Linux 6.8 x86/urgent Update Beefs Up Protection Against Side Channel CPU Bugs

Written by Michael Larabel in Intel on 25 February 2024 at 06:41 AM EST. 9 Comments
INTEL
Sent in this morning via the "x86/urgent" pull request ahead of the Linux 6.8-rc6 kernel later today is a set of patches from Intel to ensure clearing of CPU buffers using the VERW instruction happens at the latest possible point in the return-to-userspace code path. This is being done to better protect against CPU bugs like Microarchitectural Data Sampling (MDS).

The past several months has seen work by Intel Linux engineers to delay VERW for clearing micro-architectural CPU buffers to later in the CPU return-to-userspace code path. Intel engineer Pawan Gupta explained in the patches:
Legacy instruction VERW was overloaded by some processors to clear micro-architectural CPU buffers as a mitigation of CPU bugs. This series moves VERW execution to a later point in exit-to-user path. This is needed because in some cases it may be possible for kernel data to be accessed after VERW in arch_exit_to_user_mode(). Such accesses may put data into MDS affected CPU buffers, for example:

1. Kernel data accessed by an NMI between VERW and return-to-user can remain in CPU buffers (since NMI returning to kernel does not execute VERW to clear CPU buffers).
2. Alyssa reported that after VERW is executed, CONFIG_GCC_PLUGIN_STACKLEAK=y scrubs the stack used by a system call. Memory accesses during stack scrubbing can move kernel stack contents into CPU buffers.
3. When caller saved registers are restored after a return from function executing VERW, the kernel stack accesses can remain in CPU buffers(since they occur after VERW).

Although these cases are less practical to exploit, moving VERW closer to ring transition reduces the attack surface.

This may have some minor changes to the performance as a result of delaying the VERW clearing. The main focus of the patch series with the "CPU bugs" appears to be around the Microarchitectural Data Sampling (MDS) side-channel attacks disclosed a few years ago.

Old Intel CPU affected by MDS


The patches via the x86/urgent pull request are now awaiting action by Linus Torvalds later today prior to releasing the Linux 6.8-rc6 test kernel.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week