Control for Special Register Buffer Data Sampling mitigation.
New microcode update for Intel enables mitigation for SRBDS, which slows down RDSEED and related instructions. The update also provides a control to limit the mitigation to SGX enclaves, which should restore the speed of random generator by the cost of potential cross-core bufer sampling. See https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling GIve the user control over it. Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D25221
This commit is contained in:
parent
958d257ed5
commit
17edf152e5
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=362130
@ -28,7 +28,7 @@
|
|||||||
.\"
|
.\"
|
||||||
.\" $FreeBSD$
|
.\" $FreeBSD$
|
||||||
.\"
|
.\"
|
||||||
.Dd May 16, 2020
|
.Dd June 11, 2020
|
||||||
.Dt SECURITY 7
|
.Dt SECURITY 7
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -1040,6 +1040,13 @@ page table format used by hypervisors on Intel CPUs to map the guest
|
|||||||
physical address space to machine physical memory.
|
physical address space to machine physical memory.
|
||||||
May be disabled to work around a CPU Erratum called
|
May be disabled to work around a CPU Erratum called
|
||||||
Machine Check Error Avoidance on Page Size Change.
|
Machine Check Error Avoidance on Page Size Change.
|
||||||
|
.It Dv machdep.mitigations.rngds.enable
|
||||||
|
amd64 and i386.
|
||||||
|
Controls mitigation of Special Register Buffer Data Sampling versus
|
||||||
|
optimization of the MCU access.
|
||||||
|
When set to zero, the mitigation is disabled, and the RDSEED and RDRAND
|
||||||
|
instructions do not incur serialization overhead for shared buffer accesses,
|
||||||
|
and do not serialize off-core memory accessses.
|
||||||
.It Dv kern.elf32.aslr.enable
|
.It Dv kern.elf32.aslr.enable
|
||||||
Controls system-global Address Space Layout Randomization (ASLR) for
|
Controls system-global Address Space Layout Randomization (ASLR) for
|
||||||
normal non-PIE (Position Independent Executable) 32bit binaries.
|
normal non-PIE (Position Independent Executable) 32bit binaries.
|
||||||
|
@ -270,6 +270,7 @@ initializecpu(void)
|
|||||||
hw_ibrs_recalculate(false);
|
hw_ibrs_recalculate(false);
|
||||||
hw_ssb_recalculate(false);
|
hw_ssb_recalculate(false);
|
||||||
amd64_syscall_ret_flush_l1d_recalc();
|
amd64_syscall_ret_flush_l1d_recalc();
|
||||||
|
x86_rngds_mitg_recalculate(false);
|
||||||
switch (cpu_vendor_id) {
|
switch (cpu_vendor_id) {
|
||||||
case CPU_VENDOR_AMD:
|
case CPU_VENDOR_AMD:
|
||||||
case CPU_VENDOR_HYGON:
|
case CPU_VENDOR_HYGON:
|
||||||
|
@ -1791,6 +1791,9 @@ hammer_time(u_int64_t modulep, u_int64_t physfree)
|
|||||||
|
|
||||||
TUNABLE_INT_FETCH("machdep.mitigations.taa.enable", &x86_taa_enable);
|
TUNABLE_INT_FETCH("machdep.mitigations.taa.enable", &x86_taa_enable);
|
||||||
|
|
||||||
|
TUNABLE_INT_FETCH("machdep.mitigations.rndgs.enable",
|
||||||
|
&x86_rngds_mitg_enable);
|
||||||
|
|
||||||
finishidentcpu(); /* Final stage of CPU initialization */
|
finishidentcpu(); /* Final stage of CPU initialization */
|
||||||
initializecpu(); /* Initialize CPU registers */
|
initializecpu(); /* Initialize CPU registers */
|
||||||
|
|
||||||
|
@ -547,6 +547,7 @@ cpuctl_do_eval_cpu_features(int cpu, struct thread *td)
|
|||||||
#endif
|
#endif
|
||||||
hw_mds_recalculate();
|
hw_mds_recalculate();
|
||||||
x86_taa_recalculate();
|
x86_taa_recalculate();
|
||||||
|
x86_rngds_mitg_recalculate(true);
|
||||||
printcpuinfo();
|
printcpuinfo();
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
@ -95,6 +95,7 @@ extern int hw_mds_disable;
|
|||||||
extern int hw_ssb_active;
|
extern int hw_ssb_active;
|
||||||
extern int x86_taa_enable;
|
extern int x86_taa_enable;
|
||||||
extern int cpu_flush_rsb_ctxsw;
