From patchwork Fri Oct 20 05:53:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 13430069 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E82E2CDB47E for ; Fri, 20 Oct 2023 05:54:24 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.619641.965058 (Exim 4.92) (envelope-from ) id 1qtiSP-0003w6-JW; Fri, 20 Oct 2023 05:54:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 619641.965058; Fri, 20 Oct 2023 05:54:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qtiSP-0003vz-GO; Fri, 20 Oct 2023 05:54:01 +0000 Received: by outflank-mailman (input) for mailman id 619641; Fri, 20 Oct 2023 05:54:00 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qtiSO-0003vq-5X for xen-devel@lists.xenproject.org; Fri, 20 Oct 2023 05:54:00 +0000 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on20616.outbound.protection.outlook.com [2a01:111:f400:7e1b::616]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 0edc3e31-6f0d-11ee-9b0e-b553b5be7939; Fri, 20 Oct 2023 07:53:57 +0200 (CEST) Received: from DU2PR04MB8790.eurprd04.prod.outlook.com (2603:10a6:10:2e1::23) by DUZPR04MB9726.eurprd04.prod.outlook.com (2603:10a6:10:4e3::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6886.36; Fri, 20 Oct 2023 05:53:54 +0000 Received: from DU2PR04MB8790.eurprd04.prod.outlook.com ([fe80::d9c0:d907:4d2d:15b3]) by DU2PR04MB8790.eurprd04.prod.outlook.com ([fe80::d9c0:d907:4d2d:15b3%7]) with mapi id 15.20.6907.022; Fri, 20 Oct 2023 05:53:54 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 0edc3e31-6f0d-11ee-9b0e-b553b5be7939 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LYrnvBTwcSHrB4hyOGuSO3BCVSLi+NaiOQ3u+D5ekkkeNOfgvGLhGNEpabqeFMlQIaOnlTAATQO3yRJCTsAxGUCZYCP8Jigwte52uN2w0/felXoPf8WvlNzxEZMkE5G7xx3zjpWeZi9LrRTzt0zhC6QQu8RCK6ruTdzdmSKmJm4tosotnb/yEnXtgkrgQabNo90Muo9MVp2du8d6J3Ljcf5SaR/Jr9rgAWdjMeIWDyvNzDNCT/ej3bdY4PDuY/B5WYgg5h29zjYOWG2iVeRUNftO14BNR7vUUcB+C8x+bCeVpbA7X6QC3HvP5LdLyZuKo0MTYWH9os0TCc49w8VZBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TnXed6+FlfRXN+vh2B6dVIZu3+1w6I3UU8BVo/S6jkw=; b=Yi8BolCCC02+kQmF56m/NotM6VycRMfpgayVEB3pv8HQ6eQvFxoBCu6KU7UeBo5ckhRh4ngjmycdYWWhI7zvHJsFC+tMawdZ9YfUqR3iKWRjN3ZlJ22lEc3Z9Y40bUBP4MUQHEpcFga4Ep+cO/LexR4zJYirEs+nTPSEq/ilNoKuIuX2s/lOImh0IS5oe7b9Lm5UBaPGdVt5NTFplfDjTGWPm+/V0I2+hhWRr058Pcpk65Nl6gKHmpbu4C6dQ4gpSog6dZAprzVqI4kMpmGlDjmLVO/fRNZJXFhCuHKI6fvT5nGWo2nOKcco0V1CzYPwBnpOTV+IFxNfDID5blL7EQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TnXed6+FlfRXN+vh2B6dVIZu3+1w6I3UU8BVo/S6jkw=; b=pt2aUqsKmiSeddHqBUkNVxX86ToEiwsQskaPkkRct8t1UNO2VVhORdChGQRUdID0SfytTL1zxYl+3lNN9cJMpqtMPET+Bxt0zptQ6ndBLb6mJvnT861/2i93YLaNFiSqgAkijo+mgRz9shMZ/v1b/ZAsbGtlaxuyOcGhYl5n2n+K1eGmCy36i5Y1fVsSU72yD4NnbzxQAR4uCqltnEbh6vDdQwMV5TX4v2zvbI60zlJ+E+PLtmynJftWptVrCuLKFP5eKRZ7L1RTKu7PhM4yNasAy19+Ccrf5KOVrxZitB3p805uLFsQDl4p8a0ftplIVczz6zh06/XgSBFySDcvRg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <34aefb5f-252d-2992-c561-a73941429c4e@suse.com> Date: Fri, 20 Oct 2023 07:53:51 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 From: Jan Beulich Subject: [PATCH v4 for-4.18?] x86: support data operand independent timing mode To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , George Dunlap , Julien Grall , Stefano Stabellini , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Demi Marie Obenour , Henry Wang Content-Language: en-US X-ClientProxiedBy: FR2P281CA0037.