|
| 1 | +.. SPDX-License-Identifier: GPL-2.0 |
| 2 | +
|
| 3 | +GDS - Gather Data Sampling |
| 4 | +========================== |
| 5 | + |
| 6 | +Gather Data Sampling is a hardware vulnerability which allows unprivileged |
| 7 | +speculative access to data which was previously stored in vector registers. |
| 8 | + |
| 9 | +Problem |
| 10 | +------- |
| 11 | +When a gather instruction performs loads from memory, different data elements |
| 12 | +are merged into the destination vector register. However, when a gather |
| 13 | +instruction that is transiently executed encounters a fault, stale data from |
| 14 | +architectural or internal vector registers may get transiently forwarded to the |
| 15 | +destination vector register instead. This will allow a malicious attacker to |
| 16 | +infer stale data using typical side channel techniques like cache timing |
| 17 | +attacks. GDS is a purely sampling-based attack. |
| 18 | + |
| 19 | +The attacker uses gather instructions to infer the stale vector register data. |
| 20 | +The victim does not need to do anything special other than use the vector |
| 21 | +registers. The victim does not need to use gather instructions to be |
| 22 | +vulnerable. |
| 23 | + |
| 24 | +Because the buffers are shared between Hyper-Threads cross Hyper-Thread attacks |
| 25 | +are possible. |
| 26 | + |
| 27 | +Attack scenarios |
| 28 | +---------------- |
| 29 | +Without mitigation, GDS can infer stale data across virtually all |
| 30 | +permission boundaries: |
| 31 | + |
| 32 | + Non-enclaves can infer SGX enclave data |
| 33 | + Userspace can infer kernel data |
| 34 | + Guests can infer data from hosts |
| 35 | + Guest can infer guest from other guests |
| 36 | + Users can infer data from other users |
| 37 | + |
| 38 | +Because of this, it is important to ensure that the mitigation stays enabled in |
| 39 | +lower-privilege contexts like guests and when running outside SGX enclaves. |
| 40 | + |
| 41 | +The hardware enforces the mitigation for SGX. Likewise, VMMs should ensure |
| 42 | +that guests are not allowed to disable the GDS mitigation. If a host erred and |
| 43 | +allowed this, a guest could theoretically disable GDS mitigation, mount an |
| 44 | +attack, and re-enable it. |
| 45 | + |
| 46 | +Mitigation mechanism |
| 47 | +-------------------- |
| 48 | +This issue is mitigated in microcode. The microcode defines the following new |
| 49 | +bits: |
| 50 | + |
| 51 | + ================================ === ============================ |
| 52 | + IA32_ARCH_CAPABILITIES[GDS_CTRL] R/O Enumerates GDS vulnerability |
| 53 | + and mitigation support. |
| 54 | + IA32_ARCH_CAPABILITIES[GDS_NO] R/O Processor is not vulnerable. |
| 55 | + IA32_MCU_OPT_CTRL[GDS_MITG_DIS] R/W Disables the mitigation |
| 56 | + 0 by default. |
| 57 | + IA32_MCU_OPT_CTRL[GDS_MITG_LOCK] R/W Locks GDS_MITG_DIS=0. Writes |
| 58 | + to GDS_MITG_DIS are ignored |
| 59 | + Can't be cleared once set. |
| 60 | + ================================ === ============================ |
| 61 | + |
| 62 | +GDS can also be mitigated on systems that don't have updated microcode by |
| 63 | +disabling AVX. This can be done by setting gather_data_sampling="force" or |
| 64 | +"clearcpuid=avx" on the kernel command-line. |
| 65 | + |
| 66 | +If used, these options will disable AVX use by turning off XSAVE YMM support. |
| 67 | +However, the processor will still enumerate AVX support. Userspace that |
| 68 | +does not follow proper AVX enumeration to check both AVX *and* XSAVE YMM |
| 69 | +support will break. |
| 70 | + |
| 71 | +Mitigation control on the kernel command line |
| 72 | +--------------------------------------------- |
| 73 | +The mitigation can be disabled by setting "gather_data_sampling=off" or |
| 74 | +"mitigations=off" on the kernel command line. Not specifying either will default |
| 75 | +to the mitigation being enabled. Specifying "gather_data_sampling=force" will |
| 76 | +use the microcode mitigation when available or disable AVX on affected systems |
| 77 | +where the microcode hasn't been updated to include the mitigation. |
| 78 | + |
| 79 | +GDS System Information |
| 80 | +------------------------ |
| 81 | +The kernel provides vulnerability status information through sysfs. For |
| 82 | +GDS this can be accessed by the following sysfs file: |
| 83 | + |
| 84 | +/sys/devices/system/cpu/vulnerabilities/gather_data_sampling |
| 85 | + |
| 86 | +The possible values contained in this file are: |
| 87 | + |
| 88 | + ============================== ============================================= |
| 89 | + Not affected Processor not vulnerable. |
| 90 | + Vulnerable Processor vulnerable and mitigation disabled. |
| 91 | + Vulnerable: No microcode Processor vulnerable and microcode is missing |
| 92 | + mitigation. |
| 93 | + Mitigation: AVX disabled, |
| 94 | + no microcode Processor is vulnerable and microcode is missing |
| 95 | + mitigation. AVX disabled as mitigation. |
| 96 | + Mitigation: Microcode Processor is vulnerable and mitigation is in |
| 97 | + effect. |
| 98 | + Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in |
| 99 | + effect and cannot be disabled. |
| 100 | + Unknown: Dependent on |
| 101 | + hypervisor status Running on a virtual guest processor that is |
| 102 | + affected but with no way to know if host |
| 103 | + processor is mitigated or vulnerable. |
| 104 | + ============================== ============================================= |
| 105 | + |
| 106 | +GDS Default mitigation |
| 107 | +---------------------- |
| 108 | +The updated microcode will enable the mitigation by default. The kernel's |
| 109 | +default action is to leave the mitigation enabled. |
0 commit comments