Project

General

Profile

Feature #10953

Need mitigations for MDS

Added by Robert Mustacchi 5 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Urgent
Category:
kernel
Start date:
2019-05-14
Due date:
% Done:

100%

Estimated time:
Difficulty:
Hard
Tags:

Description

We need mitigations for a series of CPU side channel vulnerabilities that affect Intel CPUs called multi-architectural data sampling which cover the following CVEs:

  • CVE-2018-12127
  • CVE-2018-12126
  • CVE-2018-12130
  • CVE-2019-11091

For more information, see the Intel security advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html.


Related issues

Related to illumos gate - Bug #11064: md_clear is misspeltNew2019-05-22

Actions

History

#1

Updated by Robert Mustacchi 5 months ago

To test this, we've done some of the following:

  • Running various OS test suites
  • Running bhyve, kvm, lx, SmartOS zones
  • Full Triton level testing
  • Verifying that updated microcode is loaded
  • Verifying that verw is correctly being used
  • Verifying that if we late-load the microcode we correctly detect verw
  • Verifying that on Cascade Lake we correctly detect this is mitigated and don't need to do it
#2

Updated by Electric Monk 5 months ago

  • Status changed from New to Closed

git commit a9cc46cf4c50667eb8eaf3af6c3bc4a74677b725

commit  a9cc46cf4c50667eb8eaf3af6c3bc4a74677b725
Author: Robert Mustacchi <rm@joyent.com>
Date:   2019-05-17T13:55:07.000Z

    10953 Need mitigations for MDS
    Reviewed by: John Levon <john.levon@joyent.com>
    Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Approved by: Richard Lowe <richlowe@richlowe.net>

#3

Updated by Joshua M. Clulow 5 months ago

  • Related to Bug #11064: md_clear is misspelt added

Also available in: Atom PDF