|
Borislav Petkov |
bb2155 |
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
|
Borislav Petkov |
bb2155 |
Date: Thu, 19 May 2022 20:29:11 -0700
|
|
Borislav Petkov |
bb2155 |
Subject: x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
|
|
Borislav Petkov |
bb2155 |
Git-commit: 8cb861e9e3c9a55099ad3d08e1a3b653d29c33ca
|
|
Borislav Petkov |
bb2155 |
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git
|
|
Borislav Petkov |
bb2155 |
Patch-mainline: Queued in tip for v5.19
|
|
Borislav Petkov |
bb2155 |
References: bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
Processor MMIO Stale Data is a class of vulnerabilities that may
|
|
Borislav Petkov |
bb2155 |
expose data after an MMIO operation. For details please refer to
|
|
Borislav Petkov |
bb2155 |
Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst.
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
These vulnerabilities are broadly categorized as:
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
Device Register Partial Write (DRPW):
|
|
Borislav Petkov |
bb2155 |
Some endpoint MMIO registers incorrectly handle writes that are
|
|
Borislav Petkov |
bb2155 |
smaller than the register size. Instead of aborting the write or only
|
|
Borislav Petkov |
bb2155 |
copying the correct subset of bytes (for example, 2 bytes for a 2-byte
|
|
Borislav Petkov |
bb2155 |
write), more bytes than specified by the write transaction may be
|
|
Borislav Petkov |
bb2155 |
written to the register. On some processors, this may expose stale
|
|
Borislav Petkov |
bb2155 |
data from the fill buffers of the core that created the write
|
|
Borislav Petkov |
bb2155 |
transaction.
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
Shared Buffers Data Sampling (SBDS):
|
|
Borislav Petkov |
bb2155 |
After propagators may have moved data around the uncore and copied
|
|
Borislav Petkov |
bb2155 |
stale data into client core fill buffers, processors affected by MFBDS
|
|
Borislav Petkov |
bb2155 |
can leak data from the fill buffer.
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
Shared Buffers Data Read (SBDR):
|
|
Borislav Petkov |
bb2155 |
It is similar to Shared Buffer Data Sampling (SBDS) except that the
|
|
Borislav Petkov |
bb2155 |
data is directly read into the architectural software-visible state.
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
An attacker can use these vulnerabilities to extract data from CPU fill
|
|
Borislav Petkov |
bb2155 |
buffers using MDS and TAA methods. Mitigate it by clearing the CPU fill
|
|
Borislav Petkov |
bb2155 |
buffers using the VERW instruction before returning to a user or a
|
|
Borislav Petkov |
bb2155 |
guest.
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
On CPUs not affected by MDS and TAA, user application cannot sample data
|
|
Borislav Petkov |
bb2155 |
from CPU fill buffers using MDS or TAA. A guest with MMIO access can
|
|
Borislav Petkov |
bb2155 |
still use DRPW or SBDR to extract data architecturally. Mitigate it with
|
|
Borislav Petkov |
bb2155 |
VERW instruction to clear fill buffers before VMENTER for MMIO capable
|
|
Borislav Petkov |
bb2155 |
guests.
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
Add a kernel parameter mmio_stale_data={off|full|full,nosmt} to control
|
|
Borislav Petkov |
bb2155 |
the mitigation.
