Loading Documentation/ABI/testing/sysfs-devices-system-cpu +1 −0 Original line number Diff line number Diff line Loading @@ -486,6 +486,7 @@ What: /sys/devices/system/cpu/vulnerabilities /sys/devices/system/cpu/vulnerabilities/spec_store_bypass /sys/devices/system/cpu/vulnerabilities/l1tf /sys/devices/system/cpu/vulnerabilities/mds /sys/devices/system/cpu/vulnerabilities/srbds /sys/devices/system/cpu/vulnerabilities/tsx_async_abort /sys/devices/system/cpu/vulnerabilities/itlb_multihit Date: January 2018 Loading Documentation/ABI/testing/sysfs-driver-ufs +136 −0 Original line number Diff line number Diff line Loading @@ -883,3 +883,139 @@ Contact: Subhash Jadavani <subhashj@codeaurora.org> Description: This entry shows the target state of an UFS UIC link for the chosen system power management level. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/device_descriptor/wb_presv_us_en Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows if preserve user-space was configured The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/device_descriptor/wb_shared_alloc_units Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the shared allocated units of WB buffer The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/device_descriptor/wb_type Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the configured WB type. 0x1 for shared buffer mode. 0x0 for dedicated buffer mode. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/geometry_descriptor/wb_buff_cap_adj Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the total user-space decrease in shared buffer mode. The value of this parameter is 3 for TLC NAND when SLC mode is used as WriteBooster Buffer. 2 for MLC NAND. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/geometry_descriptor/wb_max_alloc_units Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the Maximum total WriteBooster Buffer size which is supported by the entire device. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/geometry_descriptor/wb_max_wb_luns Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the maximum number of luns that can support WriteBooster. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/geometry_descriptor/wb_sup_red_type Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: The supportability of user space reduction mode and preserve user space mode. 00h: WriteBooster Buffer can be configured only in user space reduction type. 01h: WriteBooster Buffer can be configured only in preserve user space type. 02h: Device can be configured in either user space reduction type or preserve user space type. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/geometry_descriptor/wb_sup_wb_type Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: The supportability of WriteBooster Buffer type. 00h: LU based WriteBooster Buffer configuration 01h: Single shared WriteBooster Buffer configuration 02h: Supporting both LU based WriteBooster Buffer and Single shared WriteBooster Buffer configuration The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/flags/wb_enable Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the status of WriteBooster. 0: WriteBooster is not enabled. 1: WriteBooster is enabled The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/flags/wb_flush_en Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows if flush is enabled. 0: Flush operation is not performed. 1: Flush operation is performed. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/flags/wb_flush_during_h8 Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: Flush WriteBooster Buffer during hibernate state. 0: Device is not allowed to flush the WriteBooster Buffer during link hibernate state. 1: Device is allowed to flush the WriteBooster Buffer during link hibernate state The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/attributes/wb_avail_buf Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the amount of unused WriteBooster buffer available. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/attributes/wb_cur_buf Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the amount of unused current buffer. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/attributes/wb_flush_status Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the flush operation status. 00h: idle 01h: Flush operation in progress 02h: Flush operation stopped prematurely. 03h: Flush operation completed successfully 04h: Flush operation general failure The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/attributes/wb_life_time_est Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows an indication of the WriteBooster Buffer lifetime based on the amount of performed program/erase cycles 01h: 0% - 10% WriteBooster Buffer life time used ... 0Ah: 90% - 100% WriteBooster Buffer life time used The file is read only. What: /sys/class/scsi_device/*/device/unit_descriptor/wb_buf_alloc_units Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the configured size of WriteBooster buffer. 