[PATCH v9 11/14] x86/cpu/keylocker: Check Register File Data Sampling mitigation
From: Chang S. Bae
Date: Thu Mar 28 2024 - 22:13:11 EST
The Register File Data Sampling vulnerability may allow malicious
userspace programs to infer stale kernel register data, potentially
exposing sensitive key values, including AES keys.
To address this vulnerability, a microcode update needs to be applied to
the CPU, which modifies the VERW instruction to flush the affected CPU
buffers.
The kernel already has a facility to flush CPU buffers before returning
to userspace, which is indicated by the X86_FEATURE_CLEAR_CPU_BUF flag.
Ensure the mitigation before enabling Key Locker. Do not enable the
feature on CPUs affected by the vulnerability but lacks mitigation.
Signed-off-by: Chang S. Bae <chang.seok.bae@xxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxx>
Cc: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>
---
Change from v8:
* Add as a new patch.
Note that the code change follows the mitigation guidance [1]:
"Software loading Key Locker keys using LOADIWKEY should execute a VERW
to clear registers before transitioning to untrusted code to prevent
later software from inferring the loaded key."
[1] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html
---
arch/x86/kernel/keylocker.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/arch/x86/kernel/keylocker.c b/arch/x86/kernel/keylocker.c
index d4f3aa65ea8a..6e805c4da76d 100644
--- a/arch/x86/kernel/keylocker.c
+++ b/arch/x86/kernel/keylocker.c
@@ -135,12 +135,29 @@ static bool __init have_gds_mitigation(void)
return false;
}
+/*
+ * IA32_ARCH_CAPABILITIES MSR is retrieved during the setting of
+ * X86_BUG_RFDS. Ensure that the mitigation is applied to flush CPU
+ * buffers by checking the flag.
+ */
+static bool __init have_rfds_mitigation(void)
+{
+ if (boot_cpu_has(X86_FEATURE_CLEAR_CPU_BUF))
+ return true;
+
+ pr_warn("x86/keylocker: Susceptible to the RFDS vulnerability.\n");
+ return false;
+}
+
/* Check if Key Locker is secure enough to be used. */
static bool __init secure_keylocker(void)
{
if (boot_cpu_has_bug(X86_BUG_GDS) && !have_gds_mitigation())
return false;
+ if (boot_cpu_has_bug(X86_BUG_RFDS) && !have_rfds_mitigation())
+ return false;
+
return true;
}
--
2.34.1