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
|
Borislav Petkov |
bb2155 |
Signed-off-by: Borislav Petkov <bp@suse.de>
|
|
Borislav Petkov |
bb2155 |
---
|
|
Borislav Petkov |
bb2155 |
Documentation/admin-guide/kernel-parameters.txt | 36 +++++++
|
|
Borislav Petkov |
bb2155 |
arch/x86/include/asm/nospec-branch.h | 2
|
|
Borislav Petkov |
bb2155 |
arch/x86/kernel/cpu/bugs.c | 111 +++++++++++++++++++++++-
|
|
Borislav Petkov |
bb2155 |
arch/x86/kvm/vmx.c | 3
|
|
Borislav Petkov |
bb2155 |
4 files changed, 148 insertions(+), 4 deletions(-)
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
--- a/arch/x86/include/asm/nospec-branch.h
|
|
Borislav Petkov |
bb2155 |
+++ b/arch/x86/include/asm/nospec-branch.h
|
|
Borislav Petkov |
bb2155 |
@@ -357,6 +357,8 @@ DECLARE_STATIC_KEY_FALSE(switch_mm_alway
|
|
Borislav Petkov |
bb2155 |
DECLARE_STATIC_KEY_FALSE(mds_user_clear);
|
|
Borislav Petkov |
bb2155 |
DECLARE_STATIC_KEY_FALSE(mds_idle_clear);
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
+DECLARE_STATIC_KEY_FALSE(mmio_stale_data_clear);
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
#include <asm/segment.h>
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
/**
|
|
Borislav Petkov |
bb2155 |
--- a/arch/x86/kernel/cpu/bugs.c
|
|
Borislav Petkov |
bb2155 |
+++ b/arch/x86/kernel/cpu/bugs.c
|
|
Borislav Petkov |
bb2155 |
@@ -41,6 +41,7 @@ static void __init l1tf_select_mitigatio
|
|
Borislav Petkov |
bb2155 |
static void __init mds_select_mitigation(void);
|
|
Borislav Petkov |
bb2155 |
static void __init md_clear_update_mitigation(void);
|
|
Borislav Petkov |
bb2155 |
static void __init taa_select_mitigation(void);
|
|
Borislav Petkov |
bb2155 |
+static void __init mmio_select_mitigation(void);
|
|
Borislav Petkov |
bb2155 |
static void __init srbds_select_mitigation(void);
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
/* The base value of the SPEC_CTRL MSR that always has to be preserved. */
|
|
Borislav Petkov |
bb2155 |
@@ -75,6 +76,10 @@ EXPORT_SYMBOL_GPL(mds_user_clear);
|
|
Borislav Petkov |
bb2155 |
DEFINE_STATIC_KEY_FALSE(mds_idle_clear);
|
|
Borislav Petkov |
bb2155 |
EXPORT_SYMBOL_GPL(mds_idle_clear);
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
+/* Controls CPU Fill buffer clear before KVM guest MMIO accesses */
|
|
Borislav Petkov |
bb2155 |
+DEFINE_STATIC_KEY_FALSE(mmio_stale_data_clear);
|
|
Borislav Petkov |
bb2155 |
+EXPORT_SYMBOL_GPL(mmio_stale_data_clear);
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
void __init check_bugs(void)
|
|
Borislav Petkov |
bb2155 |
{
|
|
Borislav Petkov |
bb2155 |
identify_boot_cpu();
|
|
Borislav Petkov |
bb2155 |
@@ -109,11 +114,13 @@ void __init check_bugs(void)
|
|
Borislav Petkov |
bb2155 |
l1tf_select_mitigation();
|
|
Borislav Petkov |
bb2155 |
mds_select_mitigation();
|
|
Borislav Petkov |
bb2155 |
taa_select_mitigation();
|
|
Borislav Petkov |
bb2155 |
+ mmio_select_mitigation();
|
|
Borislav Petkov |
bb2155 |
srbds_select_mitigation();
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
/*
|
|
Borislav Petkov |
bb2155 |
- * As MDS and TAA mitigations are inter-related, update and print their
|
|
Borislav Petkov |
bb2155 |
- * mitigation after TAA mitigation selection is done.
|
|
Borislav Petkov |
bb2155 |
+ * As MDS, TAA and MMIO Stale Data mitigations are inter-related, update
|
|
Borislav Petkov |
bb2155 |
+ * and print their mitigation after MDS, TAA and MMIO Stale Data
|
|
Borislav Petkov |
bb2155 |
+ * mitigation selection is done.
