[PATCH v9 11/14] x86/cpu/keylocker: Check Register File Data Sampling mitigation

From: Chang S. Bae
Date: Thu Mar 28 2024 - 22:13:11 EST

Next message: Huacai Chen: "Re: [PATCH] LoongArch: Select ARCH_HAS_FAST_MULTIPLIER"
Previous message: Chang S. Bae: "[PATCH v9 10/14] x86/cpu/keylocker: Check Gather Data Sampling mitigation"
In reply to: Pawan Gupta: "Re: [PATCH v9 10/14] x86/cpu/keylocker: Check Gather Data Sampling mitigation"
Next in thread: Pawan Gupta: "Re: [PATCH v9 11/14] x86/cpu/keylocker: Check Register File Data Sampling mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The Register File Data Sampling vulnerability may allow malicious
userspace programs to infer stale kernel register data, potentially
exposing sensitive key values, including AES keys.

To address this vulnerability, a microcode update needs to be applied to
the CPU, which modifies the VERW instruction to flush the affected CPU
buffers.

The kernel already has a facility to flush CPU buffers before returning
to userspace, which is indicated by the X86_FEATURE_CLEAR_CPU_BUF flag.

Ensure the mitigation before enabling Key Locker. Do not enable the
feature on CPUs affected by the vulnerability but lacks mitigation.

Signed-off-by: Chang S. Bae <chang.seok.bae@xxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxx>
Cc: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>
---
Change from v8:
* Add as a new patch.

Note that the code change follows the mitigation guidance [1]:
"Software loading Key Locker keys using LOADIWKEY should execute a VERW
to clear registers before transitioning to untrusted code to prevent
later software from inferring the loaded key."

[1] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html
---
arch/x86/kernel/keylocker.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)

diff --git a/arch/x86/kernel/keylocker.c b/arch/x86/kernel/keylocker.c
index d4f3aa65ea8a..6e805c4da76d 100644
--- a/arch/x86/kernel/keylocker.c
+++ b/arch/x86/kernel/keylocker.c
@@ -135,12 +135,29 @@ static bool __init have_gds_mitigation(void)
return false;
}

+/*
+ * IA32_ARCH_CAPABILITIES MSR is retrieved during the setting of
+ * X86_BUG_RFDS. Ensure that the mitigation is applied to flush CPU
+ * buffers by checking the flag.
+ */
+static bool __init have_rfds_mitigation(void)
+{
+ if (boot_cpu_has(X86_FEATURE_CLEAR_CPU_BUF))
+ return true;
+
+ pr_warn("x86/keylocker: Susceptible to the RFDS vulnerability.\n");
+ return false;
+}
+
/* Check if Key Locker is secure enough to be used. */
static bool __init secure_keylocker(void)
{
if (boot_cpu_has_bug(X86_BUG_GDS) && !have_gds_mitigation())
return false;

+ if (boot_cpu_has_bug(X86_BUG_RFDS) && !have_rfds_mitigation())
+ return false;
+
return true;
}

--
2.34.1

Next message: Huacai Chen: "Re: [PATCH] LoongArch: Select ARCH_HAS_FAST_MULTIPLIER"
Previous message: Chang S. Bae: "[PATCH v9 10/14] x86/cpu/keylocker: Check Gather Data Sampling mitigation"
In reply to: Pawan Gupta: "Re: [PATCH v9 10/14] x86/cpu/keylocker: Check Gather Data Sampling mitigation"
Next in thread: Pawan Gupta: "Re: [PATCH v9 11/14] x86/cpu/keylocker: Check Register File Data Sampling mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]