mirror of
https://github.com/projectacrn/acrn-hypervisor.git
synced 2025-05-04 22:47:00 +00:00
3164f3976a
Microarchitectural Data Sampling (MDS) is a hardware vulnerability
which allows unprivileged speculative access to data which is available
in various CPU internal buffers.
1. Mitigation on ACRN:
1) Microcode update is required.
2) Clear CPU internal buffers (store buffer, load buffer and
load port) if current CPU is affected by MDS, when VM entry
to avoid any information leakage to guest thru above buffers.
3) Mitigation is not needed if ARCH_CAP_MDS_NO bit (bit5)
is set in IA32_ARCH_CAPABILITIES MSR (10AH), in this case,
current processor is no affected by MDS vulnerability, in other
cases mitigation for MDS is required.
2. Methods to clear CPU buffers (microcode update is required):
1) L1D cache flush
2) VERW instruction
Either of above operations will trigger clearing all
CPU internal buffers if this CPU is affected by MDS.
Above mechnism is enumerated by:
CPUID.(EAX=7H, ECX=0):EDX[MD_CLEAR=10].
3. Mitigation details on ACRN:
if (processor is affected by MDS)
if (processor is not affected by L1TF OR
L1D flush is not launched on VM Entry)
execute VERW instruction when VM entry.
endif
endif
4. Referrence:
Deep Dive: Intel Analysis of Microarchitectural Data Sampling
https://software.intel.com/security-software-guidance/insights/
deep-dive-intel-analysis-microarchitectural-data-sampling
Deep Dive: CPUID Enumeration and Architectural MSRs
https://software.intel.com/security-software-guidance/insights/
deep-dive-cpuid-enumeration-and-architectural-msrs
Tracked-On: #3317
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Reviewed-by: Jason CJ Chen <jason.cj.chen@intel.com>
38 lines
765 B
C
38 lines
765 B
C
/*
|
|
* Copyright (C) 2018 Intel Corporation. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#ifndef SECURITY_H
|
|
#define SECURITY_H
|
|
|
|
/* type of speculation control
|
|
* 0 - no speculation control support
|
|
* 1 - raw IBRS + IBPB support
|
|
* 2 - with STIBP optimization support
|
|
*/
|
|
#define IBRS_NONE 0
|
|
#define IBRS_RAW 1
|
|
#define IBRS_OPT 2
|
|
|
|
#ifndef ASSEMBLER
|
|
int32_t get_ibrs_type(void);
|
|
void cpu_l1d_flush(void);
|
|
bool check_cpu_security_cap(void);
|
|
void cpu_internal_buffers_clear(void);
|
|
|
|
#ifdef STACK_PROTECTOR
|
|
struct stack_canary {
|
|
/* Gcc generates extra code, using [fs:40] to access canary */
|
|
uint8_t reserved[40];
|
|
uint64_t canary;
|
|
};
|
|
void __stack_chk_fail(void);
|
|
void set_fs_base(void);
|
|
#endif
|
|
|
|
#endif /* ASSEMBLER */
|
|
|
|
#endif /* SECURITY_H */
|