|
|
Borislav Petkov |
bb2155 |
*/
|
|
Borislav Petkov |
bb2155 |
md_clear_update_mitigation();
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
@@ -497,6 +504,90 @@ static int __init tsx_async_abort_parse_
|
|
Borislav Petkov |
bb2155 |
early_param("tsx_async_abort", tsx_async_abort_parse_cmdline);
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
#undef pr_fmt
|
|
Borislav Petkov |
bb2155 |
+#define pr_fmt(fmt) "MMIO Stale Data: " fmt
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+enum mmio_mitigations {
|
|
Borislav Petkov |
bb2155 |
+ MMIO_MITIGATION_OFF,
|
|
Borislav Petkov |
bb2155 |
+ MMIO_MITIGATION_UCODE_NEEDED,
|
|
Borislav Petkov |
bb2155 |
+ MMIO_MITIGATION_VERW,
|
|
Borislav Petkov |
bb2155 |
+};
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+/* Default mitigation for Processor MMIO Stale Data vulnerabilities */
|
|
Borislav Petkov |
bb2155 |
+static enum mmio_mitigations mmio_mitigation __ro_after_init = MMIO_MITIGATION_VERW;
|
|
Borislav Petkov |
bb2155 |
+static bool mmio_nosmt __ro_after_init = false;
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+static const char * const mmio_strings[] = {
|
|
Borislav Petkov |
bb2155 |
+ [MMIO_MITIGATION_OFF] = "Vulnerable",
|
|
Borislav Petkov |
bb2155 |
+ [MMIO_MITIGATION_UCODE_NEEDED] = "Vulnerable: Clear CPU buffers attempted, no microcode",
|
|
Borislav Petkov |
bb2155 |
+ [MMIO_MITIGATION_VERW] = "Mitigation: Clear CPU buffers",
|
|
Borislav Petkov |
bb2155 |
+};
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+static void __init mmio_select_mitigation(void)
|
|
Borislav Petkov |
bb2155 |
+{
|
|
Borislav Petkov |
bb2155 |
+ u64 ia32_cap;
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA) ||
|
|
Borislav Petkov |
bb2155 |
+ cpu_mitigations_off()) {
|
|
Borislav Petkov |
bb2155 |
+ mmio_mitigation = MMIO_MITIGATION_OFF;
|
|
Borislav Petkov |
bb2155 |
+ return;
|
|
Borislav Petkov |
bb2155 |
+ }
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ if (mmio_mitigation == MMIO_MITIGATION_OFF)
|
|
Borislav Petkov |
bb2155 |
+ return;
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ ia32_cap = x86_read_arch_cap_msr();
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ /*
|
|
Borislav Petkov |
bb2155 |
+ * Enable CPU buffer clear mitigation for host and VMM, if also affected
|
|
Borislav Petkov |
bb2155 |
+ * by MDS or TAA. Otherwise, enable mitigation for VMM only.
|
|
Borislav Petkov |
bb2155 |
+ */
|
|
Borislav Petkov |
bb2155 |
+ if (boot_cpu_has_bug(X86_BUG_MDS) || (boot_cpu_has_bug(X86_BUG_TAA) &&
|
|
Borislav Petkov |
bb2155 |
+ boot_cpu_has(X86_FEATURE_RTM)))
|
|
Borislav Petkov |
bb2155 |
+ static_branch_enable(&mds_user_clear);
|
|
Borislav Petkov |
bb2155 |
+ else
|
|
Borislav Petkov |
bb2155 |
+ static_branch_enable(&mmio_stale_data_clear);
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ /*
|
|
Borislav Petkov |
bb2155 |
+ * Check if the system has the right microcode.
|
|
Borislav Petkov |
bb2155 |
+ *
|
|
Borislav Petkov |
bb2155 |
+ * CPU Fill buffer clear mitigation is enumerated by either an explicit
|
|
Borislav Petkov |
bb2155 |
+ * FB_CLEAR or by the presence of both MD_CLEAR and L1D_FLUSH on MDS
|
|
Borislav Petkov |
bb2155 |
+ * affected systems.
|
|
Borislav Petkov |
bb2155 |
+ */
|
|
Borislav Petkov |
bb2155 |
+ if ((ia32_cap & ARCH_CAP_FB_CLEAR) ||
|
|
Borislav Petkov |
bb2155 |
+ (boot_cpu_has(X86_FEATURE_MD_CLEAR) &&
|
|
Borislav Petkov |
bb2155 |
+ boot_cpu_has(X86_FEATURE_FLUSH_L1D) &&
|
|
Borislav Petkov |
bb2155 |
+ !(ia32_cap & ARCH_CAP_MDS_NO)))
|
|
Borislav Petkov |
bb2155 |
+ mmio_mitigation = MMIO_MITIGATION_VERW;
|
|
Borislav Petkov |
bb2155 |
+ else
|
|
Borislav Petkov |
bb2155 |
+ mmio_mitigation = MMIO_MITIGATION_UCODE_NEEDED;
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ if (mmio_nosmt || cpu_mitigations_auto_nosmt())
|
|
Borislav Petkov |
bb2155 |
+ cpu_smt_disable(false);
|
|
Borislav Petkov |
bb2155 |
+}
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+static int __init mmio_stale_data_parse_cmdline(char *str)
|
|
Borislav Petkov |
bb2155 |
+{
|
|
Borislav Petkov |
bb2155 |
+ if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA))
|
|
Borislav Petkov |
bb2155 |
+ return 0;
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ if (!str)
|
|
Borislav Petkov |
bb2155 |
+ return -EINVAL;
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ if (!strcmp(str, "off")) {
|
|
Borislav Petkov |
bb2155 |
+ mmio_mitigation = MMIO_MITIGATION_OFF;
|
|
Borislav Petkov |
bb2155 |
+ } else if (!strcmp(str, "full")) {
|
|
Borislav Petkov |
bb2155 |
+ mmio_mitigation = MMIO_MITIGATION_VERW;
|
|
Borislav Petkov |
bb2155 |
+ } else if (!strcmp(str, "full,nosmt")) {
|
|
Borislav Petkov |
bb2155 |
+ mmio_mitigation = MMIO_MITIGATION_VERW;
|
|
Borislav Petkov |
bb2155 |
+ mmio_nosmt = true;
|
|
Borislav Petkov |
bb2155 |
+ }
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ return 0;
|
|
Borislav Petkov |
bb2155 |
+}
|
|
Borislav Petkov |
bb2155 |
+early_param("mmio_stale_data", mmio_stale_data_parse_cmdline);
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+#undef pr_fmt
|
|
Borislav Petkov |
bb2155 |
#define pr_fmt(fmt) "" fmt
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
static void __init md_clear_update_mitigation(void)
|
|
Borislav Petkov |
bb2155 |
@@ -508,19 +599,31 @@ static void __init md_clear_update_mitig
|
|
Borislav Petkov |
bb2155 |
goto out;
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
/*
|
|
Borislav Petkov |
bb2155 |
- * mds_user_clear is now enabled. Update MDS mitigation, if
|
|
Borislav Petkov |
bb2155 |
- * necessary.