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:92::6) To DU2PR04MB8790.eurprd04.prod.outlook.com (2603:10a6:10:2e1::23) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8790:EE_|DUZPR04MB9726:EE_ X-MS-Office365-Filtering-Correlation-Id: 315fd15a-ccbb-4502-6ed5-08dbd130f15a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Kynz+dElTRj+PsLpTjslcRePI2hlvwl389iUI8PHKBrJV1/3/ECJcY4g6QNMJAeOdIMHjcwOULjJuCK6g4+LjM+bdcE1qKGPpWDvRVei7OT2IjE1btYBmllVvmhNunNRS02JSGA1kFhojgOrch+11RoUFFhoJk4ncaXa6mRB9GB9yyIBty4CAa1iq0Ajj2Au7SSVXlclKya2c00HVClREfw4+UEoxwhJ0y/HNDXdo/7/uQFUHYanm7qLHh00sGb4k3enujLNeYrgA4UOvQ21ipYVVOPOx8Z7BmEvnkVFimzGLVlcyVdUnoKZQMj4pszdVToQX9YVYyPzMbNzDhssaS8o84+oheBF+cfjueCpYTQX8MF6aofOS0X9HcHaznqa5tSNEIuGNULPXaPVInmxyGPYAlA6iDTCPRnYaHmYVMRdkhpGa/H01p9TruHRCxxt8IOeJ2+RyDX5CthHLDIg4t9nqunEtVk4dd0RlmUBXaTCdP8uwRvatdbKwxXcmZU1OpSRzLnE7pKCkxBQmZrPTHwp+y2cDqKCkhv6BmC8I61nbCWf9X6s74C+p3mwKjQDxsYg4vLLvagHzbFdDZAykjQ31hh7sTHRK70QFnTAVWbOZ+WY0M+3ScqaTI23hF4+4sP/b8RcxicwA1wL8EVHfg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8790.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(376002)(366004)(136003)(39860400002)(396003)(346002)(230922051799003)(186009)(64100799003)(1800799009)(451199024)(6512007)(36756003)(31686004)(966005)(316002)(66556008)(54906003)(66476007)(31696002)(26005)(66946007)(86362001)(38100700002)(6916009)(83380400001)(2616005)(6506007)(8936002)(6666004)(2906002)(6486002)(478600001)(41300700001)(8676002)(4326008)(5660300002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?YNdzBKCHkeqdmq27pYEwL1qegZn9?= =?utf-8?q?swKv8FVsHB19N6xVYdupTqse7URqbk5aI3SC4Kd8gyGXoXdeY/hT8i/R9x7Qzu3Tr?= =?utf-8?q?yJTKnqAt1oU8HnXSt0HkEADY5PBurrAsHkDRXx2t84AP50OLYZEIf/7YQJs2S8LEz?= =?utf-8?q?+mAPfnb+Wjw870bWwZJhdsx6KBKuDF9R6SOwjryn0dAbXaE2ex6AxE6ltxcFBakJ8?= =?utf-8?q?aDo+D50eRyJoEP0qPF1axrOPr1h9nCvoh5Xdsw1zySvLxH71gAtKyZLHuMPVOw4Tn?= =?utf-8?q?DZWdt/xhXiyC3DOMJXtSEFWBlHDc6xQSls5/EeJwwg3SZiW+l7BNwkCCRsnFU7GZR?= =?utf-8?q?qQ4WQpxHThaE7XUMF187gBCzhdEOTjcdg20FkNgtsIqrAE1mie0X1CqU+J/xR2TOr?= =?utf-8?q?X0kZsHKUOr7U/Wr9iqnatgDecuIMncXeGATtvYekF9jmVkEvTP1/RbHkGpXTEjXtE?= =?utf-8?q?KSfz9j13zXwoxxYpbaGxiAT9VDOSne4lWnr0/TOTob/La0c28kT84fsdpxOx+WZgO?= =?utf-8?q?4SJS2hisE2HZzIHF/cDiAGRejNmHsszsaB3sTnPRUkGjyAy9IUMJy0iFqDE+vG2HT?= =?utf-8?q?q5e6usn0NA8hs9D3WEBLTPYkqG0PnHIFGjlVoEVk0dkwEy6Pq6hm9+MtbmZSUQfhP?= =?utf-8?q?YMAdKzUWuPPob8TJElrteg+fnft3xh748XqL5PspK4xamozgNd2I9fKSwh2NNN1Cn?= =?utf-8?q?oFh6fCtqWCV+PgW2kN7aJVrpYtMi/HhT6Dj9Udo0XOb9Bvs1VJE4JuGFyyfywvNUP?= =?utf-8?q?g88obwH0LUMMyOhliiP/cz+W06dqr9FHuFu71ZsNfmiYstHwoKwaKECc+yU7NnvF9?= =?utf-8?q?5iRTT54mqmoPNsx+yvVnaSyiVXvH0/Pq4SG/A/U8o+svEQns8VmebEiuDGj0f8Ef2?= =?utf-8?q?kZGgD9SIXbZnOWmSycz3RWuVaLdd0Nbe6zhOPubxePOgbW6NgVVP/JeGbsZeimkao?= =?utf-8?q?lI08MknfLA+1EMQasXrqaMHkLnEVqqQtOcxp1Bx11Rl9Fj+Rv7+sMCeFEwNI0B5k9?= =?utf-8?q?1C/OZkkHNX78YCnBCGPJAnF6us96+q0FRhlZvyFaykly+uqtJYQLfj8LNYXGplsMb?= =?utf-8?q?Q6pE8Q5kwOVzfI3iAz1h3NPSCZ1RfmttTngDdQUkRcRhYvClwMllWc2kEQ2LObYoY?= =?utf-8?q?Z3WSEyiKD4duurq+Ti649CX347FcmqAX+x+c1du0guRWgEvaGvzdmAeBdCLxIMwNw?= =?utf-8?q?wYgBfDeXHBjkEMQ8CAjanWrEUbdWXYmiYG1ycWRZzK+dvsKNuaQyUZEKkUdfCVxzN?