1.. SPDX-License-Identifier: GPL-2.0
2
3SRBDS - Special Register Buffer Data Sampling
4=============================================
5
6SRBDS is a hardware vulnerability that allows MDS :doc:`mds` techniques to
7infer values returned from special register accesses.  Special register
8accesses are accesses to off core registers.  According to Intel's evaluation,
9the special register reads that have a security expectation of privacy are
10RDRAND, RDSEED and SGX EGETKEY.
11
12When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved
13to the core through the special register mechanism that is susceptible
14to MDS attacks.
15
16Affected processors
17--------------------
18Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may
19be affected.
20
21A processor is affected by SRBDS if its Family_Model and stepping is
22in the following list, with the exception of the listed processors
23exporting MDS_NO while Intel TSX is available yet not enabled. The
24latter class of processors are only affected when Intel TSX is enabled
25by software using TSX_CTRL_MSR otherwise they are not affected.
26
27  =============  ============  ========
28  common name    Family_Model  Stepping
29  =============  ============  ========
30  Haswell        06_3CH        All
31  Haswell_L      06_45H        All
32  Haswell_G      06_46H        All
33
34  Broadwell_G    06_47H        All
35  Broadwell      06_3DH        All
36
37  Skylake_L      06_4EH        All
38  Skylake        06_5EH        All
39
40  Kabylake_L     06_8EH        <=0xC
41
42  Kabylake       06_9EH        <=0xD
43  =============  ============  ========
44
45Related CVEs
46------------
47
48The following CVE entry is related to this SRBDS issue:
49
50    ==============  =====  =====================================
51    CVE-2020-0543   SRBDS  Special Register Buffer Data Sampling
52    ==============  =====  =====================================
53
54Attack scenarios
55----------------
56An unprivileged user can extract values returned from RDRAND and RDSEED
57executed on another core or sibling thread using MDS techniques.
58
59
60Mitigation mechanism
61-------------------
62Intel will release microcode updates that modify the RDRAND, RDSEED, and
63EGETKEY instructions to overwrite secret special register data in the shared
64staging buffer before the secret data can be accessed by another logical
65processor.
66
67During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core
68accesses from other logical processors will be delayed until the special
69register read is complete and the secret data in the shared staging buffer is
70overwritten.
71
72This has three effects on performance:
73
74#. RDRAND, RDSEED, or EGETKEY instructions have higher latency.
75
76#. Executing RDRAND at the same time on multiple logical processors will be
77   serialized, resulting in an overall reduction in the maximum RDRAND
78   bandwidth.
79
80#. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other
81   logical processors that miss their core caches, with an impact similar to
82   legacy locked cache-line-split accesses.
83
84The microcode updates provide an opt-out mechanism (RNGDS_MITG_DIS) to disable
85the mitigation for RDRAND and RDSEED instructions executed outside of Intel
86Software Guard Extensions (Intel SGX) enclaves. On logical processors that
87disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not
88take longer to execute and do not impact performance of sibling logical
89processors memory accesses. The opt-out mechanism does not affect Intel SGX
90enclaves (including execution of RDRAND or RDSEED inside an enclave, as well
91as EGETKEY execution).
92
93IA32_MCU_OPT_CTRL MSR Definition
94--------------------------------
95Along with the mitigation for this issue, Intel added a new thread-scope
96IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and
97RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL =
989]==1. This MSR is introduced through the microcode update.
99
100Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor
101disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX
102enclave on that logical processor. Opting out of the mitigation for a
103particular logical processor does not affect the RDRAND and RDSEED mitigations
104for other logical processors.
105
106Note that inside of an Intel SGX enclave, the mitigation is applied regardless
107of the value of RNGDS_MITG_DS.
108
109Mitigation control on the kernel command line
110---------------------------------------------
111The kernel command line allows control over the SRBDS mitigation at boot time
112with the option "srbds=".  The option for this is:
113
114  ============= =============================================================
115  off           This option disables SRBDS mitigation for RDRAND and RDSEED on
116                affected platforms.
117  ============= =============================================================
118
119SRBDS System Information
120-----------------------
121The Linux kernel provides vulnerability status information through sysfs.  For
122SRBDS this can be accessed by the following sysfs file:
123/sys/devices/system/cpu/vulnerabilities/srbds
124
125The possible values contained in this file are:
126
127 ============================== =============================================
128 Not affected                   Processor not vulnerable
129 Vulnerable                     Processor vulnerable and mitigation disabled
130 Vulnerable: No microcode       Processor vulnerable and microcode is missing
131                                mitigation
132 Mitigation: Microcode          Processor is vulnerable and mitigation is in
133                                effect.
134 Mitigation: TSX disabled       Processor is only vulnerable when TSX is
135                                enabled while this system was booted with TSX
136                                disabled.
137 Unknown: Dependent on
138 hypervisor status              Running on virtual guest processor that is
139                                affected but with no way to know if host
140                                processor is mitigated or vulnerable.
141 ============================== =============================================
142
143SRBDS Default mitigation
144------------------------
145This new microcode serializes processor access during execution of RDRAND,
146RDSEED ensures that the shared buffer is overwritten before it is released for
147reuse.  Use the "srbds=off" kernel command line to disable the mitigation for
148RDRAND and RDSEED.
149