162306a36Sopenharmony_ci.. SPDX-License-Identifier: GPL-2.0
262306a36Sopenharmony_ci
362306a36Sopenharmony_ciGDS - Gather Data Sampling
462306a36Sopenharmony_ci==========================
562306a36Sopenharmony_ci
662306a36Sopenharmony_ciGather Data Sampling is a hardware vulnerability which allows unprivileged
762306a36Sopenharmony_cispeculative access to data which was previously stored in vector registers.
862306a36Sopenharmony_ci
962306a36Sopenharmony_ciProblem
1062306a36Sopenharmony_ci-------
1162306a36Sopenharmony_ciWhen a gather instruction performs loads from memory, different data elements
1262306a36Sopenharmony_ciare merged into the destination vector register. However, when a gather
1362306a36Sopenharmony_ciinstruction that is transiently executed encounters a fault, stale data from
1462306a36Sopenharmony_ciarchitectural or internal vector registers may get transiently forwarded to the
1562306a36Sopenharmony_cidestination vector register instead. This will allow a malicious attacker to
1662306a36Sopenharmony_ciinfer stale data using typical side channel techniques like cache timing
1762306a36Sopenharmony_ciattacks. GDS is a purely sampling-based attack.
1862306a36Sopenharmony_ci
1962306a36Sopenharmony_ciThe attacker uses gather instructions to infer the stale vector register data.
2062306a36Sopenharmony_ciThe victim does not need to do anything special other than use the vector
2162306a36Sopenharmony_ciregisters. The victim does not need to use gather instructions to be
2262306a36Sopenharmony_civulnerable.
2362306a36Sopenharmony_ci
2462306a36Sopenharmony_ciBecause the buffers are shared between Hyper-Threads cross Hyper-Thread attacks
2562306a36Sopenharmony_ciare possible.
2662306a36Sopenharmony_ci
2762306a36Sopenharmony_ciAttack scenarios
2862306a36Sopenharmony_ci----------------
2962306a36Sopenharmony_ciWithout mitigation, GDS can infer stale data across virtually all
3062306a36Sopenharmony_cipermission boundaries:
3162306a36Sopenharmony_ci
3262306a36Sopenharmony_ci	Non-enclaves can infer SGX enclave data
3362306a36Sopenharmony_ci	Userspace can infer kernel data
3462306a36Sopenharmony_ci	Guests can infer data from hosts
3562306a36Sopenharmony_ci	Guest can infer guest from other guests
3662306a36Sopenharmony_ci	Users can infer data from other users
3762306a36Sopenharmony_ci
3862306a36Sopenharmony_ciBecause of this, it is important to ensure that the mitigation stays enabled in
3962306a36Sopenharmony_cilower-privilege contexts like guests and when running outside SGX enclaves.
4062306a36Sopenharmony_ci
4162306a36Sopenharmony_ciThe hardware enforces the mitigation for SGX. Likewise, VMMs should  ensure
4262306a36Sopenharmony_cithat guests are not allowed to disable the GDS mitigation. If a host erred and
4362306a36Sopenharmony_ciallowed this, a guest could theoretically disable GDS mitigation, mount an
4462306a36Sopenharmony_ciattack, and re-enable it.
4562306a36Sopenharmony_ci
4662306a36Sopenharmony_ciMitigation mechanism
4762306a36Sopenharmony_ci--------------------
4862306a36Sopenharmony_ciThis issue is mitigated in microcode. The microcode defines the following new
4962306a36Sopenharmony_cibits:
5062306a36Sopenharmony_ci
5162306a36Sopenharmony_ci ================================   ===   ============================
5262306a36Sopenharmony_ci IA32_ARCH_CAPABILITIES[GDS_CTRL]   R/O   Enumerates GDS vulnerability
5362306a36Sopenharmony_ci                                          and mitigation support.
5462306a36Sopenharmony_ci IA32_ARCH_CAPABILITIES[GDS_NO]     R/O   Processor is not vulnerable.
5562306a36Sopenharmony_ci IA32_MCU_OPT_CTRL[GDS_MITG_DIS]    R/W   Disables the mitigation
5662306a36Sopenharmony_ci                                          0 by default.
