18974eb58SDaniel Sneddon.. SPDX-License-Identifier: GPL-2.0 28974eb58SDaniel Sneddon 38974eb58SDaniel SneddonGDS - Gather Data Sampling 48974eb58SDaniel Sneddon========================== 58974eb58SDaniel Sneddon 68974eb58SDaniel SneddonGather Data Sampling is a hardware vulnerability which allows unprivileged 78974eb58SDaniel Sneddonspeculative access to data which was previously stored in vector registers. 88974eb58SDaniel Sneddon 98974eb58SDaniel SneddonProblem 108974eb58SDaniel Sneddon------- 118974eb58SDaniel SneddonWhen a gather instruction performs loads from memory, different data elements 128974eb58SDaniel Sneddonare merged into the destination vector register. However, when a gather 138974eb58SDaniel Sneddoninstruction that is transiently executed encounters a fault, stale data from 148974eb58SDaniel Sneddonarchitectural or internal vector registers may get transiently forwarded to the 158974eb58SDaniel Sneddondestination vector register instead. This will allow a malicious attacker to 168974eb58SDaniel Sneddoninfer stale data using typical side channel techniques like cache timing 178974eb58SDaniel Sneddonattacks. GDS is a purely sampling-based attack. 188974eb58SDaniel Sneddon 198974eb58SDaniel SneddonThe attacker uses gather instructions to infer the stale vector register data. 208974eb58SDaniel SneddonThe victim does not need to do anything special other than use the vector 218974eb58SDaniel Sneddonregisters. The victim does not need to use gather instructions to be 228974eb58SDaniel Sneddonvulnerable. 238974eb58SDaniel Sneddon 248974eb58SDaniel SneddonBecause the buffers are shared between Hyper-Threads cross Hyper-Thread attacks 258974eb58SDaniel Sneddonare possible. 268974eb58SDaniel Sneddon 278974eb58SDaniel SneddonAttack scenarios 288974eb58SDaniel Sneddon---------------- 298974eb58SDaniel SneddonWithout mitigation, GDS can infer stale data across virtually all 308974eb58SDaniel Sneddonpermission boundaries: 318974eb58SDaniel Sneddon 328974eb58SDaniel Sneddon Non-enclaves can infer SGX enclave data 338974eb58SDaniel Sneddon Userspace can infer kernel data 348974eb58SDaniel Sneddon Guests can infer data from hosts 358974eb58SDaniel Sneddon Guest can infer guest from other guests 368974eb58SDaniel Sneddon Users can infer data from other users 378974eb58SDaniel Sneddon 388974eb58SDaniel SneddonBecause of this, it is important to ensure that the mitigation stays enabled in 398974eb58SDaniel Sneddonlower-privilege contexts like guests and when running outside SGX enclaves. 408974eb58SDaniel Sneddon 418974eb58SDaniel SneddonThe hardware enforces the mitigation for SGX. Likewise, VMMs should ensure 428974eb58SDaniel Sneddonthat guests are not allowed to disable the GDS mitigation. If a host erred and 438974eb58SDaniel Sneddonallowed this, a guest could theoretically disable GDS mitigation, mount an 448974eb58SDaniel Sneddonattack, and re-enable it. 458974eb58SDaniel Sneddon 468974eb58SDaniel SneddonMitigation mechanism 478974eb58SDaniel Sneddon-------------------- 488974eb58SDaniel SneddonThis issue is mitigated in microcode. The microcode defines the following new 498974eb58SDaniel Sneddonbits: 508974eb58SDaniel Sneddon 518974eb58SDaniel Sneddon ================================ === ============================ 528974eb58SDaniel Sneddon IA32_ARCH_CAPABILITIES[GDS_CTRL] R/O Enumerates GDS vulnerability 538974eb58SDaniel Sneddon and mitigation support. 548974eb58SDaniel Sneddon IA32_ARCH_CAPABILITIES[GDS_NO] R/O Processor is not vulnerable. 558974eb58SDaniel Sneddon IA32_MCU_OPT_CTRL[GDS_MITG_DIS] R/W Disables the mitigation 568974eb58SDaniel Sneddon 0 by default. 