Page MenuHomeFreeBSD

Control for Special Register Buffer Data Sampling mitigation.
ClosedPublic

Authored by kib on Jun 10 2020, 11:07 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Dec 21, 11:42 PM
Unknown Object (File)
Thu, Dec 12, 5:53 PM
Unknown Object (File)
Sep 24 2024, 6:01 PM
Unknown Object (File)
Sep 24 2024, 6:01 PM
Unknown Object (File)
Sep 24 2024, 6:01 PM
Unknown Object (File)
Sep 24 2024, 6:01 PM
Unknown Object (File)
Sep 21 2024, 9:36 AM
Unknown Object (File)
Sep 17 2024, 6:38 PM
Subscribers

Details

Summary

New microcode update for Intel enables mitigation for SRBDS, which slows down RDSEED and related instructions. The update also provides a control to limit the mitigation to SGX enclaves, which should restore the speed of random generator by the cost of potential cross-core bufer sampling.

See https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling

GIve the user control over it.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 31645

Event Timeline

kib requested review of this revision.Jun 10 2020, 11:07 PM
sys/amd64/amd64/machdep.c
1794

Loading into the wrong variable here.

kib marked an inline comment as done.

Fix variable for tunable fetch.

Display MCUOPT bit in features3.

sys/x86/x86/cpu_machdep.c
1407

Maybe call it "RDSEED SRBDS mitigation"?

1409

Is this the proposed default? I was under the impression that the kernel PRNG mixes several entropy sources, including that of RDRAND, and the Intel doc suggests that the mitigation is not necessary in that case.

1411

Why does it need to be an external parameter? Can't we just use smp_started to determine whether to signal remote CPUs?

1438

So mitigations.rngds.enable=0 means that the mitigation is enabled? That seems confusing. Shouldn't the sense be reversed?

1440

Extra newline.

kib marked an inline comment as done.Jun 11 2020, 5:47 PM
kib added inline comments.
sys/x86/x86/cpu_machdep.c
1409

Answering both this and a proposal to call it "RDSEED SRBDS mitigation". We are probably somewhat fine in kernel, but usermode can use RDSEED/RDRAND, and same for any OS that is run inside VMM. So the Intel' decision to have the mitigation enabled by default makes sense.

The knob actually controls the optimization of access to MCU, which explains why it is called 'enable'. It enables faster RDSEED (I saw numbers like 3% of the previous performance in microbenchmark after new microcode is loaded).

1411

May be, but there are more _recalculate() around, and this instance is consistent with other code. If changing, I will consider doing single pass over all of it.

1438

It means that the optimization is enabled.

sys/x86/x86/cpu_machdep.c
1411

Ok.

1414

According to the doc, the mitigation can be disabled in some cases if TSX is disabled.

1438

But the sysctl name contains "mitigation", so it sounds like "enable" applies to the mitigation, not the optimization. As I understand, the optimization is simply "disable the mitigation".

kib marked an inline comment as done.Jun 11 2020, 8:49 PM
kib added inline comments.
sys/x86/x86/cpu_machdep.c
1414

And MDS_NO. I did not wanted to do that, and still do not want. We slowly make the mitigation sysctls into the spreadsheet with formulas. I want to keep it simpler, user can decide himself.

1438

Ok, I reverted this.

kib marked an inline comment as done.

disable->enable, default to 1 (enable)

markj added inline comments.
share/man/man7/security.7
1048

In addition, RDSEED makes concurrent off-core memory accesses more expensive. Something like "the RDSEED and RDRAND instructions do not incur serialization overhead for shared buffer accesses and do not serialize off-core memory accessses" might be clearer IMO.

sys/x86/x86/cpu_machdep.c
1448

Should it be "RDSEED"?

This revision is now accepted and ready to land.Jun 12 2020, 2:19 PM
kib marked 2 inline comments as done.

Fix RDRAND spelling.
Update language in the man page.

This revision now requires review to proceed.Jun 12 2020, 4:47 PM
This revision was not accepted when it landed; it landed in state Needs Review.Jun 12 2020, 10:13 PM
This revision was automatically updated to reflect the committed changes.