iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8cb861e9e3
linux/arch
History
Pawan Gupta 8cb861e9e3 x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data 
Processor MMIO Stale Data is a class of vulnerabilities that may
expose data after an MMIO operation. For details please refer to
Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst.

These vulnerabilities are broadly categorized as:

Device Register Partial Write (DRPW):
  Some endpoint MMIO registers incorrectly handle writes that are
  smaller than the register size. Instead of aborting the write or only
  copying the correct subset of bytes (for example, 2 bytes for a 2-byte
  write), more bytes than specified by the write transaction may be
  written to the register. On some processors, this may expose stale
  data from the fill buffers of the core that created the write
  transaction.

Shared Buffers Data Sampling (SBDS):
  After propagators may have moved data around the uncore and copied
  stale data into client core fill buffers, processors affected by MFBDS
  can leak data from the fill buffer.

Shared Buffers Data Read (SBDR):
  It is similar to Shared Buffer Data Sampling (SBDS) except that the
  data is directly read into the architectural software-visible state.

An attacker can use these vulnerabilities to extract data from CPU fill
buffers using MDS and TAA methods. Mitigate it by clearing the CPU fill
buffers using the VERW instruction before returning to a user or a
guest.

On CPUs not affected by MDS and TAA, user application cannot sample data
from CPU fill buffers using MDS or TAA. A guest with MMIO access can
still use DRPW or SBDR to extract data architecturally. Mitigate it with
VERW instruction to clear fill buffers before VMENTER for MMIO capable
guests.

Add a kernel parameter mmio_stale_data={off|full|full,nosmt} to control
the mitigation.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
2022-05-21 12:14:52 +02:00
..
alpha Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2022-04-01 19:57:03 -07:00
arc ARC: remove redundant READ_ONCE() in cmpxchg loop 2022-04-18 14:47:05 -07:00
arm hotfixes for 5.18-rc7 2022-05-13 10:22:37 -07:00
arm64 hotfixes for 5.18-rc7 2022-05-13 10:22:37 -07:00
csky ptrace: Cleanups for v5.18 2022-03-28 17:29:53 -07:00
h8300 Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2022-04-01 19:57:03 -07:00
hexagon ptrace: Cleanups for v5.18 2022-03-28 17:29:53 -07:00
ia64 Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2022-04-01 19:57:03 -07:00
m68k Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2022-04-01 19:57:03 -07:00
microblaze Kbuild updates for v5.18 2022-03-31 11:59:03 -07:00
mips MIPS: Fix CP0 counter erratum detection for R4k CPUs 2022-04-29 15:52:00 +02:00
nios2 ptrace: Cleanups for v5.18 2022-03-28 17:29:53 -07:00
openrisc ptrace: Cleanups for v5.18 2022-03-28 17:29:53 -07:00
parisc Revert "parisc: Increase parisc_cache_flush_threshold setting" 2022-05-08 20:13:36 +02:00
powerpc powerpc fixes for 5.18 #5 2022-05-15 06:46:03 -07:00
riscv RISC-V Fix for 5.18-rc6 2022-05-06 11:30:59 -07:00
s390 KVM: s390: vsie/gmap: reduce gmap_rmap overhead 2022-05-03 15:15:44 +02:00
sh Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2022-04-01 19:57:03 -07:00
sparc sparc: cacheflush_32.h needs struct page 2022-04-23 09:27:17 -07:00
um Kbuild fixes for v5.18 2022-04-02 12:33:31 -07:00
x86 x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data 2022-05-21 12:14:52 +02:00
xtensa xtensa: fix a7 clobbering in coprocessor context load/store 2022-04-15 18:44:02 -07:00
.gitignore
Kconfig vmalloc: replace VM_NO_HUGE_VMAP with VM_ALLOW_HUGE_VMAP 2022-04-19 12:08:57 -07:00