home | list info | list archive | date index | thread index

Re: Reminder of L3GO meeting this evening.

> On Tue, May 14, 2019 at 09:11:01AM -0400, Richard Guy Briggs wrote:
> > Alex had a list of kernel merge commit messages that I think he wanted
> > to share with us...
> 
On Tue, May 14, 2019 at 11:17:21AM -0400, Alex Pilon wrote:
> […] Attached. Didn't find anything interesting in the merge commits in
> the last few days though. Didn't trim the noise in the commit messages
> either yet. Selected commits reflect my interests.

Just saw this:

    commit fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
    Merge: 63863ee8e2f6 95310e348a32
    Author: Linus Torvalds <torvalds [ at ] linux-foundation [ dot ] org>
    Date:   Tue May 14 07:57:29 2019 -0700

        Merge branch 'x86-mds-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
        
        Pull x86 MDS mitigations from Thomas Gleixner:
         "Microarchitectural Data Sampling (MDS) is a hardware vulnerability
          which allows unprivileged speculative access to data which is
          available in various CPU internal buffers. This new set of misfeatures
          has the following CVEs assigned:
        
             CVE-2018-12126  MSBDS  Microarchitectural Store Buffer Data Sampling
             CVE-2018-12130  MFBDS  Microarchitectural Fill Buffer Data Sampling
             CVE-2018-12127  MLPDS  Microarchitectural Load Port Data Sampling
             CVE-2019-11091  MDSUM  Microarchitectural Data Sampling Uncacheable Memory
        
          MDS attacks target microarchitectural buffers which speculatively
          forward data under certain conditions. Disclosure gadgets can expose
          this data via cache side channels.
        
          Contrary to other speculation based vulnerabilities the MDS
          vulnerability does not allow the attacker to control the memory target
          address. As a consequence the attacks are purely sampling based, but
          as demonstrated with the TLBleed attack samples can be postprocessed
          successfully.
        
          The mitigation is to flush the microarchitectural buffers on return to
          user space and before entering a VM. It's bolted on the VERW
          instruction and requires a microcode update. As some of the attacks
          exploit data structures shared between hyperthreads, full protection
          requires to disable hyperthreading. The kernel does not do that by
          default to avoid breaking unattended updates.
        
          The mitigation set comes with documentation for administrators and a
          deeper technical view"
        
        * 'x86-mds-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (23 commits)
          x86/speculation/mds: Fix documentation typo
          Documentation: Correct the possible MDS sysfs values
          x86/mds: Add MDSUM variant to the MDS documentation
          x86/speculation/mds: Add 'mitigations=' support for MDS
          x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
          x86/speculation/mds: Fix comment
          x86/speculation/mds: Add SMT warning message
          x86/speculation: Move arch_smt_update() call to after mitigation decisions
          x86/speculation/mds: Add mds=full,nosmt cmdline option
          Documentation: Add MDS vulnerability documentation
          Documentation: Move L1TF to separate directory
          x86/speculation/mds: Add mitigation mode VMWERV
          x86/speculation/mds: Add sysfs reporting for MDS
          x86/speculation/mds: Add mitigation control for MDS
          x86/speculation/mds: Conditionally clear CPU buffers on idle entry
          x86/kvm/vmx: Add MDS protection when L1D Flush is not active
          x86/speculation/mds: Clear CPU buffers on exit to user
          x86/speculation/mds: Add mds_clear_cpu_buffers()
          x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
          x86/speculation/mds: Add BUG_MSBDS_ONLY
          ...
--
Manage your subscription: https://lists.linux-ottawa.org/linux/listinfo.html