578974eb58SDaniel Sneddon IA32_MCU_OPT_CTRL[GDS_MITG_LOCK] R/W Locks GDS_MITG_DIS=0. Writes 588974eb58SDaniel Sneddon to GDS_MITG_DIS are ignored 598974eb58SDaniel Sneddon Can't be cleared once set. 608974eb58SDaniel Sneddon ================================ === ============================ 618974eb58SDaniel Sneddon 628974eb58SDaniel SneddonGDS can also be mitigated on systems that don't have updated microcode by 63553a5c03SDaniel Sneddondisabling AVX. This can be done by setting gather_data_sampling="force" or 64553a5c03SDaniel Sneddon"clearcpuid=avx" on the kernel command-line. 65553a5c03SDaniel Sneddon 66*1b0fc034SDave HansenIf used, these options will disable AVX use by turning off XSAVE YMM support. 67553a5c03SDaniel SneddonHowever, the processor will still enumerate AVX support. Userspace that 68553a5c03SDaniel Sneddondoes not follow proper AVX enumeration to check both AVX *and* XSAVE YMM 69553a5c03SDaniel Sneddonsupport will break. 708974eb58SDaniel Sneddon 718974eb58SDaniel SneddonMitigation control on the kernel command line 728974eb58SDaniel Sneddon--------------------------------------------- 738974eb58SDaniel SneddonThe mitigation can be disabled by setting "gather_data_sampling=off" or 74553a5c03SDaniel Sneddon"mitigations=off" on the kernel command line. Not specifying either will default 75553a5c03SDaniel Sneddonto the mitigation being enabled. Specifying "gather_data_sampling=force" will 76553a5c03SDaniel Sneddonuse the microcode mitigation when available or disable AVX on affected systems 77553a5c03SDaniel Sneddonwhere the microcode hasn't been updated to include the mitigation. 788974eb58SDaniel Sneddon 798974eb58SDaniel SneddonGDS System Information 808974eb58SDaniel Sneddon------------------------ 818974eb58SDaniel SneddonThe kernel provides vulnerability status information through sysfs. For 828974eb58SDaniel SneddonGDS this can be accessed by the following sysfs file: 838974eb58SDaniel Sneddon 848974eb58SDaniel Sneddon/sys/devices/system/cpu/vulnerabilities/gather_data_sampling 858974eb58SDaniel Sneddon 868974eb58SDaniel SneddonThe possible values contained in this file are: 878974eb58SDaniel Sneddon 888974eb58SDaniel Sneddon ============================== ============================================= 898974eb58SDaniel Sneddon Not affected Processor not vulnerable. 908974eb58SDaniel Sneddon Vulnerable Processor vulnerable and mitigation disabled. 918974eb58SDaniel Sneddon Vulnerable: No microcode Processor vulnerable and microcode is missing 928974eb58SDaniel Sneddon mitigation. 93553a5c03SDaniel Sneddon Mitigation: AVX disabled, 94553a5c03SDaniel Sneddon no microcode Processor is vulnerable and microcode is missing 95553a5c03SDaniel Sneddon mitigation. AVX disabled as mitigation. 968974eb58SDaniel Sneddon Mitigation: Microcode Processor is vulnerable and mitigation is in 978974eb58SDaniel Sneddon effect. 988974eb58SDaniel Sneddon Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in 998974eb58SDaniel Sneddon effect and cannot be disabled. 1008974eb58SDaniel Sneddon Unknown: Dependent on 1018974eb58SDaniel Sneddon hypervisor status Running on a virtual guest processor that is 1028974eb58SDaniel Sneddon affected but with no way to know if host 1038974eb58SDaniel Sneddon processor is mitigated or vulnerable. 1048974eb58SDaniel Sneddon ============================== ============================================= 1058974eb58SDaniel Sneddon 1068974eb58SDaniel SneddonGDS Default mitigation 1078974eb58SDaniel Sneddon---------------------- 1088974eb58SDaniel SneddonThe updated microcode will enable the mitigation by default. The kernel's 1098974eb58SDaniel Sneddondefault action is to leave the mitigation enabled. 110