Received: by 2002:a25:1104:0:0:0:0:0 with SMTP id 4csp122304ybr; Fri, 22 May 2020 02:35:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxTfYItUfqr0qchRaO9zGVJ999zIXDoObN9dZzgXgSk3SUTzlK/J+q45zCJp+2CpE6nj1FL X-Received: by 2002:a17:906:29d9:: with SMTP id y25mr6960909eje.198.1590140123925; Fri, 22 May 2020 02:35:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590140123; cv=none; d=google.com; s=arc-20160816; b=f1N6CogFjqtjpvOGMD5lGuMe/fKhUyEZzeRTYT80cH9Rd/Q/JV7wbcsjBbrL+p28sv hau1viVR57c5+uvfm7Mpf81kQudio8g/1z4D25bvChkhq34YWFXMfiy2fqAvror6289d 7970Pb7i6NUxJvCrTLl5Kol73tm5ibhikgSXzUdIZBptp+Aj0c9wk8jByrKcmhDeS7xC hxqQkAW+qkwbJdfcs5gWWWqHlyzAubZDRvSekE0QzXPTgMt+9Cs/Pz4bW5YcSZ5BSMoH S6jgdLP4wq13iKx88rR8a3HtLMSZMPEo30eoImivdq2hp6gsJ8MVGagSb76pWc3SJgy4 9oeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :robot-unsubscribe:robot-id:message-id:mime-version:references :in-reply-to:cc:subject:to:reply-to:from:date; bh=AMhdcMV7L8rNdXkjy43Zr9qZ+K5X//GMUHri3B2HZNw=; b=b0wHJX/vkTRiPCQheyVQc5+UVdhCkaZKNGyjXlCVFJ6S57eV9uzk5HSFC2igxT6Kb+ clLDFvVlC0lVq9izc3SEoh5DKOEwgnjXZN6vh+hWMkQs/ZEDWSlyhFRO9QezzvcW/Cw/ AcuF4WA1Qm+Pev/vJ2c42rP3k6MYP0g33o6P+E0mXBW/cV+Dhtmm2Qx4UfzQGknPrWbm CdykfF9sx6qNoyEhOqULSE3VD+ahBSL+CJK1cdGN0JIhrDVIMkttH9wyige+WWo1I70W vfI8ivWJ90IdpW9E7pdgS8SsaO6TY5bkxQFPSnX+2nohN19Cn+Kl+UGB3iSZHNK0mwTy B4qw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id df5si4565272edb.44.2020.05.22.02.35.00; Fri, 22 May 2020 02:35:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729884AbgEVJdS (ORCPT + 99 others); Fri, 22 May 2020 05:33:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35914 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729521AbgEVJc7 (ORCPT ); Fri, 22 May 2020 05:32:59 -0400 Received: from Galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 55AA4C08C5C0; Fri, 22 May 2020 02:32:59 -0700 (PDT) Received: from [5.158.153.53] (helo=tip-bot2.lab.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1jc42x-0001OM-1M; Fri, 22 May 2020 11:32:55 +0200 Received: from [127.0.1.1] (localhost [IPv6:::1]) by tip-bot2.lab.linutronix.de (Postfix) with ESMTP id 8D1681C0095; Fri, 22 May 2020 11:32:54 +0200 (CEST) Date: Fri, 22 May 2020 09:32:54 -0000 From: "tip-bot2 for Balbir Singh" Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/mm] Documentation: Add L1D flushing Documentation Cc: Balbir Singh , Thomas Gleixner , Kees Cook , x86 , LKML In-Reply-To: <20200516103430.26527-4-sblbir@amazon.com> References: <20200516103430.26527-4-sblbir@amazon.com> MIME-Version: 1.0 Message-ID: <159013997442.17951.16582260930766939987.tip-bot2@tip-bot2> X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the x86/mm branch of tip: Commit-ID: 0fcfdf55db9e1ecf85edd6aa8d0bc78a448cb96a Gitweb: https://git.kernel.org/tip/0fcfdf55db9e1ecf85edd6aa8d0bc78a448cb96a Author: Balbir Singh AuthorDate: Sat, 16 May 2020 20:34:30 +10:00 Committer: Thomas Gleixner CommitterDate: Fri, 22 May 2020 11:30:08 +02:00 Documentation: Add L1D flushing Documentation Add documentation of l1d flushing, explain the need for the feature and how it can be used. [tglx: Reword the documentation] Signed-off-by: Balbir Singh Signed-off-by: Thomas Gleixner Reviewed-by: Kees Cook Link: https://lkml.kernel.org/r/20200516103430.26527-4-sblbir@amazon.com --- Documentation/admin-guide/hw-vuln/index.rst | 1 +- Documentation/admin-guide/hw-vuln/l1d_flush.rst | 51 ++++++++++++++++- Documentation/userspace-api/spec_ctrl.rst | 7 ++- 3 files changed, 59 insertions(+) create mode 100644 Documentation/admin-guide/hw-vuln/l1d_flush.rst diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst index 0795e3c..35633b2 100644 --- a/Documentation/admin-guide/hw-vuln/index.rst +++ b/Documentation/admin-guide/hw-vuln/index.rst @@ -14,3 +14,4 @@ are configurable at compile, boot or run time. mds tsx_async_abort multihit.rst + l1d_flush diff --git a/Documentation/admin-guide/hw-vuln/l1d_flush.rst b/Documentation/admin-guide/hw-vuln/l1d_flush.rst new file mode 100644 index 0000000..530a1e0 --- /dev/null +++ b/Documentation/admin-guide/hw-vuln/l1d_flush.rst @@ -0,0 +1,51 @@ +L1D Flushing for the paranoid +============================= + +With an increasing number of vulnerabilities being reported around data +leaks from the Level 1 Data cache (L1D) the kernel provides an opt-in +mechanism to flush the L1D cache on context switch. + +This mechanism can be used to address e.g. CVE-2020-0550. For paranoid +applications the mechanism keeps them safe from any yet to be discovered +vulnerabilities, related to leaks from the L1D cache. + + +Related CVEs +------------ +At the present moment, the following CVEs can be addressed by this +mechanism + + ============= ======================== ================== + CVE-2020-0550 Improper Data Forwarding OS related aspects + ============= ======================== ================== + +Usage Guidelines +---------------- + +Please see document: :ref:`Documentation/userspace-api/spec_ctrl.rst` for +details. + +**NOTE**: The feature is disabled by default, applications need to +specifically opt into the feature to enable it. + +Mitigation +---------- + +When PR_SET_L1D_FLUSH is enabled for a task a flush of the L1D cache is +performed when the task is scheduled out and the incoming task belongs to a +different process and therefore to a different address space. + +If the underlying CPU supports L1D flushing in hardware, the hardware +mechanism is used, otherwise a software fallback, similar to the L1TF +mitigation, is invoked. + +Limitations +----------- + +The mechanism does not mitigate L1D data leaks between tasks belonging to +different processes which are concurrently executing on sibling threads of +a physical CPU core when SMT is enabled on the system. + +This can be addressed by controlled placement of processes on physical CPU +cores or by disabling SMT. See the relevant chapter in the L1TF mitigation +document: :ref:`Documentation/admin-guide/hw-vuln/l1tf.rst `. diff --git a/Documentation/userspace-api/spec_ctrl.rst b/Documentation/userspace-api/spec_ctrl.rst index 7ddd8f6..b40afe9 100644 --- a/Documentation/userspace-api/spec_ctrl.rst +++ b/Documentation/userspace-api/spec_ctrl.rst @@ -106,3 +106,10 @@ Speculation misfeature controls * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0); * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0); * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0); + +- PR_SPEC_L1D_FLUSH_OUT: Flush L1D Cache on context switch out of the task + + Invocations: + * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH_OUT, 0, 0, 0); + * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH_OUT, PR_SPEC_ENABLE, 0, 0); + * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH_OUT, PR_SPEC_DISABLE, 0, 0);