1 .. SPDX-License-Identifier: GPL-2.0 1 .. SPDX-License-Identifier: GPL-2.0
2 2
3 SRBDS - Special Register Buffer Data Sampling 3 SRBDS - Special Register Buffer Data Sampling
4 ============================================= 4 =============================================
5 5
6 SRBDS is a hardware vulnerability that allows !! 6 SRBDS is a hardware vulnerability that allows MDS :doc:`mds` techniques to
7 Documentation/admin-guide/hw-vuln/mds.rst tech <<
8 infer values returned from special register ac 7 infer values returned from special register accesses. Special register
9 accesses are accesses to off core registers. 8 accesses are accesses to off core registers. According to Intel's evaluation,
10 the special register reads that have a securit 9 the special register reads that have a security expectation of privacy are
11 RDRAND, RDSEED and SGX EGETKEY. 10 RDRAND, RDSEED and SGX EGETKEY.
12 11
13 When RDRAND, RDSEED and EGETKEY instructions a 12 When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved
14 to the core through the special register mecha 13 to the core through the special register mechanism that is susceptible
15 to MDS attacks. 14 to MDS attacks.
16 15
17 Affected processors 16 Affected processors
18 ------------------- !! 17 --------------------
19 Core models (desktop, mobile, Xeon-E3) that im 18 Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may
20 be affected. 19 be affected.
21 20
22 A processor is affected by SRBDS if its Family 21 A processor is affected by SRBDS if its Family_Model and stepping is
23 in the following list, with the exception of t 22 in the following list, with the exception of the listed processors
24 exporting MDS_NO while Intel TSX is available 23 exporting MDS_NO while Intel TSX is available yet not enabled. The
25 latter class of processors are only affected w 24 latter class of processors are only affected when Intel TSX is enabled
26 by software using TSX_CTRL_MSR otherwise they 25 by software using TSX_CTRL_MSR otherwise they are not affected.
27 26
28 ============= ============ ======== 27 ============= ============ ========
29 common name Family_Model Stepping 28 common name Family_Model Stepping
30 ============= ============ ======== 29 ============= ============ ========
31 IvyBridge 06_3AH All 30 IvyBridge 06_3AH All
32 31
33 Haswell 06_3CH All 32 Haswell 06_3CH All
34 Haswell_L 06_45H All 33 Haswell_L 06_45H All
35 Haswell_G 06_46H All 34 Haswell_G 06_46H All
36 35
37 Broadwell_G 06_47H All 36 Broadwell_G 06_47H All
38 Broadwell 06_3DH All 37 Broadwell 06_3DH All
39 38
40 Skylake_L 06_4EH All 39 Skylake_L 06_4EH All
41 Skylake 06_5EH All 40 Skylake 06_5EH All
42 41
43 Kabylake_L 06_8EH <= 0xC 42 Kabylake_L 06_8EH <= 0xC
44 Kabylake 06_9EH <= 0xD 43 Kabylake 06_9EH <= 0xD
45 ============= ============ ======== 44 ============= ============ ========
46 45
47 Related CVEs 46 Related CVEs
48 ------------ 47 ------------
49 48
50 The following CVE entry is related to this SRB 49 The following CVE entry is related to this SRBDS issue:
51 50
52 ============== ===== =================== 51 ============== ===== =====================================
53 CVE-2020-0543 SRBDS Special Register Bu 52 CVE-2020-0543 SRBDS Special Register Buffer Data Sampling
54 ============== ===== =================== 53 ============== ===== =====================================
55 54
56 Attack scenarios 55 Attack scenarios
57 ---------------- 56 ----------------
58 An unprivileged user can extract values return 57 An unprivileged user can extract values returned from RDRAND and RDSEED
59 executed on another core or sibling thread usi 58 executed on another core or sibling thread using MDS techniques.
60 59
61 60
62 Mitigation mechanism 61 Mitigation mechanism
63 -------------------- !! 62 -------------------
64 Intel will release microcode updates that modi 63 Intel will release microcode updates that modify the RDRAND, RDSEED, and
65 EGETKEY instructions to overwrite secret speci 64 EGETKEY instructions to overwrite secret special register data in the shared
66 staging buffer before the secret data can be a 65 staging buffer before the secret data can be accessed by another logical
67 processor. 66 processor.
68 67
69 During execution of the RDRAND, RDSEED, or EGE 68 During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core
70 accesses from other logical processors will be 69 accesses from other logical processors will be delayed until the special
71 register read is complete and the secret data 70 register read is complete and the secret data in the shared staging buffer is
72 overwritten. 71 overwritten.
73 72
74 This has three effects on performance: 73 This has three effects on performance:
75 74
76 #. RDRAND, RDSEED, or EGETKEY instructions hav 75 #. RDRAND, RDSEED, or EGETKEY instructions have higher latency.
77 76
78 #. Executing RDRAND at the same time on multip 77 #. Executing RDRAND at the same time on multiple logical processors will be
79 serialized, resulting in an overall reducti 78 serialized, resulting in an overall reduction in the maximum RDRAND
80 bandwidth. 79 bandwidth.
