Documentation/admin-guide/hw-vuln/gather_data_sampling.rst - linux - Git at Google

 .. SPDX-License-Identifier: GPL-2.0

 GDS - Gather Data Sampling
 ==========================

 Gather Data Sampling is a hardware vulnerability which allows unprivileged
 speculative access to data which was previously stored in vector registers.

 Problem
 -------
 When a gather instruction performs loads from memory, different data elements
 are merged into the destination vector register. However, when a gather
 instruction that is transiently executed encounters a fault, stale data from
 architectural or internal vector registers may get transiently forwarded to the
 destination vector register instead. This will allow a malicious attacker to
 infer stale data using typical side channel techniques like cache timing
 attacks. GDS is a purely sampling-based attack.

 The attacker uses gather instructions to infer the stale vector register data.
 The victim does not need to do anything special other than use the vector
 registers. The victim does not need to use gather instructions to be
 vulnerable.

 Because the buffers are shared between Hyper-Threads cross Hyper-Thread attacks
 are possible.

 Attack scenarios
 ----------------
 Without mitigation, GDS can infer stale data across virtually all
 permission boundaries:

 	Non-enclaves can infer SGX enclave data
 	Userspace can infer kernel data
 	Guests can infer data from hosts
 	Guest can infer guest from other guests
 	Users can infer data from other users

 Because of this, it is important to ensure that the mitigation stays enabled in
 lower-privilege contexts like guests and when running outside SGX enclaves.

 The hardware enforces the mitigation for SGX. Likewise, VMMs should  ensure
 that guests are not allowed to disable the GDS mitigation. If a host erred and
 allowed this, a guest could theoretically disable GDS mitigation, mount an
 attack, and re-enable it.

 Mitigation mechanism
 --------------------
 This issue is mitigated in microcode. The microcode defines the following new
 bits:

  ================================   ===   ============================
  IA32_ARCH_CAPABILITIES[GDS_CTRL]   R/O   Enumerates GDS vulnerability
                                           and mitigation support.
  IA32_ARCH_CAPABILITIES[GDS_NO]     R/O   Processor is not vulnerable.
  IA32_MCU_OPT_CTRL[GDS_MITG_DIS]    R/W   Disables the mitigation
                                           0 by default.
  IA32_MCU_OPT_CTRL[GDS_MITG_LOCK]   R/W   Locks GDS_MITG_DIS=0. Writes
                                           to GDS_MITG_DIS are ignored
                                           Can't be cleared once set.
  ================================   ===   ============================

 GDS can also be mitigated on systems that don't have updated microcode by
 disabling AVX. This can be done by setting gather_data_sampling="force" or
 "clearcpuid=avx" on the kernel command-line.

 If used, these options will disable AVX use by turning off XSAVE YMM support.
 However, the processor will still enumerate AVX support.  Userspace that
 does not follow proper AVX enumeration to check both AVX *and* XSAVE YMM
 support will break.

 Mitigation control on the kernel command line
 ---------------------------------------------
 The mitigation can be disabled by setting "gather_data_sampling=off" or
 "mitigations=off" on the kernel command line. Not specifying either will default
 to the mitigation being enabled. Specifying "gather_data_sampling=force" will
 use the microcode mitigation when available or disable AVX on affected systems
 where the microcode hasn't been updated to include the mitigation.

 GDS System Information
 ------------------------
 The kernel provides vulnerability status information through sysfs. For
 GDS this can be accessed by the following sysfs file:

 /sys/devices/system/cpu/vulnerabilities/gather_data_sampling

 The possible values contained in this file are:

  ============================== =============================================
  Not affected                   Processor not vulnerable.
  Vulnerable                     Processor vulnerable and mitigation disabled.
  Vulnerable: No microcode       Processor vulnerable and microcode is missing
                                 mitigation.
  Mitigation: AVX disabled,
  no microcode                   Processor is vulnerable and microcode is missing
                                 mitigation. AVX disabled as mitigation.
  Mitigation: Microcode          Processor is vulnerable and mitigation is in
                                 effect.
  Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in
                                 effect and cannot be disabled.
  Unknown: Dependent on
  hypervisor status              Running on a virtual guest processor that is
                                 affected but with no way to know if host
                                 processor is mitigated or vulnerable.
  ============================== =============================================

 GDS Default mitigation
 ----------------------
 The updated microcode will enable the mitigation by default. The kernel's
 default action is to leave the mitigation enabled.
	.. SPDX-License-Identifier: GPL-2.0

	GDS - Gather Data Sampling
	==========================

	Gather Data Sampling is a hardware vulnerability which allows unprivileged
	speculative access to data which was previously stored in vector registers.

