[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen master] x86: support data operand independent timing mode



commit bad1ac345b1910b820b8a703ad1b9f66412ea844
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Fri Oct 20 15:50:05 2023 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Oct 20 15:50:05 2023 +0200

    x86: support data operand independent timing mode
    
    [1] specifies a long list of instructions which are intended to exhibit
    timing behavior independent of the data they operate on. On certain
    hardware this independence is optional, controlled by a bit in a new
    MSR. Provide a command line option to control the mode Xen and its
    guests are to operate in, with a build time control over the default.
    Longer term we may want to allow guests to control this.
    
    Since Arm64 supposedly also has such a control, put command line option
    and Kconfig control in common files.
    
    [1] 
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/data-operand-independent-timing-isa-guidance.html
    
    Requested-by: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
    Release-acked-by: Henry Wang <Henry.Wang@xxxxxxx>
---
 CHANGELOG.md                          |  2 ++
 docs/misc/xen-command-line.pandoc     | 11 +++++++++++
 xen/arch/x86/Kconfig                  |  1 +
 xen/arch/x86/cpu/common.c             | 24 ++++++++++++++++++++++++
 xen/arch/x86/include/asm/cpufeature.h |  1 +
 xen/common/Kconfig                    | 18 ++++++++++++++++++
 xen/common/kernel.c                   |  5 +++++
 xen/include/xen/param.h               |  2 ++
 8 files changed, 64 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 165c5caf9b..5f2694afbe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -33,6 +33,8 @@ The format is based on [Keep a 
Changelog](https://keepachangelog.com/en/1.0.0/)
    nodes using a device tree overlay binary (.dtbo).
  - Introduce two new hypercalls to map the vCPU runstate and time areas by
    physical rather than linear/virtual addresses.
+ - On x86, support for enforcing system-wide operation in Data Operand
+   Independent Timing Mode.
 
 ### Removed
  - On x86, the "pku" command line option has been removed.  It has never
diff --git a/docs/misc/xen-command-line.pandoc 
b/docs/misc/xen-command-line.pandoc
index 9121d8a294..6b07d0f3a1 100644
--- a/docs/misc/xen-command-line.pandoc
+++ b/docs/misc/xen-command-line.pandoc
@@ -788,6 +788,17 @@ Specify the size of the console debug trace buffer. By 
specifying `cpu:`
 additionally a trace buffer of the specified size is allocated per cpu.
 The debug trace feature is only enabled in debugging builds of Xen.
 
+### dit (x86/Intel)
+> `= <boolean>`
+
+> Default: `CONFIG_DIT_DEFAULT`
+
+Specify whether Xen and guests should operate in Data Independent Timing
+mode (Intel calls this DOITM, Data Operand Independent Timing Mode). Note
+that enabling this option cannot guarantee anything beyond what underlying
+hardware guarantees (with, where available and known to Xen, respective
+tweaks applied).
+
 ### dma_bits
 > `= <integer>`
 
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index 30df085d96..eac77573bd 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -15,6 +15,7 @@ config X86
        select HAS_ALTERNATIVE
        select HAS_COMPAT
        select HAS_CPUFREQ
+       select HAS_DIT
        select HAS_EHCI
        select HAS_EX_TABLE
        select HAS_FAST_MULTIPLY
diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c
index 3fd4fd0654..51509fece0 100644
--- a/xen/arch/x86/cpu/common.c
+++ b/xen/arch/x86/cpu/common.c
@@ -204,6 +204,28 @@ void ctxt_switch_levelling(const struct vcpu *next)
                alternative_vcall(ctxt_switch_masking, next);
 }
 
+static void setup_doitm(void)
+{
+    uint64_t msr;
+
+    if ( !cpu_has_doitm )
+        return;
+
+    /*
+     * We don't currently enumerate DOITM to guests.  As a conseqeuence, guest
+     * kernels will believe they're safe even when they are not.
+     *
+     * For now, set it unilaterally.  This prevents otherwise-correct crypto
+     * code from becoming vulnerable to timing sidechannels.
+     */
+
+    rdmsrl(MSR_UARCH_MISC_CTRL, msr);
+    msr |= UARCH_CTRL_DOITM;
+    if ( !opt_dit )
+        msr &= ~UARCH_CTRL_DOITM;
+    wrmsrl(MSR_UARCH_MISC_CTRL, msr);
+}
+
 bool opt_cpu_info;
 boolean_param("cpuinfo", opt_cpu_info);
 