81 80
82 #. Executing RDRAND, RDSEED or EGETKEY will de 81 #. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other
83 logical processors that miss their core cac 82 logical processors that miss their core caches, with an impact similar to
84 legacy locked cache-line-split accesses. 83 legacy locked cache-line-split accesses.
85 84
86 The microcode updates provide an opt-out mecha 85 The microcode updates provide an opt-out mechanism (RNGDS_MITG_DIS) to disable
87 the mitigation for RDRAND and RDSEED instructi 86 the mitigation for RDRAND and RDSEED instructions executed outside of Intel
88 Software Guard Extensions (Intel SGX) enclaves 87 Software Guard Extensions (Intel SGX) enclaves. On logical processors that
89 disable the mitigation using this opt-out mech 88 disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not
90 take longer to execute and do not impact perfo 89 take longer to execute and do not impact performance of sibling logical
91 processors memory accesses. The opt-out mechan 90 processors memory accesses. The opt-out mechanism does not affect Intel SGX
92 enclaves (including execution of RDRAND or RDS 91 enclaves (including execution of RDRAND or RDSEED inside an enclave, as well
93 as EGETKEY execution). 92 as EGETKEY execution).
94 93
95 IA32_MCU_OPT_CTRL MSR Definition 94 IA32_MCU_OPT_CTRL MSR Definition
96 -------------------------------- 95 --------------------------------
97 Along with the mitigation for this issue, Inte 96 Along with the mitigation for this issue, Intel added a new thread-scope
98 IA32_MCU_OPT_CTRL MSR, (address 0x123). The pr 97 IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and
99 RNGDS_MITG_DIS (bit 0) is enumerated by CPUID. 98 RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL =
100 9]==1. This MSR is introduced through the micr 99 9]==1. This MSR is introduced through the microcode update.
101 100
102 Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) 101 Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor
103 disables the mitigation for RDRAND and RDSEED 102 disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX
104 enclave on that logical processor. Opting out 103 enclave on that logical processor. Opting out of the mitigation for a
105 particular logical processor does not affect t 104 particular logical processor does not affect the RDRAND and RDSEED mitigations
106 for other logical processors. 105 for other logical processors.
107 106
108 Note that inside of an Intel SGX enclave, the 107 Note that inside of an Intel SGX enclave, the mitigation is applied regardless
109 of the value of RNGDS_MITG_DS. 108 of the value of RNGDS_MITG_DS.
110 109
111 Mitigation control on the kernel command line 110 Mitigation control on the kernel command line
112 --------------------------------------------- 111 ---------------------------------------------
113 The kernel command line allows control over th 112 The kernel command line allows control over the SRBDS mitigation at boot time
114 with the option "srbds=". The option for this 113 with the option "srbds=". The option for this is:
115 114
116 ============= ============================== 115 ============= =============================================================
117 off This option disables SRBDS mit 116 off This option disables SRBDS mitigation for RDRAND and RDSEED on
118 affected platforms. 117 affected platforms.
119 ============= ============================== 118 ============= =============================================================
120 119
121 SRBDS System Information 120 SRBDS System Information
122 ------------------------ !! 121 -----------------------
123 The Linux kernel provides vulnerability status 122 The Linux kernel provides vulnerability status information through sysfs. For
124 SRBDS this can be accessed by the following sy 123 SRBDS this can be accessed by the following sysfs file:
125 /sys/devices/system/cpu/vulnerabilities/srbds 124 /sys/devices/system/cpu/vulnerabilities/srbds
126 125
127 The possible values contained in this file are 126 The possible values contained in this file are:
128 127
129 ============================== ============== 128 ============================== =============================================
130 Not affected Processor not 129 Not affected Processor not vulnerable
131 Vulnerable Processor vuln 130 Vulnerable Processor vulnerable and mitigation disabled
132 Vulnerable: No microcode Processor vuln 131 Vulnerable: No microcode Processor vulnerable and microcode is missing
133 mitigation 132 mitigation
134 Mitigation: Microcode Processor is v 133 Mitigation: Microcode Processor is vulnerable and mitigation is in
135 effect. 134 effect.
136 Mitigation: TSX disabled Processor is o 135 Mitigation: TSX disabled Processor is only vulnerable when TSX is
137 enabled while 136 enabled while this system was booted with TSX
138 disabled. 137 disabled.
139 Unknown: Dependent on 138 Unknown: Dependent on
140 hypervisor status Running on vir 139 hypervisor status Running on virtual guest processor that is
141 affected but w 140 affected but with no way to know if host
142 processor is m 141 processor is mitigated or vulnerable.
143 ============================== ============== 142 ============================== =============================================
144 143
145 SRBDS Default mitigation 144 SRBDS Default mitigation
146 ------------------------ 145 ------------------------
147 This new microcode serializes processor access 146 This new microcode serializes processor access during execution of RDRAND,
148 RDSEED ensures that the shared buffer is overw 147 RDSEED ensures that the shared buffer is overwritten before it is released for
149 reuse. Use the "srbds=off" kernel command lin 148 reuse. Use the "srbds=off" kernel command line to disable the mitigation for
150 RDRAND and RDSEED. 149 RDRAND and RDSEED.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.