	Problem
	-------
	When a gather instruction performs loads from memory, different data elements
	are merged into the destination vector register. However, when a gather
	instruction that is transiently executed encounters a fault, stale data from
	architectural or internal vector registers may get transiently forwarded to the
	destination vector register instead. This will allow a malicious attacker to
	infer stale data using typical side channel techniques like cache timing
	attacks. GDS is a purely sampling-based attack.

	The attacker uses gather instructions to infer the stale vector register data.
	The victim does not need to do anything special other than use the vector
	registers. The victim does not need to use gather instructions to be
	vulnerable.

	Because the buffers are shared between Hyper-Threads cross Hyper-Thread attacks
	are possible.

	Attack scenarios
	----------------
	Without mitigation, GDS can infer stale data across virtually all
	permission boundaries:

	Non-enclaves can infer SGX enclave data
	Userspace can infer kernel data
	Guests can infer data from hosts
	Guest can infer guest from other guests
	Users can infer data from other users

	Because of this, it is important to ensure that the mitigation stays enabled in
	lower-privilege contexts like guests and when running outside SGX enclaves.

	The hardware enforces the mitigation for SGX. Likewise, VMMs should ensure
	that guests are not allowed to disable the GDS mitigation. If a host erred and
	allowed this, a guest could theoretically disable GDS mitigation, mount an
	attack, and re-enable it.

	Mitigation mechanism
	--------------------
	This issue is mitigated in microcode. The microcode defines the following new
	bits:

	================================ === ============================
	IA32_ARCH_CAPABILITIES[GDS_CTRL] R/O Enumerates GDS vulnerability
	and mitigation support.
	IA32_ARCH_CAPABILITIES[GDS_NO] R/O Processor is not vulnerable.
	IA32_MCU_OPT_CTRL[GDS_MITG_DIS] R/W Disables the mitigation
	0 by default.
	IA32_MCU_OPT_CTRL[GDS_MITG_LOCK] R/W Locks GDS_MITG_DIS=0. Writes
	to GDS_MITG_DIS are ignored
	Can't be cleared once set.
	================================ === ============================

	GDS can also be mitigated on systems that don't have updated microcode by
	disabling AVX. This can be done by setting gather_data_sampling="force" or
	"clearcpuid=avx" on the kernel command-line.

	If used, these options will disable AVX use by turning off XSAVE YMM support.
	However, the processor will still enumerate AVX support. Userspace that
	does not follow proper AVX enumeration to check both AVX and XSAVE YMM
	support will break.

	Mitigation control on the kernel command line
	---------------------------------------------
	The mitigation can be disabled by setting "gather_data_sampling=off" or
	"mitigations=off" on the kernel command line. Not specifying either will default
	to the mitigation being enabled. Specifying "gather_data_sampling=force" will
	use the microcode mitigation when available or disable AVX on affected systems
	where the microcode hasn't been updated to include the mitigation.

	GDS System Information
	------------------------
	The kernel provides vulnerability status information through sysfs. For
	GDS this can be accessed by the following sysfs file:

	/sys/devices/system/cpu/vulnerabilities/gather_data_sampling

	The possible values contained in this file are:

	============================== =============================================
	Not affected Processor not vulnerable.
	Vulnerable Processor vulnerable and mitigation disabled.
	Vulnerable: No microcode Processor vulnerable and microcode is missing
	mitigation.
	Mitigation: AVX disabled,
	no microcode Processor is vulnerable and microcode is missing
	mitigation. AVX disabled as mitigation.
	Mitigation: Microcode Processor is vulnerable and mitigation is in
	effect.
	Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in
	effect and cannot be disabled.
	Unknown: Dependent on
	hypervisor status Running on a virtual guest processor that is
	affected but with no way to know if host
	processor is mitigated or vulnerable.
	============================== =============================================

	GDS Default mitigation
	----------------------
	The updated microcode will enable the mitigation by default. The kernel's
	default action is to leave the mitigation enabled.