0400h corresponds to 4GB. The file is read only. Documentation/ABI/testing/sysfs-fs-f2fs +9 −0 Original line number Diff line number Diff line Loading @@ -333,6 +333,15 @@ Description: Give a way to attach REQ_META|FUA to data writes * 5 | 4 | 3 | 2 | 1 | 0 | * Cold | Warm | Hot | Cold | Warm | Hot | What: /sys/fs/f2fs/<disk>/node_io_flag Date: June 2020 Contact: "Jaegeuk Kim" <jaegeuk@kernel.org> Description: Give a way to attach REQ_META|FUA to node writes given temperature-based bits. Now the bits indicate: * REQ_META | REQ_FUA | * 5 | 4 | 3 | 2 | 1 | 0 | * Cold | Warm | Hot | Cold | Warm | Hot | What: /sys/fs/f2fs/<disk>/iostat_period_ms Date: April 2020 Contact: "Daeho Jeong" <daehojeong@google.com> Loading Documentation/admin-guide/hw-vuln/index.rst +1 −0 Original line number Diff line number Diff line Loading @@ -14,3 +14,4 @@ are configurable at compile, boot or run time. mds tsx_async_abort multihit.rst special-register-buffer-data-sampling.rst Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst 0 → 100644 +149 −0 Original line number Diff line number Diff line .. SPDX-License-Identifier: GPL-2.0 SRBDS - Special Register Buffer Data Sampling ============================================= SRBDS is a hardware vulnerability that allows MDS :doc:`mds` techniques to infer values returned from special register accesses. Special register accesses are accesses to off core registers. According to Intel's evaluation, the special register reads that have a security expectation of privacy are RDRAND, RDSEED and SGX EGETKEY. When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved to the core through the special register mechanism that is susceptible to MDS attacks. Affected processors -------------------- Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may be affected. A processor is affected by SRBDS if its Family_Model and stepping is in the following list, with the exception of the listed processors exporting MDS_NO while Intel TSX is available yet not enabled. The latter class of processors are only affected when Intel TSX is enabled by software using TSX_CTRL_MSR otherwise they are not affected. ============= ============ ======== common name Family_Model Stepping ============= ============ ======== IvyBridge 06_3AH All Haswell 06_3CH All Haswell_L 06_45H All Haswell_G 06_46H All Broadwell_G 06_47H All Broadwell 06_3DH All Skylake_L 06_4EH All Skylake 06_5EH All Kabylake_L 06_8EH <= 0xC Kabylake 06_9EH <= 0xD ============= ============ ======== Related CVEs ------------ The following CVE entry is related to this SRBDS issue: ============== ===== ===================================== CVE-2020-0543 SRBDS Special Register Buffer Data Sampling ============== ===== ===================================== Attack scenarios ---------------- An unprivileged user can extract values returned from RDRAND and RDSEED executed on another core or sibling thread using MDS techniques. Mitigation mechanism ------------------- Intel will release microcode updates that modify the RDRAND, RDSEED, and EGETKEY instructions to overwrite secret special register data in the shared staging buffer before the secret data can be accessed by another logical processor. During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core accesses from other logical processors will be delayed until the special register read is complete and the secret data in the shared staging buffer is overwritten. This has three effects on performance: #. RDRAND, RDSEED, or EGETKEY instructions have higher latency. #. Executing RDRAND at the same time on multiple logical processors will be serialized, resulting in an overall reduction in the maximum RDRAND bandwidth. #. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other logical processors that miss their core caches, with an impact similar to legacy locked cache-line-split accesses. The microcode updates provide an opt-out mechanism (RNGDS_MITG_DIS) to disable the mitigation for RDRAND and RDSEED instructions executed outside of Intel Software Guard Extensions (Intel SGX) enclaves. On logical processors that disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not take longer to execute and do not impact performance of sibling logical processors memory accesses. The opt-out mechanism does not affect Intel SGX enclaves (including execution of RDRAND or RDSEED inside an enclave, as well as EGETKEY execution). IA32_MCU_OPT_CTRL MSR Definition -------------------------------- Along with the mitigation for this issue, Intel added a new thread-scope IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL = 9]==1. This MSR is introduced through the microcode update. Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX enclave on that logical processor. Opting out of the mitigation for a particular logical processor does not affect the RDRAND and RDSEED mitigations for other logical processors. Note that inside of an Intel SGX enclave, the mitigation is applied regardless of the value of RNGDS_MITG_DS. Mitigation control on the kernel command line --------------------------------------------- The kernel command line allows control over the SRBDS mitigation at boot time with the option "srbds=". The option for this is: ============= ============================================================= off This option disables SRBDS mitigation for RDRAND and RDSEED on affected platforms. ============= ============================================================= SRBDS System Information ----------------------- The Linux kernel provides vulnerability status information through sysfs. For SRBDS this can be accessed by the following sysfs file: /sys/devices/system/cpu/vulnerabilities/srbds The possible values contained in this file are: ============================== ============================================= Not affected Processor not vulnerable Vulnerable Processor vulnerable and mitigation disabled Vulnerable: No microcode Processor vulnerable and microcode is missing mitigation Mitigation: Microcode Processor is vulnerable and mitigation is in effect. Mitigation: TSX disabled Processor is only vulnerable when TSX is enabled while this system was booted with TSX disabled. Unknown: Dependent on hypervisor status Running on virtual guest processor that is affected but with no way to know if host processor is mitigated or vulnerable. ============================== ============================================= SRBDS Default mitigation ------------------------ This new microcode serializes processor access during execution of RDRAND, RDSEED ensures that the shared buffer is overwritten before it is released for reuse. Use the "srbds=off" kernel command line to disable the mitigation for RDRAND and RDSEED. Loading
