70 lines
3.4 KiB
Diff
70 lines
3.4 KiB
Diff
From ce4dbfe6007776bac14b2435bcf7c17976daeafe Mon Sep 17 00:00:00 2001
|
|
From: speck for Pawan Gupta <speck@linutronix.de>
|
|
Date: Mon, 6 May 2019 12:23:50 -0700
|
|
Subject: [PATCH 28/30] x86/mds: Add MDSUM variant to the MDS documentation
|
|
|
|
commit e672f8bf71c66253197e503f75c771dd28ada4a0 upstream
|
|
|
|
Updated the documentation for a new CVE-2019-11091 Microarchitectural Data
|
|
Sampling Uncacheable Memory (MDSUM) which is a variant of
|
|
Microarchitectural Data Sampling (MDS). MDS is a family of side channel
|
|
attacks on internal buffers in Intel CPUs.
|
|
|
|
MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from
|
|
memory that takes a fault or assist can leave data in a microarchitectural
|
|
structure that may later be observed using one of the same methods used by
|
|
MSBDS, MFBDS or MLPDS. There are no new code changes expected for MDSUM.
|
|
The existing mitigation for MDS applies to MDSUM as well.
|
|
|
|
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
|
|
Reviewed-by: Jon Masters <jcm@redhat.com>
|
|
---
|
|
Documentation/admin-guide/hw-vuln/mds.rst | 5 +++--
|
|
Documentation/x86/mds.rst | 5 +++++
|
|
2 files changed, 8 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/Documentation/admin-guide/hw-vuln/mds.rst b/Documentation/admin-guide/hw-vuln/mds.rst
|
|
index 244ab47d1fb3..e0dccf414eca 100644
|
|
--- a/Documentation/admin-guide/hw-vuln/mds.rst
|
|
+++ b/Documentation/admin-guide/hw-vuln/mds.rst
|
|
@@ -32,11 +32,12 @@ Related CVEs
|
|
|
|
The following CVE entries are related to the MDS vulnerability:
|
|
|
|
- ============== ===== ==============================================
|
|
+ ============== ===== ===================================================
|
|
CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling
|
|
CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling
|
|
CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling
|
|
- ============== ===== ==============================================
|
|
+ CVE-2019-11091 MDSUM Microarchitectural Data Sampling Uncacheable Memory
|
|
+ ============== ===== ===================================================
|
|
|
|
Problem
|
|
-------
|
|
diff --git a/Documentation/x86/mds.rst b/Documentation/x86/mds.rst
|
|
index 3d6f943f1afb..979945be257a 100644
|
|
--- a/Documentation/x86/mds.rst
|
|
+++ b/Documentation/x86/mds.rst
|
|
@@ -12,6 +12,7 @@ Microarchitectural Data Sampling (MDS) is a family of side channel attacks
|
|
- Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
|
|
- Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
|
|
- Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)
|
|
+ - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)
|
|
|
|
MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a
|
|
dependent load (store-to-load forwarding) as an optimization. The forward
|
|
@@ -38,6 +39,10 @@ faulting or assisting loads under certain conditions, which again can be
|
|
exploited eventually. Load ports are shared between Hyper-Threads so cross
|
|
thread leakage is possible.
|
|
|
|
+MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from
|
|
+memory that takes a fault or assist can leave data in a microarchitectural
|
|
+structure that may later be observed using one of the same methods used by
|
|
+MSBDS, MFBDS or MLPDS.
|
|
|
|
Exposure assumptions
|
|
--------------------
|