|
| 1 | +.. SPDX-License-Identifier: GPL-2.0 |
| 2 | +
|
| 3 | +SRBDS - Special Register Buffer Data Sampling |
| 4 | +============================================= |
| 5 | + |
| 6 | +SRBDS is a hardware vulnerability that allows MDS :doc:`mds` techniques to |
| 7 | +infer values returned from special register accesses. Special register |
| 8 | +accesses are accesses to off core registers. According to Intel's evaluation, |
| 9 | +the special register reads that have a security expectation of privacy are |
| 10 | +RDRAND, RDSEED and SGX EGETKEY. |
| 11 | + |
| 12 | +When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved |
| 13 | +to the core through the special register mechanism that is susceptible |
| 14 | +to MDS attacks. |
| 15 | + |
| 16 | +Affected processors |
| 17 | +-------------------- |
| 18 | +Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may |
| 19 | +be affected. |
| 20 | + |
| 21 | +A processor is affected by SRBDS if its Family_Model and stepping is |
| 22 | +in the following list, with the exception of the listed processors |
| 23 | +exporting MDS_NO while Intel TSX is available yet not enabled. The |
| 24 | +latter class of processors are only affected when Intel TSX is enabled |
| 25 | +by software using TSX_CTRL_MSR otherwise they are not affected. |
| 26 | + |
| 27 | + ============= ============ ======== |
| 28 | + common name Family_Model Stepping |
| 29 | + ============= ============ ======== |
| 30 | + IvyBridge 06_3AH All |
| 31 | + |
| 32 | + Haswell 06_3CH All |
| 33 | + Haswell_L 06_45H All |
| 34 | + Haswell_G 06_46H All |
| 35 | + |
| 36 | + Broadwell_G 06_47H All |
| 37 | + Broadwell 06_3DH All |
| 38 | + |
| 39 | + Skylake_L 06_4EH All |
| 40 | + Skylake 06_5EH All |
| 41 | + |
| 42 | + Kabylake_L 06_8EH <= 0xC |
| 43 | + Kabylake 06_9EH <= 0xD |
| 44 | + ============= ============ ======== |
| 45 | + |
| 46 | +Related CVEs |
| 47 | +------------ |
| 48 | + |
| 49 | +The following CVE entry is related to this SRBDS issue: |
| 50 | + |
| 51 | + ============== ===== ===================================== |
| 52 | + CVE-2020-0543 SRBDS Special Register Buffer Data Sampling |
| 53 | + ============== ===== ===================================== |
| 54 | + |
| 55 | +Attack scenarios |
| 56 | +---------------- |
| 57 | +An unprivileged user can extract values returned from RDRAND and RDSEED |
| 58 | +executed on another core or sibling thread using MDS techniques. |
| 59 | + |
| 60 | + |
| 61 | +Mitigation mechanism |
| 62 | +------------------- |
| 63 | +Intel will release microcode updates that modify the RDRAND, RDSEED, and |
| 64 | +EGETKEY instructions to overwrite secret special register data in the shared |
| 65 | +staging buffer before the secret data can be accessed by another logical |
| 66 | +processor. |
| 67 | + |
| 68 | +During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core |
| 69 | +accesses from other logical processors will be delayed until the special |
| 70 | +register read is complete and the secret data in the shared staging buffer is |
| 71 | +overwritten. |
| 72 | + |
| 73 | +This has three effects on performance: |
| 74 | + |
| 75 | +#. RDRAND, RDSEED, or EGETKEY instructions have higher latency. |
| 76 | + |
| 77 | +#. Executing RDRAND at the same time on multiple logical processors will be |
| 78 | + serialized, resulting in an overall reduction in the maximum RDRAND |
| 79 | + bandwidth. |
| 80 | + |
| 81 | +#. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other |
| 82 | + logical processors that miss their core caches, with an impact similar to |
| 83 | + legacy locked cache-line-split accesses. |
| 84 | + |
| 85 | +The microcode updates provide an opt-out mechanism (RNGDS_MITG_DIS) to disable |
| 86 | +the mitigation for RDRAND and RDSEED instructions executed outside of Intel |
| 87 | +Software Guard Extensions (Intel SGX) enclaves. On logical processors that |
| 88 | +disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not |
| 89 | +take longer to execute and do not impact performance of sibling logical |
| 90 | +processors memory accesses. The opt-out mechanism does not affect Intel SGX |
| 91 | +enclaves (including execution of RDRAND or RDSEED inside an enclave, as well |
| 92 | +as EGETKEY execution). |
| 93 | + |
| 94 | +IA32_MCU_OPT_CTRL MSR Definition |
| 95 | +-------------------------------- |
| 96 | +Along with the mitigation for this issue, Intel added a new thread-scope |
| 97 | +IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and |
| 98 | +RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL = |
| 99 | +9]==1. This MSR is introduced through the microcode update. |
| 100 | + |
| 101 | +Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor |
| 102 | +disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX |
| 103 | +enclave on that logical processor. Opting out of the mitigation for a |
| 104 | +particular logical processor does not affect the RDRAND and RDSEED mitigations |
| 105 | +for other logical processors. |
| 106 | + |
| 107 | +Note that inside of an Intel SGX enclave, the mitigation is applied regardless |
| 108 | +of the value of RNGDS_MITG_DS. |
| 109 | + |
| 110 | +Mitigation control on the kernel command line |
| 111 | +--------------------------------------------- |
| 112 | +The kernel command line allows control over the SRBDS mitigation at boot time |
| 113 | +with the option "srbds=". The option for this is: |
| 114 | + |
| 115 | + ============= ============================================================= |
| 116 | + off This option disables SRBDS mitigation for RDRAND and RDSEED on |
| 117 | + affected platforms. |
| 118 | + ============= ============================================================= |
| 119 | + |
| 120 | +SRBDS System Information |
| 121 | +----------------------- |
| 122 | +The Linux kernel provides vulnerability status information through sysfs. For |
| 123 | +SRBDS this can be accessed by the following sysfs file: |
| 124 | +/sys/devices/system/cpu/vulnerabilities/srbds |
| 125 | + |
| 126 | +The possible values contained in this file are: |
| 127 | + |
| 128 | + ============================== ============================================= |
| 129 | + Not affected Processor not vulnerable |
| 130 | + Vulnerable Processor vulnerable and mitigation disabled |
| 131 | + Vulnerable: No microcode Processor vulnerable and microcode is missing |
| 132 | + mitigation |
| 133 | + Mitigation: Microcode Processor is vulnerable and mitigation is in |
| 134 | + effect. |
| 135 | + Mitigation: TSX disabled Processor is only vulnerable when TSX is |
| 136 | + enabled while this system was booted with TSX |
| 137 | + disabled. |
| 138 | + Unknown: Dependent on |
| 139 | + hypervisor status Running on virtual guest processor that is |
| 140 | + affected but with no way to know if host |
| 141 | + processor is mitigated or vulnerable. |
| 142 | + ============================== ============================================= |
| 143 | + |
| 144 | +SRBDS Default mitigation |
| 145 | +------------------------ |
| 146 | +This new microcode serializes processor access during execution of RDRAND, |
| 147 | +RDSEED ensures that the shared buffer is overwritten before it is released for |
| 148 | +reuse. Use the "srbds=off" kernel command line to disable the mitigation for |
| 149 | +RDRAND and RDSEED. |
0 commit comments