]>
Commit | Line | Data |
---|---|---|
7222a1b5 MG |
1 | .. SPDX-License-Identifier: GPL-2.0 |
2 | ||
3 | SRBDS - Special Register Buffer Data Sampling | |
4 | ============================================= | |
5 | ||
6 | SRBDS is a hardware vulnerability that allows MDS :doc:`mds` techniques to | |
7 | infer values returned from special register accesses. Special register | |
8 | accesses are accesses to off core registers. According to Intel's evaluation, | |
9 | the special register reads that have a security expectation of privacy are | |
10 | RDRAND, RDSEED and SGX EGETKEY. | |
11 | ||
12 | When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved | |
13 | to the core through the special register mechanism that is susceptible | |
14 | to MDS attacks. | |
15 | ||
16 | Affected processors | |
17 | -------------------- | |
18 | Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may | |
19 | be affected. | |
20 | ||
21 | A processor is affected by SRBDS if its Family_Model and stepping is | |
22 | in the following list, with the exception of the listed processors | |
23 | exporting MDS_NO while Intel TSX is available yet not enabled. The | |
24 | latter class of processors are only affected when Intel TSX is enabled | |
25 | by software using TSX_CTRL_MSR otherwise they are not affected. | |
26 | ||
27 | ============= ============ ======== | |
28 | common name Family_Model Stepping | |
29 | ============= ============ ======== | |
3798cc4d JP |
30 | IvyBridge 06_3AH All |
31 | ||
7222a1b5 MG |
32 | Haswell 06_3CH All |
33 | Haswell_L 06_45H All | |
34 | Haswell_G 06_46H All | |
35 | ||
36 | Broadwell_G 06_47H All | |
37 | Broadwell 06_3DH All | |
38 | ||
39 | Skylake_L 06_4EH All | |
40 | Skylake 06_5EH All | |
41 | ||
3798cc4d JP |
42 | Kabylake_L 06_8EH <= 0xC |
43 | Kabylake 06_9EH <= 0xD | |
7222a1b5 MG |
44 | ============= ============ ======== |
45 | ||
46 | Related CVEs | |
47 | ------------ | |
48 | ||
49 | The following CVE entry is related to this SRBDS issue: | |
50 | ||
51 | ============== ===== ===================================== | |
52 | CVE-2020-0543 SRBDS Special Register Buffer Data Sampling | |
53 | ============== ===== ===================================== | |
54 | ||
55 | Attack scenarios | |
56 | ---------------- | |
57 | An unprivileged user can extract values returned from RDRAND and RDSEED | |
58 | executed on another core or sibling thread using MDS techniques. | |
59 | ||
60 | ||
61 | Mitigation mechanism | |
62 | ------------------- | |
63 | Intel will release microcode updates that modify the RDRAND, RDSEED, and | |
64 | EGETKEY instructions to overwrite secret special register data in the shared | |
65 | staging buffer before the secret data can be accessed by another logical | |
66 | processor. | |
67 | ||
68 | During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core | |
69 | accesses from other logical processors will be delayed until the special | |
70 | register read is complete and the secret data in the shared staging buffer is | |
71 | overwritten. | |
72 | ||
73 | This has three effects on performance: | |
74 | ||
75 | #. RDRAND, RDSEED, or EGETKEY instructions have higher latency. | |
76 | ||
77 | #. Executing RDRAND at the same time on multiple logical processors will be | |
78 | serialized, resulting in an overall reduction in the maximum RDRAND | |
79 | bandwidth. | |
80 | ||
81 | #. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other | |
82 | logical processors that miss their core caches, with an impact similar to | |
83 | legacy locked cache-line-split accesses. | |
84 | ||
85 | The microcode updates provide an opt-out mechanism (RNGDS_MITG_DIS) to disable | |
86 | the mitigation for RDRAND and RDSEED instructions executed outside of Intel | |
87 | Software Guard Extensions (Intel SGX) enclaves. On logical processors that | |
88 | disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not | |
89 | take longer to execute and do not impact performance of sibling logical | |
90 | processors memory accesses. The opt-out mechanism does not affect Intel SGX | |
91 | enclaves (including execution of RDRAND or RDSEED inside an enclave, as well | |
92 | as EGETKEY execution). | |
93 | ||
94 | IA32_MCU_OPT_CTRL MSR Definition | |
95 | -------------------------------- | |
96 | Along with the mitigation for this issue, Intel added a new thread-scope | |
97 | IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and | |
98 | RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL = | |
99 | 9]==1. This MSR is introduced through the microcode update. | |
100 | ||
101 | Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor | |
102 | disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX | |
103 | enclave on that logical processor. Opting out of the mitigation for a | |
104 | particular logical processor does not affect the RDRAND and RDSEED mitigations | |
105 | for other logical processors. | |
106 | ||
107 | Note that inside of an Intel SGX enclave, the mitigation is applied regardless | |
108 | of the value of RNGDS_MITG_DS. | |
109 | ||
110 | Mitigation control on the kernel command line | |
111 | --------------------------------------------- | |
112 | The kernel command line allows control over the SRBDS mitigation at boot time | |
113 | with the option "srbds=". The option for this is: | |
114 | ||
115 | ============= ============================================================= | |
116 | off This option disables SRBDS mitigation for RDRAND and RDSEED on | |
117 | affected platforms. | |
118 | ============= ============================================================= | |
119 | ||
120 | SRBDS System Information | |
121 | ----------------------- | |
122 | The Linux kernel provides vulnerability status information through sysfs. For | |
123 | SRBDS this can be accessed by the following sysfs file: | |
124 | /sys/devices/system/cpu/vulnerabilities/srbds | |
125 | ||
126 | The possible values contained in this file are: | |
127 | ||
128 | ============================== ============================================= | |
129 | Not affected Processor not vulnerable | |
130 | Vulnerable Processor vulnerable and mitigation disabled | |
131 | Vulnerable: No microcode Processor vulnerable and microcode is missing | |
132 | mitigation | |
133 | Mitigation: Microcode Processor is vulnerable and mitigation is in | |
134 | effect. | |
135 | Mitigation: TSX disabled Processor is only vulnerable when TSX is | |
136 | enabled while this system was booted with TSX | |
137 | disabled. | |
138 | Unknown: Dependent on | |
139 | hypervisor status Running on virtual guest processor that is | |
140 | affected but with no way to know if host | |
141 | processor is mitigated or vulnerable. | |
142 | ============================== ============================================= | |
143 | ||
144 | SRBDS Default mitigation | |
145 | ------------------------ | |
146 | This new microcode serializes processor access during execution of RDRAND, | |
147 | RDSEED ensures that the shared buffer is overwritten before it is released for | |
148 | reuse. Use the "srbds=off" kernel command line to disable the mitigation for | |
149 | RDRAND and RDSEED. |