Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp1183168ybk; Sat, 16 May 2020 03:41:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzX+TTs/x/lLPbuMp6hh9/lHdv7fs59Pw1MJrZgAKyM3q/gmlgDQQBKcGyYU01edSiims2N X-Received: by 2002:a17:906:17c1:: with SMTP id u1mr6849986eje.47.1589625695348; Sat, 16 May 2020 03:41:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589625695; cv=none; d=google.com; s=arc-20160816; b=loQZFImMAHwlWvp6isr/T5MD3k0hYkiU81VdJr2QDw1tV2rDDFdVG8zkqgraZIT2we m/U/GM7db/XAoe5cwe2WbiS3RI5Cv9XYOe1Uw3lDKiA96v1obPPa3hj4Y4HZFlyNvBww yaql+8mmrkaAitZPkxPybypP7ZcABL4P9QpV41ievH4StuZWnGYpj8xzo78+TYuohmjL 1Ll3677AMpE43ePPugoZqqD/MtbMXIGCwDh5UC0+46OqfR8Rs6j9ZJZ4T+NxOvB3hd9p jaopfu2MLpxgm7pq4ZZw5AUKTri7vlND97F2ZTpzv94TFTT74BkRzcCIGsoBMD8fcZC9 2/Zg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:ironport-sdr:dkim-signature; bh=cVDMJB0V69N/ERG1QjOibR3boSPJLVANnsa6lUHRia0=; b=y0//ktVXoQOJl1XzvwFOtsWY36+NUIQyzbJ0tHXDSapV01ZwQFjMEKifHpXc0xhG/F NqvZp27+4hpdRQ1wzRw6vKap6Ir9hPQIk8rzQRyK8wjd8vRQNSFzWgdnllqVDItj6r2W Dg48QOF3dt34Ji3ag24n6CJBav3iNPdFiUZDTNm/M6yxcQJaGKgWKjsR17EAryWiCJCf 1k5T+hrgrX3JOfUnVhr3SM2ZEtEplNwYMJb9BF/WxGHJQiWJwE6jKJwbZv30j6BYpeTI vujgAGDpsnhIDzh+0Pc1SsnvO+xAClppINNdANsntp/XDmKmy5qvpHjisJJphGqwN8XM quEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=iPmDYyKn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g17si2710209ejm.271.2020.05.16.03.41.11; Sat, 16 May 2020 03:41:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=iPmDYyKn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726245AbgEPKfA (ORCPT + 99 others); Sat, 16 May 2020 06:35:00 -0400 Received: from smtp-fw-9102.amazon.com ([207.171.184.29]:39985 "EHLO smtp-fw-9102.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726206AbgEPKe6 (ORCPT ); Sat, 16 May 2020 06:34:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1589625298; x=1621161298; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=cVDMJB0V69N/ERG1QjOibR3boSPJLVANnsa6lUHRia0=; b=iPmDYyKnF6DQf+Cu/vP90jPiQjECZxcV2Y4jyBrflpy4yY8Etp5I5hpo rXMJt717I3uBp4VWqbIgF9P6Bqi5Avwapl9lkwAt5mNtLp89sA2HxPygS 8jyW/wBVxLNXENd3gVAdoESEH4cr9aQSdZujCamwfjhKY/4z+YFgfkVWs g=; IronPort-SDR: NKhafI7VX0wXECoSUxVeij0Q/LKQnWx2NeHwWSnaHPX9QhBVxXfQqpf2bKXVmiLXAOuV2MB2/6 RKnH/BODUqJg== X-IronPort-AV: E=Sophos;i="5.73,398,1583193600"; d="scan'208";a="43784268" Received: from sea32-co-svc-lb4-vlan2.sea.corp.amazon.com (HELO email-inbound-relay-2a-538b0bfb.us-west-2.amazon.com) ([10.47.23.34]) by smtp-border-fw-out-9102.sea19.amazon.com with ESMTP; 16 May 2020 10:34:57 +0000 Received: from EX13MTAUWA001.ant.amazon.com (pdx4-ws-svc-p6-lb7-vlan3.pdx.amazon.com [10.170.41.166]) by email-inbound-relay-2a-538b0bfb.us-west-2.amazon.com (Postfix) with ESMTPS id 267EFA16E3; Sat, 16 May 2020 10:34:56 +0000 (UTC) Received: from EX13D01UWA004.ant.amazon.com (10.43.160.99) by EX13MTAUWA001.ant.amazon.com (10.43.160.58) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sat, 16 May 2020 10:34:55 +0000 Received: from EX13MTAUWA001.ant.amazon.com (10.43.160.58) by EX13d01UWA004.ant.amazon.com (10.43.160.99) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sat, 16 May 2020 10:34:55 +0000 Received: from localhost (10.85.1.185) by mail-relay.amazon.com (10.43.160.118) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Sat, 16 May 2020 10:34:54 +0000 From: Balbir Singh To: , CC: , , , , , , , Balbir Singh Subject: [PATCH v7 3/3] Documentation: Add L1D flushing Documentation Date: Sat, 16 May 2020 20:34:30 +1000 Message-ID: <20200516103430.26527-4-sblbir@amazon.