= =?utf-8?q?aDiRaC5JsOLr4Ln3HXpIusaactjyzJF/jblYm3Ieyi2a8KWL6m1hrjnjgAspSmX5b?= =?utf-8?q?ykBS616U3BxS+YyQRXobjHYdXM/8vdawa8X3il2utZLuG3x8Secf5BnQXUPXFrqHM?= =?utf-8?q?f1TTkWRwrT+2rdMqyHu/pND88GXeCqLww2aLbxrOL25giUVqizOQQPKabyS2/Ndm9?= =?utf-8?q?w/7z27FXUOa0YJoSk60HOxK5VR19OqgoYTibl1zLpoaUXJF5Y+uhZHQwMLRBHKSjV?= =?utf-8?q?rbR1J6lsTtU4?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 315fd15a-ccbb-4502-6ed5-08dbd130f15a X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8790.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Oct 2023 05:53:54.4229 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: NW18qSEJfa7uCMnb+ube3b/UaXeIg309eJynxeLHjrBE4VboAlbMIPYUEpKz/8k4RORJIAm+AolEQvtKi/HQJw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DUZPR04MB9726 [1] specifies a long list of instructions which are intended to exhibit timing behavior independent of the data they operate on. On certain hardware this independence is optional, controlled by a bit in a new MSR. Provide a command line option to control the mode Xen and its guests are to operate in, with a build time control over the default. Longer term we may want to allow guests to control this. Since Arm64 supposedly also has such a control, put command line option and Kconfig control in common files. [1] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/data-operand-independent-timing-isa-guidance.html Requested-by: Demi Marie Obenour Signed-off-by: Jan Beulich Release-acked-by: Henry Wang Acked-by: Roger Pau Monné --- This may be viewed as a new feature, and hence be too late for 4.18. It may, however, also be viewed as security relevant, which is why I'd like to propose to at least consider it. Note that already for 4.17 it had a release ack to go in late; just the necessary normal ack continues to be missing. Slightly RFC, in particular for whether the Kconfig option should default to Y or N. I would have wanted to invoke setup_doitm() from cpu_init(), but that works only on the BSP. On APs cpu_init() runs before ucode loading. Plus recheck_cpu_features() invoking identify_cpu() takes care of the BSP during S3 resume. --- v4: Re-base. v3: Extend command line doc. Add changelog entry. v2: Introduce and use cpu_has_doitm. Add comment "borrowed" from the XenServer patch queue patch providing similar functionality. Re-base. --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,6 +33,8 @@ The format is based on [Keep a Changelog nodes using a device tree overlay binary (.dtbo). - Introduce two new hypercalls to map the vCPU runstate and time areas by physical rather than linear/virtual addresses. + - On x86, support for enforcing system-wide operation in Data Operand + Independent Timing Mode. ### Removed - On x86, the "pku" command line option has been removed. It has never --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -788,6 +788,16 @@ Specify the size of the console debug tr additionally a trace buffer of the specified size is allocated per cpu. The debug trace feature is only enabled in debugging builds of Xen. +### dit (x86/Intel) +> `= ` + +> Default: `CONFIG_DIT_DEFAULT` + +Specify whether Xen and guests should operate in Data Independent Timing +mode. Note that enabling this option cannot guarantee anything beyond what +underlying hardware