Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) .. SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3) SRBDS - Special Register Buffer Data Sampling
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4) =============================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6) SRBDS is a hardware vulnerability that allows MDS :doc:`mds` techniques to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7) infer values returned from special register accesses.  Special register
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8) accesses are accesses to off core registers.  According to Intel's evaluation,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) the special register reads that have a security expectation of privacy are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) RDRAND, RDSEED and SGX EGETKEY.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) to the core through the special register mechanism that is susceptible
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) to MDS attacks.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) Affected processors
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) -------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) be affected.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) A processor is affected by SRBDS if its Family_Model and stepping is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) in the following list, with the exception of the listed processors
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) exporting MDS_NO while Intel TSX is available yet not enabled. The
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) latter class of processors are only affected when Intel TSX is enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) by software using TSX_CTRL_MSR otherwise they are not affected.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27)   =============  ============  ========
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28)   common name    Family_Model  Stepping
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29)   =============  ============  ========
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30)   IvyBridge      06_3AH        All
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32)   Haswell        06_3CH        All
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33)   Haswell_L      06_45H        All
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34)   Haswell_G      06_46H        All
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36)   Broadwell_G    06_47H        All
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37)   Broadwell      06_3DH        All
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39)   Skylake_L      06_4EH        All
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40)   Skylake        06_5EH        All
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42)   Kabylake_L     06_8EH        <= 0xC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43)   Kabylake       06_9EH        <= 0xD
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44)   =============  ============  ========
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) Related CVEs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) ------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) The following CVE entry is related to this SRBDS issue:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51)     ==============  =====  =====================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52)     CVE-2020-0543   SRBDS  Special Register Buffer Data Sampling
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53)     ==============  =====  =====================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) Attack scenarios
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) ----------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) An unprivileged user can extract values returned from RDRAND and RDSEED
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) executed on another core or sibling thread using MDS techniques.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) Mitigation mechanism
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) --------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) Intel will release microcode updates that modify the RDRAND, RDSEED, and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) EGETKEY instructions to overwrite secret special register data in the shared
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) staging buffer before the secret data can be accessed by another logical
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) processor.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) accesses from other logical processors will be delayed until the special
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) register read is complete and the secret data in the shared staging buffer is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) overwritten.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) This has three effects on performance:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) #. RDRAND, RDSEED, or EGETKEY instructions have higher latency.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) #. Executing RDRAND at the same time on multiple logical processors will be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78)    serialized, resulting in an overall reduction in the maximum RDRAND
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79)    bandwidth.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) #. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82)    logical processors that miss their core caches, with an impact similar to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83)    legacy locked cache-line-split accesses.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) The microcode updates provide an opt-out mechanism (RNGDS_MITG_DIS) to disable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) the mitigation for RDRAND and RDSEED instructions executed outside of Intel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) Software Guard Extensions (Intel SGX) enclaves. On logical processors that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) take longer to execute and do not impact performance of sibling logical
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) processors memory accesses. The opt-out mechanism does not affect Intel SGX
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) enclaves (including execution of RDRAND or RDSEED inside an enclave, as well
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) as EGETKEY execution).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) IA32_MCU_OPT_CTRL MSR Definition
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) --------------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) Along with the mitigation for this issue, Intel added a new thread-scope
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 9]==1. This MSR is introduced through the microcode update.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) enclave on that logical processor. Opting out of the mitigation for a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) particular logical processor does not affect the RDRAND and RDSEED mitigations
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) for other logical processors.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) Note that inside of an Intel SGX enclave, the mitigation is applied regardless
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) of the value of RNGDS_MITG_DS.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) Mitigation control on the kernel command line
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) ---------------------------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) The kernel command line allows control over the SRBDS mitigation at boot time
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) with the option "srbds=".  The option for this is:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115)   ============= =============================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116)   off           This option disables SRBDS mitigation for RDRAND and RDSEED on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117)                 affected platforms.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118)   ============= =============================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) SRBDS System Information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) ------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) The Linux kernel provides vulnerability status information through sysfs.  For
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) SRBDS this can be accessed by the following sysfs file:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) /sys/devices/system/cpu/vulnerabilities/srbds
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) The possible values contained in this file are:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128)  ============================== =============================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129)  Not affected                   Processor not vulnerable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130)  Vulnerable                     Processor vulnerable and mitigation disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131)  Vulnerable: No microcode       Processor vulnerable and microcode is missing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132)                                 mitigation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133)  Mitigation: Microcode          Processor is vulnerable and mitigation is in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134)                                 effect.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135)  Mitigation: TSX disabled       Processor is only vulnerable when TSX is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136)                                 enabled while this system was booted with TSX
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137)                                 disabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138)  Unknown: Dependent on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139)  hypervisor status              Running on virtual guest processor that is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140)                                 affected but with no way to know if host
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141)                                 processor is mitigated or vulnerable.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142)  ============================== =============================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) SRBDS Default mitigation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) ------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) This new microcode serializes processor access during execution of RDRAND,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) RDSEED ensures that the shared buffer is overwritten before it is released for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) reuse.  Use the "srbds=off" kernel command line to disable the mitigation for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) RDRAND and RDSEED.
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.