Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:dirkmueller:acdc:sp5-rebuild
xen.15298
5dcae816-x86-spec-ctrl-mitigate-TAA.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 5dcae816-x86-spec-ctrl-mitigate-TAA.patch of Package xen.15298
# Commit 8c4330818f6ee70cbf7428a40a28a73df1272d10 # Date 2019-11-12 17:12:54 +0000 # Author Andrew Cooper <andrew.cooper3@citrix.com> # Committer Andrew Cooper <andrew.cooper3@citrix.com> x86/spec-ctrl: Mitigate the TSX Asynchronous Abort sidechannel See patch documentation and comments. This is part of XSA-305 / CVE-2019-11135 Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> --- a/docs/misc/xen-command-line.markdown +++ b/docs/misc/xen-command-line.markdown @@ -1849,7 +1849,7 @@ extreme care.** An overall boolean value, `spec-ctrl=no`, can be specified to turn off all mitigations, including pieces of infrastructure used to virtualise certain mitigation features for guests. This also includes settings which `xpti`, -`smt`, `pv-l1tf` control, unless the respective option(s) have been +`smt`, `pv-l1tf`, `tsx` control, unless the respective option(s) have been specified earlier on the command line. Alternatively, a slightly more restricted `spec-ctrl=no-xen` can be used to @@ -1960,7 +1960,7 @@ pages) must also be specified via the tb = <bool> Applicability: x86 - Default: true + Default: false on parts vulnerable to TAA, true otherwise Controls for the use of Transactional Synchronization eXtensions. @@ -1970,6 +1970,19 @@ a control has been introduced which allo On systems with the ability to turn TSX off, this boolean offers system wide control of whether TSX is enabled or disabled. +On parts vulnerable to CVE-2019-11135 / TSX Asynchronous Abort, the following +logic applies: + + * An explicit `tsx=` choice is honoured, even if it is `true` and would + result in a vulnerable system. + + * When no explicit `tsx=` choice is given, parts vulnerable to TAA will be + mitigated by disabling TSX, as this is the lowest overhead option. + + * If the use of TSX is important, the more expensive TAA mitigations can be + opted in to with `smt=0 spec-ctrl=md-clear`, at which point TSX will remain + active by default. + ### ucode > `= [<integer> | scan]` --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -136,6 +136,9 @@ static int __init parse_spec_ctrl(const if ( opt_pv_l1tf_domu < 0 ) opt_pv_l1tf_domu = 0; + if ( opt_tsx == -1 ) + opt_tsx = -3; + disable_common: opt_rsb_pv = false; opt_rsb_hvm = false; @@ -346,7 +349,7 @@ static void __init print_details(enum in printk("Speculative mitigation facilities:\n"); /* Hardware features which pertain to speculative mitigations. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS/IBPB" : "", (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", @@ -358,7 +361,9 @@ static void __init print_details(enum in (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", (caps & ARCH_CAPS_SKIP_L1DFL) ? " SKIP_L1DFL": "", (caps & ARCH_CAPS_SSB_NO) ? " SSB_NO" : "", - (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : ""); + (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : "", + (caps & ARCH_CAPS_TSX_CTRL) ? " TSX_CTRL" : "", + (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : ""); /* Compiled-in support which pertains to mitigations. */ if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) || IS_ENABLED(CONFIG_SHADOW_PAGING) ) @@ -372,7 +377,7 @@ static void __init print_details(enum in "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s, Other:%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@ -381,6 +386,8 @@ static void __init print_details(enum in (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", !boot_cpu_has(X86_FEATURE_SSBD) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", + !(caps & ARCH_CAPS_TSX_CTRL) ? "" : + (opt_tsx & 1) ? " TSX+" : " TSX-", opt_ibpb ? " IBPB" : "", opt_l1d_flush ? " L1D_FLUSH" : "", opt_md_clear_pv || opt_md_clear_hvm ? " VERW" : ""); @@ -895,6 +902,7 @@ void __init init_speculation_mitigations { enum ind_thunk thunk = THUNK_DEFAULT; bool use_spec_ctrl = false, ibrs = false, hw_smt_enabled; + bool cpu_has_bug_taa; uint64_t caps = 0; if ( boot_cpu_has(X86_FEATURE_ARCH_CAPS) ) @@ -1124,6 +1132,53 @@ void __init init_speculation_mitigations "enabled. Mitigations will not be fully effective. Please\n" "choose an explicit smt=<bool> setting. See XSA-297.\n"); + /* + * Vulnerability to TAA is a little complicated to quantify. + * + * In the pipeline, it is just another way to get speculative access to + * stale load port, store buffer or fill buffer data, and therefore can be + * considered a superset of MDS (on TSX-capable parts). On parts which + * predate MDS_NO, the existing VERW flushing will mitigate this + * sidechannel as well. + * + * On parts which contain MDS_NO, the lack of VERW flushing means that an + * attacker can still use TSX to target microarchitectural buffers to leak + * secrets. Therefore, we consider TAA to be the set of TSX-capable parts + * which have MDS_NO but lack TAA_NO. + * + * Note: cpu_has_rtm (== hle) could already be hidden by `tsx=0` on the + * cmdline. MSR_TSX_CTRL will only appear on TSX-capable parts, so + * we check both to spot TSX in a microcode/cmdline independent way. + */ + cpu_has_bug_taa = + (cpu_has_rtm || (caps & ARCH_CAPS_TSX_CTRL)) && + (caps & (ARCH_CAPS_MDS_NO | ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO; + + /* + * On TAA-affected hardware, disabling TSX is the preferred mitigation, vs + * the MDS mitigation of disabling HT and using VERW flushing. + * + * On CPUs which advertise MDS_NO, VERW has no flushing side effect until + * the TSX_CTRL microcode is loaded, despite the MD_CLEAR CPUID bit being + * advertised, and there isn't a MD_CLEAR_2 flag to use... + * + * If we're on affected hardware, able to do something about it (which + * implies that VERW now works), no explicit TSX choice and traditional + * MDS mitigations (no-SMT, VERW) not obviosuly in use (someone might + * plausibly value TSX higher than Hyperthreading...), disable TSX to + * mitigate TAA. + */ + if ( opt_tsx == -1 && cpu_has_bug_taa && (caps & ARCH_CAPS_TSX_CTRL) && + ((hw_smt_enabled && opt_smt) || + !boot_cpu_has(X86_FEATURE_SC_VERW_IDLE)) ) + { + setup_clear_cpu_cap(X86_FEATURE_HLE); + setup_clear_cpu_cap(X86_FEATURE_RTM); + + opt_tsx = 0; + tsx_init(); + } + print_details(thunk, caps); /* --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -5,7 +5,8 @@ * Valid values: * 1 => Explicit tsx=1 * 0 => Explicit tsx=0 - * -1 => Default, implicit tsx=1 + * -1 => Default, implicit tsx=1, may change to 0 to mitigate TAA + * -3 => Implicit tsx=1 (feed-through from spec-ctrl=0) */ int8_t __read_mostly opt_tsx = -1; int8_t __read_mostly cpu_has_tsx_ctrl = -1; --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -56,6 +56,7 @@ #define ARCH_CAPS_MDS_NO (_AC(1, ULL) << 5) #define ARCH_CAPS_IF_PSCHANGE_MC_NO (_AC(1, ULL) << 6) #define ARCH_CAPS_TSX_CTRL (_AC(1, ULL) << 7) +#define ARCH_CAPS_TAA_NO (_AC(1, ULL) << 8) #define MSR_FLUSH_CMD 0x0000010b #define FLUSH_CMD_L1D (_AC(1, ULL) << 0)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor