lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Apr 2020 12:20:21 -0700 From: Kees Cook <keescook@...omium.org> To: Balbir Singh <sblbir@...zon.com> Cc: tglx@...utronix.de, linux-kernel@...r.kernel.org, jpoimboe@...hat.com, tony.luck@...el.com, benh@...nel.crashing.org, x86@...nel.org, dave.hansen@...el.com Subject: Re: [PATCH v4 6/6] Documentation: Add L1D flushing Documentation On Fri, Apr 24, 2020 at 12:01:25AM +1000, Balbir Singh wrote: > Add documentation of l1d flushing, explain the need for the > feature and how it can be used. > > Signed-off-by: Balbir Singh <sblbir@...zon.com> Reviewed-by: Kees Cook <keescook@...omium.org> -Kees > --- > Documentation/admin-guide/hw-vuln/index.rst | 1 + > .../admin-guide/hw-vuln/l1d_flush.rst | 40 +++++++++++++++++++ > 2 files changed, 41 insertions(+) > create mode 100644 Documentation/admin-guide/hw-vuln/l1d_flush.rst > > diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst > index 0795e3c2643f..35633b299d45 100644 > --- a/Documentation/admin-guide/hw-vuln/index.rst > +++ b/Documentation/admin-guide/hw-vuln/index.rst > @@ -14,3 +14,4 @@ are configurable at compile, boot or run time. > mds > tsx_async_abort > multihit.rst > + l1d_flush > diff --git a/Documentation/admin-guide/hw-vuln/l1d_flush.rst b/Documentation/admin-guide/hw-vuln/l1d_flush.rst > new file mode 100644 > index 000000000000..7d515b8c29f1 > --- /dev/null > +++ b/Documentation/admin-guide/hw-vuln/l1d_flush.rst > @@ -0,0 +1,40 @@ > +L1D Flushing for the paranoid > +============================= > + > +With an increasing number of vulnerabilities being reported around data > +leaks from L1D, a new user space mechanism to flush the L1D cache on > +context switch is added to the kernel. This should help address > +CVE-2020-0550 and for paranoid applications, keep them safe from any > +yet to be discovered vulnerabilities, related to leaks from the L1D > +cache. > + > +Tasks can opt in to this mechanism by using a prctl (implemented only > +for x86 at the moment). > + > +Related CVES > +------------ > +At the present moment, the following CVEs can be addressed by this > +mechanism > + > + ============= ======================== ================== > + CVE-2020-0550 Improper Data Forwarding OS related aspects > + ============= ======================== ================== > + > +Usage Guidelines > +---------------- > +Applications can call ``prctl(2)`` with one of these two arguments > + > +1. PR_SET_L1D_FLUSH - flush the L1D cache on context switch (out) > +2. PR_GET_L1D_FLUSH - get the current state of the L1D cache flush, returns 1 > + if set and 0 if not set. > + > +**NOTE**: The feature is disabled by default, applications to need to specifically > +opt into the feature to enable it. > + > +Mitigation > +---------- > +When PR_SET_L1D_FLUSH is enabled for a task, on switching tasks (when > +the address space changes), a flush of the L1D cache is performed for > +the task when it leaves the CPU. If the underlying CPU supports L1D > +flushing in hardware, the hardware mechanism is used, otherwise a software > +fallback, similar to the mechanism used by L1TF is used. > -- > 2.17.1 > -- Kees Cook
Powered by blists - more mailing lists