|
|
Borislav Petkov |
bb2155 |
+ * mds_user_clear is now enabled. Update MDS, TAA and MMIO Stale Data
|
|
Borislav Petkov |
bb2155 |
+ * mitigation, if necessary.
|
|
Borislav Petkov |
bb2155 |
*/
|
|
Borislav Petkov |
bb2155 |
if (mds_mitigation == MDS_MITIGATION_OFF &&
|
|
Borislav Petkov |
bb2155 |
boot_cpu_has_bug(X86_BUG_MDS)) {
|
|
Borislav Petkov |
bb2155 |
mds_mitigation = MDS_MITIGATION_FULL;
|
|
Borislav Petkov |
bb2155 |
mds_select_mitigation();
|
|
Borislav Petkov |
bb2155 |
}
|
|
Borislav Petkov |
bb2155 |
+ if (taa_mitigation == TAA_MITIGATION_OFF &&
|
|
Borislav Petkov |
bb2155 |
+ boot_cpu_has_bug(X86_BUG_TAA)) {
|
|
Borislav Petkov |
bb2155 |
+ taa_mitigation = TAA_MITIGATION_VERW;
|
|
Borislav Petkov |
bb2155 |
+ taa_select_mitigation();
|
|
Borislav Petkov |
bb2155 |
+ }
|
|
Borislav Petkov |
bb2155 |
+ if (mmio_mitigation == MMIO_MITIGATION_OFF &&
|
|
Borislav Petkov |
bb2155 |
+ boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) {
|
|
Borislav Petkov |
bb2155 |
+ mmio_mitigation = MMIO_MITIGATION_VERW;
|
|
Borislav Petkov |
bb2155 |
+ mmio_select_mitigation();
|
|
Borislav Petkov |
bb2155 |
+ }
|
|
Borislav Petkov |
bb2155 |
out:
|
|
Borislav Petkov |
bb2155 |
if (boot_cpu_has_bug(X86_BUG_MDS))
|
|
Borislav Petkov |
bb2155 |
pr_info("MDS: %s\n", mds_strings[mds_mitigation]);
|
|
Borislav Petkov |
bb2155 |
if (boot_cpu_has_bug(X86_BUG_TAA))
|
|
Borislav Petkov |
bb2155 |
pr_info("TAA: %s\n", taa_strings[taa_mitigation]);
|
|
Borislav Petkov |
bb2155 |
+ if (boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA))
|
|
Borislav Petkov |
bb2155 |
+ pr_info("MMIO Stale Data: %s\n", mmio_strings[mmio_mitigation]);
|
|
Borislav Petkov |
bb2155 |
}
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
#undef pr_fmt
|
|
Borislav Petkov |
bb2155 |
--- a/arch/x86/kvm/vmx.c
|
|
Borislav Petkov |
bb2155 |
+++ b/arch/x86/kvm/vmx.c
|
|
Borislav Petkov |
bb2155 |
@@ -9858,6 +9858,9 @@ static void __noclone vmx_vcpu_run(struc
|
|
Borislav Petkov |
bb2155 |
vmx_l1d_flush(vcpu);
|
|
Borislav Petkov |
bb2155 |
else if (static_branch_unlikely(&mds_user_clear))
|
|
Borislav Petkov |
bb2155 |
mds_clear_cpu_buffers();
|
|
Borislav Petkov |
bb2155 |
+ else if (static_branch_unlikely(&mmio_stale_data_clear) &&
|
|
Borislav Petkov |
bb2155 |
+ kvm_arch_has_assigned_device(vcpu->kvm))
|
|
Borislav Petkov |
bb2155 |
+ mds_clear_cpu_buffers();
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
asm(
|
|
Borislav Petkov |
bb2155 |
/* Store host registers */
|
|
Borislav Petkov |
bb2155 |
--- a/Documentation/admin-guide/kernel-parameters.txt
|
|
Borislav Petkov |
bb2155 |
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
|
Borislav Petkov |
bb2155 |
@@ -2481,6 +2481,7 @@
|
|
Borislav Petkov |
bb2155 |
l1tf=off [X86]
|
|
Borislav Petkov |
bb2155 |
mds=off [X86]
|
|
Borislav Petkov |
bb2155 |
tsx_async_abort=off [X86]
|
|
Borislav Petkov |
bb2155 |
+ mmio_stale_data=off [X86]
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
auto (default)
|
|
