Page MenuHomeFreeBSD

Control for Special Register Buffer Data Sampling mitigation.
ClosedPublic

Authored by kib on Jun 10 2020, 11:07 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Dec 21, 11:42 PM
Unknown Object (File)
Thu, Dec 12, 5:53 PM
Unknown Object (File)
Sep 24 2024, 6:01 PM
Unknown Object (File)
Sep 24 2024, 6:01 PM
Unknown Object (File)
Sep 24 2024, 6:01 PM
Unknown Object (File)
Sep 24 2024, 6:01 PM
Unknown Object (File)
Sep 21 2024, 9:36 AM
Unknown Object (File)
Sep 17 2024, 6:38 PM
Subscribers

Details

Summary

New microcode update for Intel enables mitigation for SRBDS, which slows down RDSEED and related instructions. The update also provides a control to limit the mitigation to SGX enclaves, which should restore the speed of random generator by the cost of potential cross-core bufer sampling.

See https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling

GIve the user control over it.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kib requested review of this revision.Jun 10 2020, 11:07 PM
sys/amd64/amd64/machdep.c
1794 ↗(On Diff #72954)

Loading into the wrong variable here.

kib marked an inline comment as done.

Fix variable for tunable fetch.

Display MCUOPT bit in features3.

sys/x86/x86/cpu_machdep.c
1407 ↗(On Diff #72957)

Maybe call it "RDSEED SRBDS mitigation"?

1409 ↗(On Diff #72957)

Is this the proposed default? I was under the impression that the kernel PRNG mixes several entropy sources, including that of RDRAND, and the Intel doc suggests that the mitigation is not necessary in that case.

1411 ↗(On Diff #72957)

Why does it need to be an external parameter? Can't we just use smp_started to determine whether to signal remote CPUs?

1438 ↗(On Diff #72957)

So mitigations.rngds.enable=0 means that the mitigation is enabled? That seems confusing. Shouldn't the sense be reversed?

1440 ↗(On Diff #72957)

Extra newline.

kib marked an inline comment as done.Jun 11 2020, 5:47 PM
kib added inline comments.
sys/x86/x86/cpu_machdep.c
1409 ↗(On Diff #72957)

Answering both this and a proposal to call it "RDSEED SRBDS mitigation". We are probably somewhat fine in kernel, but usermode can use RDSEED/RDRAND, and same for any OS that is run inside VMM. So the Intel' decision to have the mitigation enabled by default makes sense.

The knob actually controls the optimization of access to MCU, which explains why it is called 'enable'. It enables faster RDSEED (I saw numbers like 3% of the previous performance in microbenchmark after new microcode is loaded).

1411 ↗(On Diff #72957)

May be, but there are more _recalculate() around, and this instance is consistent with other code. If changing, I will consider doing single pass over all of it.

1438 ↗(On Diff #72957)

It means that the optimization is enabled.

sys/x86/x86/cpu_machdep.c
1411 ↗(On Diff #72957)

Ok.

1414 ↗(On Diff #72957)

According to the doc, the mitigation can be disabled in some cases if TSX is disabled.

1438 ↗(On Diff #72957)

But the sysctl name contains "mitigation", so it sounds like "enable" applies to the mitigation, not the optimization. As I understand, the optimization is simply "disable the mitigation".

kib marked an inline comment as done.Jun 11 2020, 8:49 PM
kib added inline comments.
sys/x86/x86/cpu_machdep.c
1414 ↗(On Diff #72957)

And MDS_NO. I did not wanted to do that, and still do not want. We slowly make the mitigation sysctls into the spreadsheet with formulas. I want to keep it simpler, user can decide himself.

1438 ↗(On Diff #72957)

Ok, I reverted this.

kib marked an inline comment as done.

disable->enable, default to 1 (enable)

markj added inline comments.
share/man/man7/security.7
1048 ↗(On Diff #72997)

In addition, RDSEED makes concurrent off-core memory accesses more expensive. Something like "the RDSEED and RDRAND instructions do not incur serialization overhead for shared buffer accesses and do not serialize off-core memory accessses" might be clearer IMO.

sys/x86/x86/cpu_machdep.c
1448 ↗(On Diff #72997)

Should it be "RDSEED"?

This revision is now accepted and ready to land.Jun 12 2020, 2:19 PM
kib marked 2 inline comments as done.

Fix RDRAND spelling.
Update language in the man page.

This revision now requires review to proceed.Jun 12 2020, 4:47 PM
This revision was not accepted when it landed; it landed in state Needs Review.Jun 12 2020, 10:13 PM
This revision was automatically updated to reflect the committed changes.