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200516103430.26527-1-sblbir@amazon.com> References: <20200516103430.26527-1-sblbir@amazon.com> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add documentation of l1d flushing, explain the need for the feature and how it can be used. [tglx: Reword the documentation] Signed-off-by: Thomas Gleixner Signed-off-by: Balbir Singh Reviewed-by: Kees Cook --- Documentation/admin-guide/hw-vuln/index.rst | 1 + .../admin-guide/hw-vuln/l1d_flush.rst | 51 +++++++++++++++++++ Documentation/userspace-api/spec_ctrl.rst | 7 +++ 3 files changed, 59 insertions(+) create mode 100644 Documentation/admin-guide/hw-vuln/l1d_flush.rst diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst index 0795e3c2643f..35633b299d45 100644 --- a/Documentation/admin-guide/hw-vuln/index.rst +++ b/Documentation/admin-guide/hw-vuln/index.rst @@ -14,3 +14,4 @@ are configurable at compile, boot or run time. mds tsx_async_abort multihit.rst + l1d_flush diff --git a/Documentation/admin-guide/hw-vuln/l1d_flush.rst b/Documentation/admin-guide/hw-vuln/l1d_flush.rst new file mode 100644 index 000000000000..530a1e0ffbd3 --- /dev/null +++ b/Documentation/admin-guide/hw-vuln/l1d_flush.rst @@ -0,0 +1,51 @@ +L1D Flushing for the paranoid +============================= + +With an increasing number of vulnerabilities being reported around data +leaks from the Level 1 Data cache (L1D) the kernel provides an opt-in +mechanism to flush the L1D cache on context switch. + +This mechanism can be used to address e.g. CVE-2020-0550. For paranoid +applications the mechanism keeps them safe from any yet to be discovered +vulnerabilities, related to leaks from the L1D cache. + + +Related CVEs +------------ +At the present moment, the following CVEs can be addressed by this +mechanism + + ============= ======================== ================== + CVE-2020-0550 Improper Data Forwarding OS related aspects + ============= ======================== ================== + +Usage Guidelines +---------------- + +Please see document: :ref:`Documentation/userspace-api/spec_ctrl.rst` for +details. + +**NOTE**: The feature is disabled by default, applications need to +specifically opt into the feature to enable it. + +Mitigation +---------- + +When PR_SET_L1D_FLUSH is enabled for a task a flush of the L1D cache is +performed when the task is scheduled out and the incoming task belongs to a +different process and therefore to a different address space. + +If the underlying CPU supports L1D flushing in hardware, the hardware +mechanism is used, otherwise a software fallback, similar to the L1TF +mitigation, is invoked. + +Limitations +----------- + +The mechanism does not mitigate L1D data leaks between tasks belonging to +different processes which are concurrently executing on sibling threads of +a physical CPU core when SMT is enabled on the system. + +This can be addressed by controlled placement of processes on physical CPU +cores or by disabling SMT. See the relevant chapter in the L1TF mitigation +document: :ref:`Documentation/admin-guide/hw-vuln/l1tf.rst `. diff --git a/Documentation/userspace-api/spec_ctrl.rst b/Documentation/userspace-api/spec_ctrl.rst index 7ddd8f667459..b40afe97dbfb 100644 --- a/Documentation/userspace-api/spec_ctrl.rst +++ b/Documentation/userspace-api/spec_ctrl.rst @@ -106,3 +106,10 @@ Speculation misfeature controls * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0); * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0); * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0); + +- PR_SPEC_L1D_FLUSH_OUT: Flush L1D Cache on context switch out of the task + + Invocations: + * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH_OUT, 0, 0, 0); + * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH_OUT, PR_SPEC_ENABLE, 0, 0); + * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH_OUT, PR_SPEC_DISABLE, 0, 0); -- 2.17.1