Re: [PATCH] x86: enable Data Operand Independent Timing Mode

[Bagas Sanjaya <bagasdotme@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 3355 bytes --]

On Tue, Jan 24, 2023 at 05:28:01PM -0800, Eric Biggers wrote:
> +.. SPDX-License-Identifier: GPL-2.0
> +
> +DODT - Data Operand Dependent Timing
> +====================================
> +
> +Data Operand Dependent Timing (DODT) is a CPU vulnerability that makes the
> +execution times of instructions depend on the values of the data operated on.
> +
> +This vulnerability potentially enables side-channel attacks on data, including
> +cryptographic keys.  Most cryptography algorithms require that a variety of
> +instructions be constant-time in order to prevent side-channel attacks.
> +
> +Affected CPUs
> +-------------
> +
> +This vulnerability affects Intel Core family processors based on the Ice Lake
> +and later microarchitectures, and Intel Atom family processors based on the
> +Gracemont and later microarchitectures.  For more information, see Intel's
> +documentation [1]_.
> +
> +Mitigation
> +----------
> +
> +Mitigation of this vulnerability involves setting a Model Specific Register
> +(MSR) bit to enable Data Operand Independent Timing Mode (DOITM).
> +
> +By the default, the kernel does this on all CPUs.  This mitigation is global, so
> +it applies to both the kernel and userspace.
> +
> +This mitigation can be disabled by adding ``doitm=off`` to the kernel command
> +line.  It's also one of the mitigations that can be disabled by
> +``mitigations=off``.
> +
> +References
> +----------
> +.. [1] Data Operand Independent Timing Instruction Set Architecture (ISA) Guidance
> +   https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/data-operand-independent-timing-isa-guidance.html
> diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst
> index 4df436e7c4177..cd962f9634dad 100644
> --- a/Documentation/admin-guide/hw-vuln/index.rst
> +++ b/Documentation/admin-guide/hw-vuln/index.rst
> @@ -18,3 +18,4 @@ are configurable at compile, boot or run time.
>     core-scheduling.rst
>     l1d_flush.rst
>     processor_mmio_stale_data.rst
> +   dodt.rst
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 6cfa6e3996cf7..a6a872c4365e6 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -1119,6 +1119,12 @@
>  			The filter can be disabled or changed to another
>  			driver later using sysfs.
>  
> +	doitm=off	[X86,INTEL] Disable the use of Data Operand Independent
> +			Timing Mode (DOITM).  I.e., disable the mitigation for
> +			the Data Operand Dependent Timing (DODT) CPU
> +			vulnerability.  For details, see
> +			Documentation/admin-guide/hw-vuln/dodt.rst
> +
>  	driver_async_probe=  [KNL]
>  			List of driver names to be probed asynchronously. *
>  			matches with all driver names. If * is specified, the
> @@ -3259,6 +3265,7 @@
>  					       no_uaccess_flush [PPC]
>  					       mmio_stale_data=off [X86]
>  					       retbleed=off [X86]
> +					       doitm=off [X86,INTEL]
>  
>  				Exceptions:
>  					       This does not have any effect on
 
The doc LGTM, thanks!

Reviewed-by: Bagas Sanjaya <bagasdotme@gmail.com>

-- 
An old man doll... just what I always wanted! - Clara

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]