• Pawan Gupta's avatar
    x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data · 8cb861e9
    Pawan Gupta authored
    Processor MMIO Stale Data is a class of vulnerabilities that may
    expose data after an MMIO operation. For details please refer to
    Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst.
    
    These vulnerabilities are broadly categorized as:
    
    Device Register Partial Write (DRPW):
      Some endpoint MMIO registers incorrectly handle writes that are
      smaller than the register size. Instead of aborting the write or only
      copying the correct subset of bytes (for example, 2 bytes for a 2-byte
      write), more bytes than specified by the write transaction may be
      written to the register. On some processors, this may expose stale
      data from the fill buffers of the core that created the write
      transaction.
    
    Shared Buffers Data Sampling (SBDS):
      After propagators may have moved data around the uncore and copied
      stale data into client core fill buffers, processors affected by MFBDS
      can leak data from the fill buffer.
    
    Shared Buffers Data Read (SBDR):
      It is similar to Shared Buffer Data Sampling (SBDS) except that the
      data is directly read into the architectural software-visible state.
    
    An attacker can use these vulnerabilities to extract data from CPU fill
    buffers using MDS and TAA methods. Mitigate it by clearing the CPU fill
    buffers using the VERW instruction before returning to a user or a
    guest.
    
    On CPUs not affected by MDS and TAA, user application cannot sample data
    from CPU fill buffers using MDS or TAA. A guest with MMIO access can
    still use DRPW or SBDR to extract data architecturally. Mitigate it with
    VERW instruction to clear fill buffers before VMENTER for MMIO capable
    guests.
    
    Add a kernel parameter mmio_stale_data={off|full|full,nosmt} to control
    the mitigation.
    Signed-off-by: default avatarPawan Gupta <pawan.kumar.gupta@linux.intel.com>
    Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
    8cb861e9
bugs.c 56.8 KB