Borislav Petkov |
bb2155 |
Mitigate all CPU vulnerabilities, but leave SMT
|
|
Borislav Petkov |
bb2155 |
@@ -2497,6 +2498,7 @@
|
|
Borislav Petkov |
bb2155 |
Equivalent to: l1tf=flush,nosmt [X86]
|
|
Borislav Petkov |
bb2155 |
mds=full,nosmt [X86]
|
|
Borislav Petkov |
bb2155 |
tsx_async_abort=full,nosmt [X86]
|
|
Borislav Petkov |
bb2155 |
+ mmio_stale_data=full,nosmt [X86]
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
mminit_loglevel=
|
|
Borislav Petkov |
bb2155 |
[KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
|
|
Borislav Petkov |
bb2155 |
@@ -2506,6 +2508,40 @@
|
|
Borislav Petkov |
bb2155 |
log everything. Information is printed at KERN_DEBUG
|
|
Borislav Petkov |
bb2155 |
so loglevel=8 may also need to be specified.
|
|
Borislav Petkov |
bb2155 |
|
|
Borislav Petkov |
bb2155 |
+ mmio_stale_data=
|
|
Borislav Petkov |
bb2155 |
+ [X86,INTEL] Control mitigation for the Processor
|
|
Borislav Petkov |
bb2155 |
+ MMIO Stale Data vulnerabilities.
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ Processor MMIO Stale Data is a class of
|
|
Borislav Petkov |
bb2155 |
+ vulnerabilities that may expose data after an MMIO
|
|
Borislav Petkov |
bb2155 |
+ operation. Exposed data could originate or end in
|
|
Borislav Petkov |
bb2155 |
+ the same CPU buffers as affected by MDS and TAA.
|
|
Borislav Petkov |
bb2155 |
+ Therefore, similar to MDS and TAA, the mitigation
|
|
Borislav Petkov |
bb2155 |
+ is to clear the affected CPU buffers.
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ This parameter controls the mitigation. The
|
|
Borislav Petkov |
bb2155 |
+ options are:
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ full - Enable mitigation on vulnerable CPUs
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ full,nosmt - Enable mitigation and disable SMT on
|
|
Borislav Petkov |
bb2155 |
+ vulnerable CPUs.
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ off - Unconditionally disable mitigation
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ On MDS or TAA affected machines,
|
|
Borislav Petkov |
bb2155 |
+ mmio_stale_data=off can be prevented by an active
|
|
Borislav Petkov |
bb2155 |
+ MDS or TAA mitigation as these vulnerabilities are
|
|
Borislav Petkov |
bb2155 |
+ mitigated with the same mechanism so in order to
|
|
Borislav Petkov |
bb2155 |
+ disable this mitigation, you need to specify
|
|
Borislav Petkov |
bb2155 |
+ mds=off and tsx_async_abort=off too.
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ Not specifying this option is equivalent to
|
|
Borislav Petkov |
bb2155 |
+ mmio_stale_data=full.
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
+ For details see:
|
|
Borislav Petkov |
bb2155 |
+ Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst
|
|
Borislav Petkov |
bb2155 |
+
|
|
Borislav Petkov |
bb2155 |
module.sig_enforce
|
|
Borislav Petkov |
bb2155 |
[KNL] When CONFIG_MODULE_SIG is set, this means that
|
|
Borislav Petkov |
bb2155 |
modules without (valid) signatures will fail to load.
|