigation: TSX disabled       Processor is only vulnerable when TSX is
137                                 enabled while     137                                 enabled while this system was booted with TSX
138                                 disabled.         138                                 disabled.
139  Unknown: Dependent on                            139  Unknown: Dependent on
140  hypervisor status              Running on vir    140  hypervisor status              Running on virtual guest processor that is
141                                 affected but w    141                                 affected but with no way to know if host
142                                 processor is m    142                                 processor is mitigated or vulnerable.
143  ============================== ==============    143  ============================== =============================================
144                                                   144 
145 SRBDS Default mitigation                          145 SRBDS Default mitigation
146 ------------------------                          146 ------------------------
147 This new microcode serializes processor access    147 This new microcode serializes processor access during execution of RDRAND,
148 RDSEED ensures that the shared buffer is overw    148 RDSEED ensures that the shared buffer is overwritten before it is released for
149 reuse.  Use the "srbds=off" kernel command lin    149 reuse.  Use the "srbds=off" kernel command line to disable the mitigation for
150 RDRAND and RDSEED.                                150 RDRAND and RDSEED.
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php