Message ID | 20240329015346.635933-12-chang.seok.bae@intel.com (mailing list archive) |
---|---|
State | Deferred |
Delegated to: | Herbert Xu |
Headers | show |
Series | x86: Support Key Locker | expand |
On Thu, Mar 28, 2024 at 06:53:43PM -0700, Chang S. Bae wrote: > The Register File Data Sampling vulnerability may allow malicious > userspace programs to infer stale kernel register data, potentially > exposing sensitive key values, including AES keys. > > To address this vulnerability, a microcode update needs to be applied to > the CPU, which modifies the VERW instruction to flush the affected CPU > buffers. > > The kernel already has a facility to flush CPU buffers before returning > to userspace, which is indicated by the X86_FEATURE_CLEAR_CPU_BUF flag. > > Ensure the mitigation before enabling Key Locker. Do not enable the > feature on CPUs affected by the vulnerability but lacks mitigation. > > Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com> > Cc: Dave Hansen <dave.hansen@intel.com> > Cc: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> > --- > Change from v8: > * Add as a new patch. > > Note that the code change follows the mitigation guidance [1]: > "Software loading Key Locker keys using LOADIWKEY should execute a VERW > to clear registers before transitioning to untrusted code to prevent > later software from inferring the loaded key." > > [1] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html > --- > arch/x86/kernel/keylocker.c | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) > > diff --git a/arch/x86/kernel/keylocker.c b/arch/x86/kernel/keylocker.c > index d4f3aa65ea8a..6e805c4da76d 100644 > --- a/arch/x86/kernel/keylocker.c > +++ b/arch/x86/kernel/keylocker.c > @@ -135,12 +135,29 @@ static bool __init have_gds_mitigation(void) > return false; > } > > +/* > + * IA32_ARCH_CAPABILITIES MSR is retrieved during the setting of > + * X86_BUG_RFDS. Ensure that the mitigation is applied to flush CPU > + * buffers by checking the flag. > + */ > +static bool __init have_rfds_mitigation(void) > +{ > + if (boot_cpu_has(X86_FEATURE_CLEAR_CPU_BUF)) > + return true; X86_FEATURE_CLEAR_CPU_BUF is also set by other VERW based mitigations like MDS. The feature flag does not guarantee that the microcode required to mitigate RFDS is loaded. A more robust check would be: if (rfds_mitigation == RFDS_MITIGATION_VERW) return true; And it would be apt to move this function to arch/x86/kernel/cpu/bugs.c > + > + pr_warn("x86/keylocker: Susceptible to the RFDS vulnerability.\n"); > + return false; > +} > + > /* Check if Key Locker is secure enough to be used. */ > static bool __init secure_keylocker(void) > { > if (boot_cpu_has_bug(X86_BUG_GDS) && !have_gds_mitigation()) > return false; > > + if (boot_cpu_has_bug(X86_BUG_RFDS) && !have_rfds_mitigation()) > + return false; > + > return true; > }
diff --git a/arch/x86/kernel/keylocker.c b/arch/x86/kernel/keylocker.c index d4f3aa65ea8a..6e805c4da76d 100644 --- a/arch/x86/kernel/keylocker.c +++ b/arch/x86/kernel/keylocker.c @@ -135,12 +135,29 @@ static bool __init have_gds_mitigation(void) return false; } +/* + * IA32_ARCH_CAPABILITIES MSR is retrieved during the setting of + * X86_BUG_RFDS. Ensure that the mitigation is applied to flush CPU + * buffers by checking the flag. + */ +static bool __init have_rfds_mitigation(void) +{ + if (boot_cpu_has(X86_FEATURE_CLEAR_CPU_BUF)) + return true; + + pr_warn("x86/keylocker: Susceptible to the RFDS vulnerability.\n"); + return false; +} + /* Check if Key Locker is secure enough to be used. */ static bool __init secure_keylocker(void) { if (boot_cpu_has_bug(X86_BUG_GDS) && !have_gds_mitigation()) return false; + if (boot_cpu_has_bug(X86_BUG_RFDS) && !have_rfds_mitigation()) + return false; + return true; }
The Register File Data Sampling vulnerability may allow malicious userspace programs to infer stale kernel register data, potentially exposing sensitive key values, including AES keys. To address this vulnerability, a microcode update needs to be applied to the CPU, which modifies the VERW instruction to flush the affected CPU buffers. The kernel already has a facility to flush CPU buffers before returning to userspace, which is indicated by the X86_FEATURE_CLEAR_CPU_BUF flag. Ensure the mitigation before enabling Key Locker. Do not enable the feature on CPUs affected by the vulnerability but lacks mitigation. Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> --- Change from v8: * Add as a new patch. Note that the code change follows the mitigation guidance [1]: "Software loading Key Locker keys using LOADIWKEY should execute a VERW to clear registers before transitioning to untrusted code to prevent later software from inferring the loaded key." [1] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html --- arch/x86/kernel/keylocker.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)