@@ -599,6 +621,8 @@ void identify_cpu(struct cpuinfo_x86 *c)
 
                mtrr_bp_init();
        }
+
+       setup_doitm();
 }
 
 /* leaf 0xb SMT level */
diff --git a/xen/arch/x86/include/asm/cpufeature.h 
b/xen/arch/x86/include/asm/cpufeature.h
index 213c184b1c..06e1dd7f33 100644
--- a/xen/arch/x86/include/asm/cpufeature.h
+++ b/xen/arch/x86/include/asm/cpufeature.h
@@ -202,6 +202,7 @@ static inline bool boot_cpu_has(unsigned int feat)
 #define cpu_has_tsx_ctrl        boot_cpu_has(X86_FEATURE_TSX_CTRL)
 #define cpu_has_taa_no          boot_cpu_has(X86_FEATURE_TAA_NO)
 #define cpu_has_mcu_ctrl        boot_cpu_has(X86_FEATURE_MCU_CTRL)
+#define cpu_has_doitm           boot_cpu_has(X86_FEATURE_DOITM)
 #define cpu_has_fb_clear        boot_cpu_has(X86_FEATURE_FB_CLEAR)
 #define cpu_has_rrsba           boot_cpu_has(X86_FEATURE_RRSBA)
 #define cpu_has_gds_ctrl        boot_cpu_has(X86_FEATURE_GDS_CTRL)
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 407b7b1cd6..4d6fe05164 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -56,6 +56,9 @@ config HAS_COMPAT
 config HAS_DEVICE_TREE
        bool
 
+config HAS_DIT # Data Independent Timing
+       bool
+
 config HAS_EX_TABLE
        bool
 
@@ -187,6 +190,21 @@ config SPECULATIVE_HARDEN_GUEST_ACCESS
 
 endmenu
 
+config DIT_DEFAULT
+       bool "Data Independent Timing default"
+       depends on HAS_DIT
+       help
+         Hardware often surfaces instructions the timing of which is dependent
+         on the data they process.  Some of these instructions may be used in
+         timing sensitive environments, e.g. cryptography.  When such
+         instructions exist, hardware may further surface a control allowing
+         to make the behavior of such instructions independent of the data
+         they act upon.  Note the build time value can be overridden at runtime
+         using the "dit" command line option.
+
+         NB: Intel calls the feature DOITM (Data Operand Independent Timing
+             Mode).
+
 config HYPFS
        bool "Hypervisor file system support"
        default y
diff --git a/xen/common/kernel.c b/xen/common/kernel.c
index b6302e44b3..e928d0b231 100644
--- a/xen/common/kernel.c
+++ b/xen/common/kernel.c
@@ -28,6 +28,11 @@ CHECK_feature_info;
 
 enum system_state system_state = SYS_STATE_early_boot;
 
+#ifdef CONFIG_HAS_DIT
+bool __ro_after_init opt_dit = IS_ENABLED(CONFIG_DIT_DEFAULT);
+boolean_param("dit", opt_dit);
+#endif
+
 static xen_commandline_t saved_cmdline;
 static const char __initconst opt_builtin_cmdline[] = CONFIG_CMDLINE;
 
diff --git a/xen/include/xen/param.h b/xen/include/xen/param.h
index 1b2c7db954..93c3fe7cb7 100644
--- a/xen/include/xen/param.h
+++ b/xen/include/xen/param.h
@@ -184,6 +184,8 @@ extern struct param_hypfs __paramhypfs_start[], 
__paramhypfs_end[];
     string_param(_name, _var); \
     string_runtime_only_param(_name, _var)
 
+extern bool opt_dit;
+
 static inline void no_config_param(const char *cfg, const char *param,
                                    const char *s, const char *e)
 {
--
generated by git-patchbot for /home/xen/git/xen.git#master



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.