|
extern int cpu_flush_rsb_ctxsw;
|
||||||
|
extern int x86_rngds_mitg_enable;
|
||||||
|
|
||||||
struct pcb;
|
struct pcb;
|
||||||
struct thread;
|
struct thread;
|
||||||
@ -139,6 +140,7 @@ void hw_ibrs_recalculate(bool all_cpus);
|
|||||||
void hw_mds_recalculate(void);
|
void hw_mds_recalculate(void);
|
||||||
void hw_ssb_recalculate(bool all_cpus);
|
void hw_ssb_recalculate(bool all_cpus);
|
||||||
void x86_taa_recalculate(void);
|
void x86_taa_recalculate(void);
|
||||||
|
void x86_rngds_mitg_recalculate(bool all_cpus);
|
||||||
void nmi_call_kdb(u_int cpu, u_int type, struct trapframe *frame);
|
void nmi_call_kdb(u_int cpu, u_int type, struct trapframe *frame);
|
||||||
void nmi_call_kdb_smp(u_int type, struct trapframe *frame);
|
void nmi_call_kdb_smp(u_int type, struct trapframe *frame);
|
||||||
void nmi_handle_intr(u_int type, struct trapframe *frame);
|
void nmi_handle_intr(u_int type, struct trapframe *frame);
|
||||||
|
@ -1402,6 +1402,60 @@ SYSCTL_INT(_machdep_mitigations, OID_AUTO, flush_rsb_ctxsw,
|
|||||||
CTLFLAG_RW | CTLFLAG_NOFETCH, &cpu_flush_rsb_ctxsw, 0,
|
CTLFLAG_RW | CTLFLAG_NOFETCH, &cpu_flush_rsb_ctxsw, 0,
|
||||||
"Flush Return Stack Buffer on context switch");
|
"Flush Return Stack Buffer on context switch");
|
||||||
|
|
||||||
|
SYSCTL_NODE(_machdep_mitigations, OID_AUTO, rngds,
|
||||||
|
CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
|
||||||
|
"MCU Optimization, disable RDSEED mitigation");
|
||||||
|
|
||||||
|
int x86_rngds_mitg_enable = 1;
|
||||||
|
void
|
||||||
|
x86_rngds_mitg_recalculate(bool all_cpus)
|
||||||
|
{
|
||||||
|
if ((cpu_stdext_feature3 & CPUID_STDEXT3_MCUOPT) == 0)
|
||||||
|
return;
|
||||||
|
x86_msr_op(MSR_IA32_MCU_OPT_CTRL,
|
||||||
|
(x86_rngds_mitg_enable ? MSR_OP_OR : MSR_OP_ANDNOT) |
|
||||||
|
(all_cpus ? MSR_OP_RENDEZVOUS : MSR_OP_LOCAL),
|
||||||
|
IA32_RNGDS_MITG_DIS);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
sysctl_rngds_mitg_enable_handler(SYSCTL_HANDLER_ARGS)
|
||||||
|
{
|
||||||
|
int error, val;
|
||||||
|
|
||||||
|
val = x86_rngds_mitg_enable;
|
||||||
|
error = sysctl_handle_int(oidp, &val, 0, req);
|
||||||
|
if (error != 0 || req->newptr == NULL)
|
||||||
|
return (error);
|
||||||
|
x86_rngds_mitg_enable = val;
|
||||||
|
x86_rngds_mitg_recalculate(true);
|
||||||
|
return (0);
|
||||||
|
}
|
||||||
|
SYSCTL_PROC(_machdep_mitigations_rngds, OID_AUTO, enable, CTLTYPE_INT |
|
||||||
|
CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_MPSAFE, NULL, 0,
|
||||||
|
sysctl_rngds_mitg_enable_handler, "I",
|
||||||
|
"MCU Optimization, disabling RDSEED mitigation control "
|
||||||
|
"(0 - mitigation disabled (RDSEED optimized), 1 - mitigation enabled");
|
||||||
|
|
||||||
|
static int
|
||||||
|
sysctl_rngds_state_handler(SYSCTL_HANDLER_ARGS)
|
||||||
|
{
|
||||||
|
const char *state;
|
||||||
|
|
||||||
|
if ((cpu_stdext_feature3 & CPUID_STDEXT3_MCUOPT) == 0) {
|
||||||
|
state = "Not applicable";
|
||||||
|
} else if (x86_rngds_mitg_enable == 0) {
|
||||||
|
state = "RDSEED not serialized";
|
||||||
|
} else {
|
||||||
|
state = "Mitigated";
|
||||||
|
}
|
||||||
|
return (SYSCTL_OUT(req, state, strlen(state)));
|
||||||
|
}
|
||||||
|
SYSCTL_PROC(_machdep_mitigations_rngds, OID_AUTO, state,
|
||||||
|
CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
|
||||||
|
sysctl_rngds_state_handler, "A",
|
||||||
|
"MCU Optimization state");
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Enable and restore kernel text write permissions.
|
* Enable and restore kernel text write permissions.
|
||||||
* Callers must ensure that disable_wp()/restore_wp() are executed
|
* Callers must ensure that disable_wp()/restore_wp() are executed
|
||||||
|
Loading…
Reference in New Issue
Block a user