5762306a36Sopenharmony_ci IA32_MCU_OPT_CTRL[GDS_MITG_LOCK]   R/W   Locks GDS_MITG_DIS=0. Writes
5862306a36Sopenharmony_ci                                          to GDS_MITG_DIS are ignored
5962306a36Sopenharmony_ci                                          Can't be cleared once set.
6062306a36Sopenharmony_ci ================================   ===   ============================
6162306a36Sopenharmony_ci
6262306a36Sopenharmony_ciGDS can also be mitigated on systems that don't have updated microcode by
6362306a36Sopenharmony_cidisabling AVX. This can be done by setting gather_data_sampling="force" or
6462306a36Sopenharmony_ci"clearcpuid=avx" on the kernel command-line.
6562306a36Sopenharmony_ci
6662306a36Sopenharmony_ciIf used, these options will disable AVX use by turning off XSAVE YMM support.
6762306a36Sopenharmony_ciHowever, the processor will still enumerate AVX support.  Userspace that
6862306a36Sopenharmony_cidoes not follow proper AVX enumeration to check both AVX *and* XSAVE YMM
6962306a36Sopenharmony_cisupport will break.
7062306a36Sopenharmony_ci
7162306a36Sopenharmony_ciMitigation control on the kernel command line
7262306a36Sopenharmony_ci---------------------------------------------
7362306a36Sopenharmony_ciThe mitigation can be disabled by setting "gather_data_sampling=off" or
7462306a36Sopenharmony_ci"mitigations=off" on the kernel command line. Not specifying either will default
7562306a36Sopenharmony_cito the mitigation being enabled. Specifying "gather_data_sampling=force" will
7662306a36Sopenharmony_ciuse the microcode mitigation when available or disable AVX on affected systems
7762306a36Sopenharmony_ciwhere the microcode hasn't been updated to include the mitigation.
7862306a36Sopenharmony_ci
7962306a36Sopenharmony_ciGDS System Information
8062306a36Sopenharmony_ci------------------------
8162306a36Sopenharmony_ciThe kernel provides vulnerability status information through sysfs. For
8262306a36Sopenharmony_ciGDS this can be accessed by the following sysfs file:
8362306a36Sopenharmony_ci
8462306a36Sopenharmony_ci/sys/devices/system/cpu/vulnerabilities/gather_data_sampling
8562306a36Sopenharmony_ci
8662306a36Sopenharmony_ciThe possible values contained in this file are:
8762306a36Sopenharmony_ci
8862306a36Sopenharmony_ci ============================== =============================================
8962306a36Sopenharmony_ci Not affected                   Processor not vulnerable.
9062306a36Sopenharmony_ci Vulnerable                     Processor vulnerable and mitigation disabled.
9162306a36Sopenharmony_ci Vulnerable: No microcode       Processor vulnerable and microcode is missing
9262306a36Sopenharmony_ci                                mitigation.
9362306a36Sopenharmony_ci Mitigation: AVX disabled,
9462306a36Sopenharmony_ci no microcode                   Processor is vulnerable and microcode is missing
9562306a36Sopenharmony_ci                                mitigation. AVX disabled as mitigation.
9662306a36Sopenharmony_ci Mitigation: Microcode          Processor is vulnerable and mitigation is in
9762306a36Sopenharmony_ci                                effect.
9862306a36Sopenharmony_ci Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in
9962306a36Sopenharmony_ci                                effect and cannot be disabled.
10062306a36Sopenharmony_ci Unknown: Dependent on
10162306a36Sopenharmony_ci hypervisor status              Running on a virtual guest processor that is
10262306a36Sopenharmony_ci                                affected but with no way to know if host
10362306a36Sopenharmony_ci                                processor is mitigated or vulnerable.
10462306a36Sopenharmony_ci ============================== =============================================
10562306a36Sopenharmony_ci
10662306a36Sopenharmony_ciGDS Default mitigation
10762306a36Sopenharmony_ci----------------------
10862306a36Sopenharmony_ciThe updated microcode will enable the mitigation by default. The kernel's
10962306a36Sopenharmony_cidefault action is to leave the mitigation enabled.
110