This kernel update targets the set of new vulnerabilities disclosed by Intel to be found in certain families of CPUs. Intel releases microcode updates, while the Kernel needs to be updated as well to correctly mitigate the flaw.
MMIO Stale Data vulnerabilities
In its standard security advisory INTEL-SA-00615 Intel announces a new pack of CPU vulnerabilities affecting several modern CPU families including Rocket Lake, Haswell and Skylake. Lets decipher what all this stands for.
MMIO subsystem
Memory-mapped IO is technique that allows read/write of peripheral devices using the same conventional memory. This is a very handy approach allowing effective management of memory pages as well as uniform programming style. A good example where it takes place is when accessing the PCI devices.
It is implemented both in hardware and software: CPU holds special "tables" where the mapping between a DRAM memory region and a device's memory/registers is registered. OS is responsible for acquisition and release of such regions by specifying the exact addresses it needs. The so called HIGH_MEM is usually mapped to devices with MMIO. Thus, communicating to an I/O device becomes like reading and writing to memory addresses devoted to that I/O device.
Prior to accessing a memory region (and after you successfully request it), the region must be mapped into kernel address space by calling special architecture-dependent functions which make use of MMU to build the page table:
void __iomem *ioremap(unsigned long phys_add, unsigned long size) ;
void iounmap(void __iomem *addr);
Stale data
Stale data refers to some data left over from previous data transfer in context of MMIO. Certain internal buffers and registers in CPU are involved reading or writing, and these buffers may be accessed in unauthorized way as they are not properly cleared.
Mitigation in CPU
Recent microcode update is known to improve the VERW instruction that is originally responsible for checking the read/write privileges assigned to the segment to verify that the intended write operation is allowed. Software checks "write" rights using VERW (stands for Verify for Writing) instruction. The update adds it a new side-effect of clearing certain buffers to disallow reading of stale data.
Mitigating in Linux
The mitigation conforms to the well-known Kernel framework to address CPU "bugs". First, it provides a new sysfs interfaces to enumerate the current vulnerability status of the system: whether the system is vulnerable, and which mitigation is active: /sys/devices/system/cpu/vulnerabilities/mmio_stale_data. Second, it adds a new constant X86_BUG_MMIO_STALE_DATA to an existing list of CPU bugs. Finally, there is a kernel command line parameter mmio_stale_data accepting one of the off, full or full,nosmt values.
Useful Links