On 2019-05-14 16:44, Alex Pilon wrote: > > On Tue, May 14, 2019 at 09:11:01AM -0400, Richard Guy Briggs wrote: > > > Alex had a list of kernel merge commit messages that I think he wanted > > > to share with us... > > > On Tue, May 14, 2019 at 11:17:21AM -0400, Alex Pilon wrote: > > [???] Attached. Didn't find anything interesting in the merge commits in > > the last few days though. Didn't trim the noise in the commit messages > > either yet. Selected commits reflect my interests. > > Just saw this: > > commit fa4bff165070dc40a3de35b78e4f8da8e8d85ec5 > Merge: 63863ee8e2f6 95310e348a32 > Author: Linus Torvalds <torvalds [ at ] linux-foundation [ dot ] org> > Date: Tue May 14 07:57:29 2019 -0700 > > Merge branch 'x86-mds-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip > > Pull x86 MDS mitigations from Thomas Gleixner: > "Microarchitectural Data Sampling (MDS) is a hardware vulnerability > which allows unprivileged speculative access to data which is > available in various CPU internal buffers. This new set of misfeatures > has the following CVEs assigned: > > CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling > CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling > CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling > CVE-2019-11091 MDSUM Microarchitectural Data Sampling Uncacheable Memory I just got an internal all-$work announcement for these four CVEs... All existing products are vulnerable, labelled "IMPORTANT". > MDS attacks target microarchitectural buffers which speculatively > forward data under certain conditions. Disclosure gadgets can expose > this data via cache side channels. > > Contrary to other speculation based vulnerabilities the MDS > vulnerability does not allow the attacker to control the memory target > address. As a consequence the attacks are purely sampling based, but > as demonstrated with the TLBleed attack samples can be postprocessed > successfully. > > The mitigation is to flush the microarchitectural buffers on return to > user space and before entering a VM. It's bolted on the VERW > instruction and requires a microcode update. As some of the attacks > exploit data structures shared between hyperthreads, full protection > requires to disable hyperthreading. The kernel does not do that by > default to avoid breaking unattended updates. > > The mitigation set comes with documentation for administrators and a > deeper technical view" > > * 'x86-mds-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (23 commits) > x86/speculation/mds: Fix documentation typo > Documentation: Correct the possible MDS sysfs values > x86/mds: Add MDSUM variant to the MDS documentation > x86/speculation/mds: Add 'mitigations=' support for MDS > x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off > x86/speculation/mds: Fix comment > x86/speculation/mds: Add SMT warning message > x86/speculation: Move arch_smt_update() call to after mitigation decisions > x86/speculation/mds: Add mds=full,nosmt cmdline option > Documentation: Add MDS vulnerability documentation > Documentation: Move L1TF to separate directory > x86/speculation/mds: Add mitigation mode VMWERV > x86/speculation/mds: Add sysfs reporting for MDS > x86/speculation/mds: Add mitigation control for MDS > x86/speculation/mds: Conditionally clear CPU buffers on idle entry > x86/kvm/vmx: Add MDS protection when L1D Flush is not active > x86/speculation/mds: Clear CPU buffers on exit to user > x86/speculation/mds: Add mds_clear_cpu_buffers() > x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests > x86/speculation/mds: Add BUG_MSBDS_ONLY > ... > -- > Manage your subscription: https://lists.linux-ottawa.org/linux/listinfo.html slainte mhath, RGB -- Richard Guy Briggs -- ~\ -- ~\ <hpv.tricolour.ca> <www.TriColour.ca> -- \___ o \@ @ Ride yer bike! Ottawa, ON, CANADA -- Lo_>__M__\\/\%__\\/\% Vote! -- <greenparty.ca>_____GTVS6#790__(*)__(*)________(*)(*)_________________ -- Manage your subscription: https://lists.linux-ottawa.org/linux/listinfo.html