CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)' vs mitigation status: "Mitigation: Microcode" - Githubissues

speed47 / spectre-meltdown-checker

Reptar, Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, Meltdown vulnerability/mitigation checker for Linux & BSD

3.84k stars 477 forks source link

CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)' vs mitigation status: "Mitigation: Microcode" #492

Open Dwokfur opened 3 months ago

Dwokfur commented 3 months ago

Running the tool on a Coffee-Lake Xeon (E-2286M) running kernel 6.8.9 gives the following output: CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'

Mitigated according to the /sys interface: YES (Mitigation: Microcode)
SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
SRBDS mitigation control is enabled and active: YES (Mitigation: Microcode)

STATUS: VULNERABLE (Your microcode and kernel are both up to date for SRBDS mitigation control. Mitigation is disabled)

However issuing: cat /sys/devices/system/cpu/vulnerabilities/srbds reports: "Mitigation: Microcode"

Shouldn't it be OK?

Thx: Dw.

Dwokfur commented 3 months ago

rdmsr -d 0x123 4 rdmsr -r 0x123 | od -t u8 -A n 4 dd if=/dev/cpu/0/msr bs=8 count=1 skip="123" iflag=skipbytes | od -t u8 -A n dd: error reading '/dev/cpu/0/msr': Input/output error perl -e "open(M,'<','/dev/cpu/0/msr') and seek(M,123,0) and read(M,\$,8) and print" | od -t u8 -A n

Dwokfur commented 3 months ago

Note that the kernel is now booted with srbds=on explicitly

Dwokfur commented 3 months ago

According to Intel's specs, the register should be 0 if enabled and 1 if disabled, while rdmsr returns 4 in this case. The presence of the msr and bit 0 gives a feedback. The cpuid request to check support for the mitigation seems to be fine in the script.

Dwokfur commented 3 months ago

Intel specs says bit 0 matters, while bits 1:63 are reserved for MSR 0x123... "RNGDS_MITG_DIS (R/W) When set to 0 (default), SRBDS mitigation is enabled for RDRAND and RDSEED. When set to 1, SRBDS mitigation is disabled for RDRAND and RDSEED executed outside of Intel SGX enclaves"

Dwokfur commented 3 months ago

https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/special-register-buffer-data-sampling.html

Dwokfur commented 3 months ago

--- spectre-meltdown-checker.sh.default 2024-05-10 10:23:13.090413332 +0200 +++ spectre-meltdown-checker.sh 2024-05-10 20:30:07.726979141 +0200 @@ -3726,9 +3726,9 @@ check_cpu() cpuid_srbds=1 read_msr 0x123; ret=$? if [ $ret = $READ_MSR_RET_OK ]; then
if [ $read_msr_value = 0 ]; then

if [ $read_msr_value != 1 ]; then
SRBDS mitigation control exists and is enabled via microcode

srbds_on=1
[ $(( read_msr_value >> 0 & 1 )) -eq 0 ] && srbds_on=1 else
SRBDS mitigation control exists but is disabled via microcode
                        srbds_on=0

Dwokfur commented 3 months ago

How the . I paste diff contents properly here?

mhalano commented 1 month ago

I have the same problem. It says I'm affected but I have mitigation on microcode. I have an i7-10510U processor.

mhalano commented 1 month ago

How the . I paste diff contents properly here?

You could create a block of code in MarkDown and paste the patch inside of it.