[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen stable-4.12] x86/spec-ctrl: Mitigate the Special Register Buffer Data Sampling sidechannel
commit 199ae1f15894bd1bdefdf7c3e44688127be3ba19 Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> AuthorDate: Wed Jan 8 19:47:46 2020 +0000 Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CommitDate: Tue Jun 9 17:45:49 2020 +0100 x86/spec-ctrl: Mitigate the Special Register Buffer Data Sampling sidechannel See patch documentation and comments. This is part of XSA-320 / CVE-2020-0543 Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> (cherry picked from commit 6a49b9a7920c82015381740905582b666160d955) --- docs/misc/xen-command-line.pandoc | 8 +++++++- xen/arch/x86/acpi/power.c | 3 +++ xen/arch/x86/smpboot.c | 8 +++++--- xen/arch/x86/spec_ctrl.c | 41 ++++++++++++++++++++++++++++++++++++++- xen/include/asm-x86/spec_ctrl.h | 2 ++ 5 files changed, 57 insertions(+), 5 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index dbdaee92dc..337fbf0492 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -1909,7 +1909,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ <bool>, xen=<bool>, {pv,hvm,msr-sc,rsb,md-clear}=<bool>, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu, -> l1d-flush}=<bool> ]` +> l1d-flush,srb-lock}=<bool> ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -1981,6 +1981,12 @@ Irrespective of Xen's setting, the feature is virtualised for HVM guests to use. By default, Xen will enable this mitigation on hardware believed to be vulnerable to L1TF. +On hardware supporting SRBDS_CTRL, the `srb-lock=` option can be used to force +or prevent Xen from protect the Special Register Buffer from leaking stale +data. By default, Xen will enable this mitigation, except on parts where MDS +is fixed and TAA is fixed/mitigated (in which case, there is believed to be no +way for an attacker to obtain the stale data). + ### sync_console > `= <boolean>` diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index c1d772f63f..a07aa3b9ed 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -266,6 +266,9 @@ static int enter_state(u32 state) ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); spec_ctrl_exit_idle(ci); + if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + done: spin_debug_enable(); local_irq_restore(flags); diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 699e21bfb7..b741d1354a 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -369,12 +369,14 @@ void start_secondary(void *unused) microcode_resume_cpu(cpu); /* - * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard - * any firmware settings. Note: MSR_SPEC_CTRL may only become available - * after loading microcode. + * If any speculative control MSRs are available, apply Xen's default + * settings. Note: These MSRs may only become available after loading + * microcode. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); tsx_init(); /* Needs microcode. May change HLE/RTM feature bits. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 5158e012ca..e2fcefc86a 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -64,6 +64,9 @@ static unsigned int __initdata l1d_maxphysaddr; static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */ +static int8_t __initdata opt_srb_lock = -1; +uint64_t __read_mostly default_xen_mcu_opt_ctrl; + static int __init parse_spec_ctrl(const char *s) { const char *ss; @@ -110,6 +113,7 @@ static int __init parse_spec_ctrl(const char *s) opt_ibpb = false; opt_ssbd = false; opt_l1d_flush = 0; + opt_srb_lock = 0; } else if ( val > 0 ) rc = -EINVAL; @@ -175,6 +179,8 @@ static int __init parse_spec_ctrl(const char *s) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) opt_l1d_flush = val; + else if ( (val = parse_boolean("srb-lock", s, ss)) >= 0 ) + opt_srb_lock = val; else rc = -EINVAL; @@ -338,7 +344,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@ -349,6 +355,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", + !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : + opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", opt_ibpb ? " IBPB" : "", opt_l1d_flush ? " L1D_FLUSH" : "", opt_md_clear_pv || opt_md_clear_hvm ? " VERW" : ""); @@ -1142,6 +1150,34 @@ void __init init_speculation_mitigations(void) tsx_init(); } + /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */ + if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + { + uint64_t val; + + rdmsrl(MSR_MCU_OPT_CTRL, val); + + /* + * On some SRBDS-affected hardware, it may be safe to relax srb-lock + * by default. + * + * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only way + * to access the Fill Buffer. If TSX isn't available (inc. SKU + * reasons on some models), or TSX is explicitly disabled, then there + * is no need for the extra overhead to protect RDRAND/RDSEED. + */ + if ( opt_srb_lock == -1 && + (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO && + (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && opt_tsx == 0)) ) + opt_srb_lock = 0; + + val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS; + if ( !opt_srb_lock ) + val |= MCU_OPT_CTRL_RNGDS_MITG_DIS; + + default_xen_mcu_opt_ctrl = val; + } + print_details(thunk, caps); /* @@ -1173,6 +1209,9 @@ void __init init_speculation_mitigations(void) wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); } + + if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); } static void __init __maybe_unused build_assertions(void) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index ba03bb42e5..59bab1a41b 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -53,6 +53,8 @@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu; */ extern paddr_t l1tf_addr_mask, l1tf_safe_maddr; +extern uint64_t default_xen_mcu_opt_ctrl; + static inline void init_shadow_spec_ctrl_state(void) { struct cpu_info *info = get_cpu_info(); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |