~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst (Version linux-6.12-rc7) and /Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst (Version policy-sample)


  1 .. SPDX-License-Identifier: GPL-2.0               
  2                                                   
  3 SRBDS - Special Register Buffer Data Sampling     
  4 =============================================     
  5                                                   
  6 SRBDS is a hardware vulnerability that allows     
  7 Documentation/admin-guide/hw-vuln/mds.rst tech    
  8 infer values returned from special register ac    
  9 accesses are accesses to off core registers.      
 10 the special register reads that have a securit    
 11 RDRAND, RDSEED and SGX EGETKEY.                   
 12                                                   
 13 When RDRAND, RDSEED and EGETKEY instructions a    
 14 to the core through the special register mecha    
 15 to MDS attacks.                                   
 16                                                   
 17 Affected processors                               
 18 -------------------                               
 19 Core models (desktop, mobile, Xeon-E3) that im    
 20 be affected.                                      
 21                                                   
 22 A processor is affected by SRBDS if its Family    
 23 in the following list, with the exception of t    
 24 exporting MDS_NO while Intel TSX is available     
 25 latter class of processors are only affected w    
 26 by software using TSX_CTRL_MSR otherwise they     
 27                                                   
 28   =============  ============  ========           
 29   common name    Family_Model  Stepping           
 30   =============  ============  ========           
 31   IvyBridge      06_3AH        All                
 32                                                   
 33   Haswell        06_3CH        All                
 34   Haswell_L      06_45H        All                
 35   Haswell_G      06_46H        All                
 36                                                   
 37   Broadwell_G    06_47H        All                
 38   Broadwell      06_3DH        All                
 39                                                   
 40   Skylake_L      06_4EH        All                
 41   Skylake        06_5EH        All                
 42                                                   
 43   Kabylake_L     06_8EH        <= 0xC             
 44   Kabylake       06_9EH        <= 0xD             
 45   =============  ============  ========           
 46                                                   
 47 Related CVEs                                      
 48 ------------                                      
 49                                                   
 50 The following CVE entry is related to this SRB    
 51                                                   
 52     ==============  =====  ===================    
 53     CVE-2020-0543   SRBDS  Special Register Bu    
 54     ==============  =====  ===================    
 55                                                   
 56 Attack scenarios                                  
 57 ----------------                                  
 58 An unprivileged user can extract values return    
 59 executed on another core or sibling thread usi    
 60                                                   
 61                                                   
 62 Mitigation mechanism                              
 63 --------------------                              
 64 Intel will release microcode updates that modi    
 65 EGETKEY instructions to overwrite secret speci    
 66 staging buffer before the secret data can be a    
 67 processor.                                        
 68                                                   
 69 During execution of the RDRAND, RDSEED, or EGE    
 70 accesses from other logical processors will be    
 71 register read is complete and the secret data     
 72 overwritten.                                      
 73                                                   
 74 This has three effects on performance:            
 75                                                   
 76 #. RDRAND, RDSEED, or EGETKEY instructions hav    
 77                                                   
 78 #. Executing RDRAND at the same time on multip    
 79    serialized, resulting in an overall reducti    
 80    bandwidth.                                     
 81                                                   
 82 #. Executing RDRAND, RDSEED or EGETKEY will de    
 83    logical processors that miss their core cac    
 84    legacy locked cache-line-split accesses.       
 85                                                   
 86 The microcode updates provide an opt-out mecha    
 87 the mitigation for RDRAND and RDSEED instructi    
 88 Software Guard Extensions (Intel SGX) enclaves    
 89 disable the mitigation using this opt-out mech    
 90 take longer to execute and do not impact perfo    
 91 processors memory accesses. The opt-out mechan    
 92 enclaves (including execution of RDRAND or RDS    
 93 as EGETKEY execution).                            
 94                                                   
 95 IA32_MCU_OPT_CTRL MSR Definition                  
 96 --------------------------------                  
 97 Along with the mitigation for this issue, Inte    
 98 IA32_MCU_OPT_CTRL MSR, (address 0x123). The pr    
 99 RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.    
100 9]==1. This MSR is introduced through the micr    
101                                                   
102 Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS)     
103 disables the mitigation for RDRAND and RDSEED     
104 enclave on that logical processor. Opting out     
105 particular logical processor does not affect t    
106 for other logical processors.                     
107                                                   
108 Note that inside of an Intel SGX enclave, the     
109 of the value of RNGDS_MITG_DS.                    
110                                                   
111 Mitigation control on the kernel command line     
112 ---------------------------------------------     
113 The kernel command line allows control over th    
114 with the option "srbds=".  The option for this    
115                                                   
116   ============= ==============================    
117   off           This option disables SRBDS mit    
118                 affected platforms.               
119   ============= ==============================    
120                                                   
121 SRBDS System Information                          
122 ------------------------                          
123 The Linux kernel provides vulnerability status    
124 SRBDS this can be accessed by the following sy    
125 /sys/devices/system/cpu/vulnerabilities/srbds     
126                                                   
127 The possible values contained in this file are    
128                                                   
129  ============================== ==============    
130  Not affected                   Processor not     
131  Vulnerable                     Processor vuln    
132  Vulnerable: No microcode       Processor vuln    
133                                 mitigation        
134  Mitigation: Microcode          Processor is v    
135                                 effect.           
136  Mitigation: TSX disabled       Processor is o    
137                                 enabled while     
138                                 disabled.         
139  Unknown: Dependent on                            
140  hypervisor status              Running on vir    
141                                 affected but w    
142                                 processor is m    
143  ============================== ==============    
144                                                   
145 SRBDS Default mitigation                          
146 ------------------------                          
147 This new microcode serializes processor access    
148 RDSEED ensures that the shared buffer is overw    
149 reuse.  Use the "srbds=off" kernel command lin    
150 RDRAND and RDSEED.                                
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php