github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2026-01-05 23:57:10 +00:00
Code Issues Projects Releases Wiki Activity

hv: Mitigation for CPU MDS vulnerabilities.

Browse Source 
Microarchitectural Data Sampling (MDS) is a hardware vulnerability
 which allows unprivileged speculative access to data which is available
 in various CPU internal buffers.

 1. Mitigation on ACRN:
    1) Microcode update is required.
    2) Clear CPU internal buffers (store buffer, load buffer and
       load port) if current CPU is affected by MDS, when VM entry
       to avoid any information leakage to guest thru above buffers.
    3) Mitigation is not needed if ARCH_CAP_MDS_NO bit (bit5)
       is set in IA32_ARCH_CAPABILITIES MSR (10AH), in this case,
       current processor is no affected by MDS vulnerability, in other
       cases mitigation for MDS is required.

 2. Methods to clear CPU buffers (microcode update is required):
    1) L1D cache flush
    2) VERW instruction
    Either of above operations will trigger clearing all
    CPU internal buffers if this CPU is affected by MDS.
    Above mechnism is enumerated by:
    CPUID.(EAX=7H, ECX=0):EDX[MD_CLEAR=10].

 3. Mitigation details on ACRN:
    if (processor is affected by MDS)
	    if (processor is not affected by L1TF OR
		  L1D flush is not launched on VM Entry)
		    execute VERW instruction when VM entry.
	    endif
    endif

 4. Referrence:
    Deep Dive: Intel Analysis of Microarchitectural Data Sampling
    https://software.intel.com/security-software-guidance/insights/
    deep-dive-intel-analysis-microarchitectural-data-sampling

    Deep Dive: CPUID Enumeration and Architectural MSRs
    https://software.intel.com/security-software-guidance/insights/
    deep-dive-cpuid-enumeration-and-architectural-msrs

Tracked-On: #3317
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Reviewed-by: Jason CJ Chen <jason.cj.chen@intel.com>
This commit is contained in:
Yonghua Huang
2019-07-02 14:06:09 +08:00
committed by wenlingz
parent 076a30b555
commit 3164f3976a
5 changed files with 70 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hypervisor/include/arch/x86/cpufeatures.h
View File

@@ -79,6 +79,7 @@
#define X86_FEATURE_CLFLUSHOPT ((FEAT_7_0_EBX << 5U) + 23U)
/* Intel-defined CPU features, CPUID level 0x00000007 (EDX)*/
#define X86_FEATURE_MDS_CLEAR ((FEAT_7_0_EDX << 5U) + 10U)
#define X86_FEATURE_IBRS_IBPB ((FEAT_7_0_EDX << 5U) + 26U)
#define X86_FEATURE_STIBP ((FEAT_7_0_EDX << 5U) + 27U)
#define X86_FEATURE_L1D_FLUSH ((FEAT_7_0_EDX << 5U) + 28U)

1
hypervisor/include/arch/x86/msr.h
View File

@@ -630,6 +630,7 @@ void update_msr_bitmap_x2apic_passthru(struct acrn_vcpu *vcpu);
#define IA32_ARCH_CAP_RSBA (1U << 2U)
#define IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY (1U << 3U)
#define IA32_ARCH_CAP_SSB_NO (1U << 4U)
#define IA32_ARCH_CAP_MDS_NO (1U << 5U)
/* Flush L1 D-cache */
#define IA32_L1D_FLUSH (1UL << 0U)

1
hypervisor/include/arch/x86/security.h
View File

@@ -20,6 +20,7 @@
int32_t get_ibrs_type(void);
void cpu_l1d_flush(void);
bool check_cpu_security_cap(void);
void cpu_internal_buffers_clear(void);
#ifdef STACK_PROTECTOR
struct stack_canary {