The "special register buffer data sampling" hardware vulnerability
([Security] Jun 9, 2020 19:03 UTC (Tue) (corbet))
- Reference: 0000822595
- News link: https://lwn.net/Articles/822595
- Source link:
We have not had a new CPU vulnerability for a little while — a situation that was clearly too good to last. The mainline kernel has just merged mitigations for the "special register buffer data sampling" vulnerability which, in short, allows an attacker to spy on the random numbers obtained by others. In particular, the results of the RDRAND instruction can be obtained via a speculative attack.
The mitigation involves more flushing and the serialization of RDRAND . That means a RDRAND instruction will take longer to run, but it also means that RDRAND requires locking across the system, which will slow things considerably if it is executed frequently. There are ways to turn the mitigations off, of course. See [1]this new kernel document for more information.
These fixes are currently queued to be part of the [2]5.7.2 , [3]5.6.18 , [4]5.4.46 , [5]4.19.128 , [6]4.14.184 [7]4.9.227 , [8]4.4.227 , and [9]3.16.85 stable updates.
[1] https://lwn.net/Articles/822596/
[2] https://lwn.net/ml/linux-kernel/20200609174149.255223112@linuxfoundation.org/
[3] https://lwn.net/ml/linux-kernel/20200609174112.129412236@linuxfoundation.org/
[4] https://lwn.net/ml/linux-kernel/20200609174052.628006868@linuxfoundation.org/
[5] https://lwn.net/ml/linux-kernel/20200609174048.576094775@linuxfoundation.org/
[6] https://lwn.net/ml/linux-kernel/20200609174022.938987501@linuxfoundation.org/
[7] https://lwn.net/ml/linux-kernel/20200609174015.379493548@linuxfoundation.org/
[8] https://lwn.net/ml/linux-kernel/20200609173933.288044334@linuxfoundation.org/
[9] https://lwn.net/ml/linux-kernel/lsq.1591725831.850867383@decadent.org.uk/
The mitigation involves more flushing and the serialization of RDRAND . That means a RDRAND instruction will take longer to run, but it also means that RDRAND requires locking across the system, which will slow things considerably if it is executed frequently. There are ways to turn the mitigations off, of course. See [1]this new kernel document for more information.
These fixes are currently queued to be part of the [2]5.7.2 , [3]5.6.18 , [4]5.4.46 , [5]4.19.128 , [6]4.14.184 [7]4.9.227 , [8]4.4.227 , and [9]3.16.85 stable updates.
[1] https://lwn.net/Articles/822596/
[2] https://lwn.net/ml/linux-kernel/20200609174149.255223112@linuxfoundation.org/
[3] https://lwn.net/ml/linux-kernel/20200609174112.129412236@linuxfoundation.org/
[4] https://lwn.net/ml/linux-kernel/20200609174052.628006868@linuxfoundation.org/
[5] https://lwn.net/ml/linux-kernel/20200609174048.576094775@linuxfoundation.org/
[6] https://lwn.net/ml/linux-kernel/20200609174022.938987501@linuxfoundation.org/
[7] https://lwn.net/ml/linux-kernel/20200609174015.379493548@linuxfoundation.org/
[8] https://lwn.net/ml/linux-kernel/20200609173933.288044334@linuxfoundation.org/
[9] https://lwn.net/ml/linux-kernel/lsq.1591725831.850867383@decadent.org.uk/
The "special register buffer data sampling" hardware vulnerability
> Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other logical processors that miss their core caches, with an impact similar to legacy locked cache-line-split accesses.
Does this mean that all the work on split lock detection ( [1]https://lwn.net/Articles/790464/ and [2]https://lwn.net/Articles/806466/ ) was for nothing, since even with split lock detection enabled, unprivileged user space can use RDRAND for the same effect?
[1] https://lwn.net/Articles/790464/
[2] https://lwn.net/Articles/806466/
The "special register buffer data sampling" hardware vulnerability
> Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other logical processors that miss their core caches, with an impact similar to legacy locked cache-line-split accesses.
Does this mean that all the work on split lock detection ( [1]https://lwn.net/Articles/790464/ and [2]https://lwn.net/Articles/806466/ ) was for nothing, since even with split lock detection enabled, unprivileged user space can use RDRAND for the same effect?
[1] https://lwn.net/Articles/790464/
[2] https://lwn.net/Articles/806466/