guarantees (with, where available and known to Xen, +respective tweaks applied). + ### dma_bits > `= ` --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -15,6 +15,7 @@ config X86 select HAS_ALTERNATIVE select HAS_COMPAT select HAS_CPUFREQ + select HAS_DIT select HAS_EHCI select HAS_EX_TABLE select HAS_FAST_MULTIPLY --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -204,6 +204,28 @@ void ctxt_switch_levelling(const struct alternative_vcall(ctxt_switch_masking, next); } +static void setup_doitm(void) +{ + uint64_t msr; + + if ( !cpu_has_doitm ) + return; + + /* + * We don't currently enumerate DOITM to guests. As a conseqeuence, guest + * kernels will believe they're safe even when they are not. + * + * For now, set it unilaterally. This prevents otherwise-correct crypto + * code from becoming vulnerable to timing sidechannels. + */ + + rdmsrl(MSR_UARCH_MISC_CTRL, msr); + msr |= UARCH_CTRL_DOITM; + if ( !opt_dit ) + msr &= ~UARCH_CTRL_DOITM; + wrmsrl(MSR_UARCH_MISC_CTRL, msr); +} + bool opt_cpu_info; boolean_param("cpuinfo", opt_cpu_info); @@ -599,6 +621,8 @@ void identify_cpu(struct cpuinfo_x86 *c) mtrr_bp_init(); } + + setup_doitm(); } /* leaf 0xb SMT level */ --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -202,6 +202,7 @@ static inline bool boot_cpu_has(unsigned #define cpu_has_tsx_ctrl boot_cpu_has(X86_FEATURE_TSX_CTRL) #define cpu_has_taa_no boot_cpu_has(X86_FEATURE_TAA_NO) #define cpu_has_mcu_ctrl boot_cpu_has(X86_FEATURE_MCU_CTRL) +#define cpu_has_doitm boot_cpu_has(X86_FEATURE_DOITM) #define cpu_has_fb_clear boot_cpu_has(X86_FEATURE_FB_CLEAR) #define cpu_has_rrsba boot_cpu_has(X86_FEATURE_RRSBA) #define cpu_has_gds_ctrl boot_cpu_has(X86_FEATURE_GDS_CTRL) --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -56,6 +56,9 @@ config HAS_COMPAT config HAS_DEVICE_TREE bool +config HAS_DIT # Data Independent Timing + bool + config HAS_EX_TABLE bool @@ -187,6 +190,18 @@ config SPECULATIVE_HARDEN_GUEST_ACCESS endmenu +config DIT_DEFAULT + bool "Data Independent Timing default" + depends on HAS_DIT + help + Hardware often surfaces instructions the timing of which is dependent + on the data they process. Some of these instructions may be used in + timing sensitive environments, e.g. cryptography. When such + instructions exist, hardware may further surface a control allowing + to make the behavior of such instructions independent of the data + they act upon. Choose the default here for when no "dit" command line + option is present. + config HYPFS bool "Hypervisor file system support" default y --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -28,6 +28,11 @@ CHECK_feature_info; enum system_state system_state = SYS_STATE_early_boot; +#ifdef CONFIG_HAS_DIT +bool __ro_after_init opt_dit = IS_ENABLED(CONFIG_DIT_DEFAULT); +boolean_param("dit", opt_dit); +#endif + static xen_commandline_t saved_cmdline; static const char __initconst opt_builtin_cmdline[] = CONFIG_CMDLINE; --- a/xen/include/xen/param.h +++ b/xen/include/xen/param.h @@ -184,6 +184,8 @@ extern struct param_hypfs __paramhypfs_s string_param(_name, _var); \ string_runtime_only_param(_name, _var) +extern bool opt_dit; + static inline void no_config_param(const char *cfg, const char *param, const char *s, const char *e) {