CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)' vs mitigation status: "Mitigation: Microcode"

[Dwokfur]

Running the tool on a Coffee-Lake Xeon (E-2286M) running kernel 6.8.9 gives the following output:
CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'

• Mitigated according to the /sys interface: YES (Mitigation: Microcode)
• SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
• SRBDS mitigation control is enabled and active: YES (Mitigation: Microcode)

STATUS: VULNERABLE (Your microcode and kernel are both up to date for SRBDS mitigation control. Mitigation is disabled)

However issuing: cat /sys/devices/system/cpu/vulnerabilities/srbds
reports:
"Mitigation: Microcode"

Shouldn't it be OK?

Thx:
Dw.

[Dwokfur]

rdmsr -d 0x123
4
rdmsr -r 0x123 | od -t u8 -A n
4
dd if=/dev/cpu/0/msr bs=8 count=1 skip="123" iflag=skip_bytes | od -t u8 -A n
dd: error reading '/dev/cpu/0/msr': Input/output error
perl -e "open(M,'<','/dev/cpu/0/msr') and seek(M,123,0) and read(M,$_,8) and print" | od -t u8 -A n

[Dwokfur]

Note that the kernel is now booted with srbds=on explicitly

[Dwokfur]

According to Intel's specs, the register should be 0 if enabled and 1 if disabled, while rdmsr returns 4 in this case. The presence of the msr and bit 0 gives a feedback. The cpuid request to check support for the mitigation seems to be fine in the script.

[Dwokfur]

Intel specs says bit 0 matters, while bits 1:63 are reserved for MSR 0x123...
"RNGDS_MITG_DIS (R/W)
When set to 0 (default), SRBDS mitigation is enabled for RDRAND and RDSEED.
When set to 1, SRBDS mitigation is disabled for RDRAND and RDSEED executed outside of Intel SGX enclaves"

[Dwokfur]

https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/special-register-buffer-data-sampling.html

[Dwokfur]

--- spectre-meltdown-checker.sh.default 2024-05-10 10:23:13.090413332 +0200
+++ spectre-meltdown-checker.sh 2024-05-10 20:30:07.726979141 +0200
@@ -3726,9 +3726,9 @@ check_cpu()
cpuid_srbds=1
read_msr 0x123; ret=$?
if [ $ret = $READ_MSR_RET_OK ]; then

•                   if [ $read_msr_value = 0 ]; then
  

•                   if [ $read_msr_value != 1 ]; then
                            #SRBDS mitigation control exists and is enabled via microcode
  

•                           srbds_on=1
  

•                           [ $(( read_msr_value >> 0 & 1 )) -eq 0 ] && srbds_on=1
                    else
                            #SRBDS mitigation control exists but is disabled via microcode
                            srbds_on=0
  

[Dwokfur]

How the . I paste diff contents properly here?

[mhalano]

I have the same problem. It says I'm affected but I have mitigation on microcode. I have an i7-10510U processor.

[mhalano]

How the . I paste diff contents properly here?

You could create a block of code in MarkDown and paste the patch inside of it.