Documentation/ABI/testing/sysfs-devices-system-cpu +1 −0 Original line number Diff line number Diff line Loading @@ -486,6 +486,7 @@ What: /sys/devices/system/cpu/vulnerabilities /sys/devices/system/cpu/vulnerabilities/spec_store_bypass /sys/devices/system/cpu/vulnerabilities/l1tf /sys/devices/system/cpu/vulnerabilities/mds /sys/devices/system/cpu/vulnerabilities/srbds /sys/devices/system/cpu/vulnerabilities/tsx_async_abort /sys/devices/system/cpu/vulnerabilities/itlb_multihit Date: January 2018 Loading
Documentation/ABI/testing/sysfs-driver-ufs +136 −0 Original line number Diff line number Diff line Loading @@ -883,3 +883,139 @@ Contact: Subhash Jadavani <subhashj@codeaurora.org> Description: This entry shows the target state of an UFS UIC link for the chosen system power management level. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/device_descriptor/wb_presv_us_en Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows if preserve user-space was configured The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/device_descriptor/wb_shared_alloc_units Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the shared allocated units of WB buffer The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/device_descriptor/wb_type Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the configured WB type. 0x1 for shared buffer mode. 0x0 for dedicated buffer mode. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/geometry_descriptor/wb_buff_cap_adj Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the total user-space decrease in shared buffer mode. The value of this parameter is 3 for TLC NAND when SLC mode is used as WriteBooster Buffer. 2 for MLC NAND. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/geometry_descriptor/wb_max_alloc_units Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the Maximum total WriteBooster Buffer size which is supported by the entire device. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/geometry_descriptor/wb_max_wb_luns Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the maximum number of luns that can support WriteBooster. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/geometry_descriptor/wb_sup_red_type Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: The supportability of user space reduction mode and preserve user space mode. 00h: WriteBooster Buffer can be configured only in user space reduction type. 01h: WriteBooster Buffer can be configured only in preserve user space type. 02h: Device can be configured in either user space reduction type or preserve user space type. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/geometry_descriptor/wb_sup_wb_type Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: The supportability of WriteBooster Buffer type. 00h: LU based WriteBooster Buffer configuration 01h: Single shared WriteBooster Buffer configuration 02h: Supporting both LU based WriteBooster Buffer and Single shared WriteBooster Buffer configuration The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/flags/wb_enable Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the status of WriteBooster. 0: WriteBooster is not enabled. 1: WriteBooster is enabled The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/flags/wb_flush_en Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows if flush is enabled. 0: Flush operation is not performed. 1: Flush operation is performed. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/flags/wb_flush_during_h8 Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: Flush WriteBooster Buffer during hibernate state. 0: Device is not allowed to flush the WriteBooster Buffer during link hibernate state. 1: Device is allowed to flush the WriteBooster Buffer during link hibernate state The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/attributes/wb_avail_buf Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the amount of unused WriteBooster buffer available. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/attributes/wb_cur_buf Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the amount of unused current buffer. The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/attributes/wb_flush_status Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the flush operation status. 00h: idle 01h: Flush operation in progress 02h: Flush operation stopped prematurely. 03h: Flush operation completed successfully 04h: Flush operation general failure The file is read only. What: /sys/bus/platform/drivers/ufshcd/*/attributes/wb_life_time_est Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows an indication of the WriteBooster Buffer lifetime based on the amount of performed program/erase cycles 01h: 0% - 10% WriteBooster Buffer life time used ... 0Ah: 90% - 100% WriteBooster Buffer life time used The file is read only. What: /sys/class/scsi_device/*/device/unit_descriptor/wb_buf_alloc_units Date: June 2020 Contact: Asutosh Das <asutoshd@codeaurora.org> Description: This entry shows the configured size of WriteBooster buffer. 0400h corresponds to 4GB. The file is read only.
