Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst

Source file repositories/reference/linux-study-clean/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst

File Facts

System
Linux kernel
Corpus path
Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst
Extension
.rst
Size
6473 bytes
Lines
151
Domain
Support Tooling And Documentation
Bucket
Documentation
Inferred role
Support Tooling And Documentation: documentation
Status
atlas-only

Why This File Exists

Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.

Dependency Surface

Detected Declarations

Annotated Snippet

.. SPDX-License-Identifier: GPL-2.0

SRBDS - Special Register Buffer Data Sampling
=============================================

SRBDS is a hardware vulnerability that allows MDS
Documentation/admin-guide/hw-vuln/mds.rst techniques to
infer values returned from special register accesses.  Special register
accesses are accesses to off core registers.  According to Intel's evaluation,
the special register reads that have a security expectation of privacy are
RDRAND, RDSEED and SGX EGETKEY.

When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved
to the core through the special register mechanism that is susceptible
to MDS attacks.

Affected processors
-------------------
Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may
be affected.

A processor is affected by SRBDS if its Family_Model and stepping is
in the following list, with the exception of the listed processors
exporting MDS_NO while Intel TSX is available yet not enabled. The
latter class of processors are only affected when Intel TSX is enabled
by software using TSX_CTRL_MSR otherwise they are not affected.

  =============  ============  ========
  common name    Family_Model  Stepping
  =============  ============  ========
  IvyBridge      06_3AH        All

  Haswell        06_3CH        All
  Haswell_L      06_45H        All
  Haswell_G      06_46H        All

  Broadwell_G    06_47H        All
  Broadwell      06_3DH        All

  Skylake_L      06_4EH        All
  Skylake        06_5EH        All

  Kabylake_L     06_8EH        <= 0xC
  Kabylake       06_9EH        <= 0xD
  =============  ============  ========

Related CVEs
------------

The following CVE entry is related to this SRBDS issue:

    ==============  =====  =====================================
    CVE-2020-0543   SRBDS  Special Register Buffer Data Sampling
    ==============  =====  =====================================

Attack scenarios
----------------
An unprivileged user can extract values returned from RDRAND and RDSEED
executed on another core or sibling thread using MDS techniques.


Mitigation mechanism
--------------------
Intel will release microcode updates that modify the RDRAND, RDSEED, and
EGETKEY instructions to overwrite secret special register data in the shared
staging buffer before the secret data can be accessed by another logical
processor.

During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core
accesses from other logical processors will be delayed until the special

Annotation

Implementation Notes