Documentation/ABI/testing/sysfs-fs-f2fs +9 −0 Original line number Diff line number Diff line Loading @@ -333,6 +333,15 @@ Description: Give a way to attach REQ_META|FUA to data writes * 5 | 4 | 3 | 2 | 1 | 0 | * Cold | Warm | Hot | Cold | Warm | Hot | What: /sys/fs/f2fs/<disk>/node_io_flag Date: June 2020 Contact: "Jaegeuk Kim" <jaegeuk@kernel.org> Description: Give a way to attach REQ_META|FUA to node writes given temperature-based bits. Now the bits indicate: * REQ_META | REQ_FUA | * 5 | 4 | 3 | 2 | 1 | 0 | * Cold | Warm | Hot | Cold | Warm | Hot | What: /sys/fs/f2fs/<disk>/iostat_period_ms Date: April 2020 Contact: "Daeho Jeong" <daehojeong@google.com> Loading
Documentation/admin-guide/hw-vuln/index.rst +1 −0 Original line number Diff line number Diff line Loading @@ -14,3 +14,4 @@ are configurable at compile, boot or run time. mds tsx_async_abort multihit.rst special-register-buffer-data-sampling.rst
Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst 0 → 100644 +149 −0 Original line number Diff line number Diff line .. SPDX-License-Identifier: GPL-2.0 SRBDS - Special Register Buffer Data Sampling ============================================= SRBDS is a hardware vulnerability that allows MDS :doc:`mds` techniques to infer values returned from special register accesses. Special register accesses are accesses to off core registers. According to Intel's evaluation, the special register reads that have a security expectation of privacy are RDRAND, RDSEED and SGX EGETKEY. When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved to the core through the special register mechanism that is susceptible to MDS attacks. Affected processors -------------------- Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may be affected. A processor is affected by SRBDS if its Family_Model and stepping is in the following list, with the exception of the listed processors exporting MDS_NO while Intel TSX is available yet not enabled. The latter class of processors are only affected when Intel TSX is enabled by software using TSX_CTRL_MSR otherwise they are not affected. ============= ============ ======== common name Family_Model Stepping ============= ============ ======== IvyBridge 06_3AH All Haswell 06_3CH All Haswell_L 06_45H All Haswell_G 06_46H All Broadwell_G 06_47H All Broadwell 06_3DH All Skylake_L 06_4EH All Skylake 06_5EH All Kabylake_L 06_8EH <= 0xC Kabylake 06_9EH <= 0xD ============= ============ ======== Related CVEs ------------ The following CVE entry is related to this SRBDS issue: ============== ===== ===================================== CVE-2020-0543 SRBDS Special Register Buffer Data Sampling ============== ===== ===================================== Attack scenarios ---------------- An unprivileged user can extract values returned from RDRAND and RDSEED executed on another core or sibling thread using MDS techniques. Mitigation mechanism ------------------- Intel will release microcode updates that modify the RDRAND, RDSEED, and EGETKEY instructions to overwrite secret special register data in the shared staging buffer before the secret data can be accessed by another logical processor. During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core accesses from other logical processors will be delayed until the special register read is complete and the secret data in the shared staging buffer is overwritten. This has three effects on performance: #. RDRAND, RDSEED, or EGETKEY instructions have higher latency. #. Executing RDRAND at the same time on multiple logical processors will be serialized, resulting in an overall reduction in the maximum RDRAND bandwidth. #. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other logical processors that miss their core caches, with an impact similar to legacy locked cache-line-split accesses. The microcode updates provide an opt-out mechanism (RNGDS_MITG_DIS) to disable the mitigation for RDRAND and RDSEED instructions executed outside of Intel Software Guard Extensions (Intel SGX) enclaves. On logical processors that disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not take longer to execute and do not impact performance of sibling logical processors memory accesses. The opt-out mechanism does not affect Intel SGX enclaves (including execution of RDRAND or RDSEED inside an enclave, as well as EGETKEY execution). IA32_MCU_OPT_CTRL MSR Definition -------------------------------- Along with the mitigation for this issue, Intel added a new thread-scope IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL = 9]==1. This MSR is introduced through the microcode update. Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX enclave on that logical processor. Opting out of the mitigation for a particular logical processor does not affect the RDRAND and RDSEED mitigations for other logical processors. Note that inside of an Intel SGX enclave, the mitigation is applied regardless of the value of RNGDS_MITG_DS. Mitigation control on the kernel command line --------------------------------------------- The kernel command line allows control over the SRBDS mitigation at boot time with the option "srbds=". The option for this is: ============= ============================================================= off This option disables SRBDS mitigation for RDRAND and RDSEED on affected platforms. ============= ============================================================= SRBDS System Information ----------------------- The Linux kernel provides vulnerability status information through sysfs. For SRBDS this can be accessed by the following sysfs file: /sys/devices/system/cpu/vulnerabilities/srbds The possible values contained in this file are: ============================== ============================================= Not affected Processor not vulnerable Vulnerable Processor vulnerable and mitigation disabled Vulnerable: No microcode Processor vulnerable and microcode is missing mitigation Mitigation: Microcode Processor is vulnerable and mitigation is in effect. Mitigation: TSX disabled Processor is only vulnerable when TSX is enabled while this system was booted with TSX disabled. Unknown: Dependent on hypervisor status Running on virtual guest processor that is affected but with no way to know if host processor is mitigated or vulnerable. ============================== ============================================= SRBDS Default mitigation ------------------------ This new microcode serializes processor access during execution of RDRAND, RDSEED ensures that the shared buffer is overwritten before it is released for reuse. Use the "srbds=off" kernel command line to disable the mitigation for RDRAND and RDSEED.
