~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/admin-guide/hw-vuln/mds.rst

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/admin-guide/hw-vuln/mds.rst (Version linux-6.11.5) and /Documentation/admin-guide/hw-vuln/mds.rst (Version linux-2.4.37.11)


  1 MDS - Microarchitectural Data Sampling            
  2 ======================================            
  3                                                   
  4 Microarchitectural Data Sampling is a hardware    
  5 unprivileged speculative access to data which     
  6 internal buffers.                                 
  7                                                   
  8 Affected processors                               
  9 -------------------                               
 10                                                   
 11 This vulnerability affects a wide range of Int    
 12 vulnerability is not present on:                  
 13                                                   
 14    - Processors from AMD, Centaur and other no    
 15                                                   
 16    - Older processor models, where the CPU fam    
 17                                                   
 18    - Some Atoms (Bonnell, Saltwell, Goldmont,     
 19                                                   
 20    - Intel processors which have the ARCH_CAP_    
 21      IA32_ARCH_CAPABILITIES MSR.                  
 22                                                   
 23 Whether a processor is affected or not can be     
 24 vulnerability file in sysfs. See :ref:`mds_sys    
 25                                                   
 26 Not all processors are affected by all variant    
 27 is identical for all of them so the kernel tre    
 28 vulnerability.                                    
 29                                                   
 30 Related CVEs                                      
 31 ------------                                      
 32                                                   
 33 The following CVE entries are related to the M    
 34                                                   
 35    ==============  =====  ====================    
 36    CVE-2018-12126  MSBDS  Microarchitectural S    
 37    CVE-2018-12130  MFBDS  Microarchitectural F    
 38    CVE-2018-12127  MLPDS  Microarchitectural L    
 39    CVE-2019-11091  MDSUM  Microarchitectural D    
 40    ==============  =====  ====================    
 41                                                   
 42 Problem                                           
 43 -------                                           
 44                                                   
 45 When performing store, load, L1 refill operati    
 46 into temporary microarchitectural structures (    
 47 buffer can be forwarded to load operations as     
 48                                                   
 49 Under certain conditions, usually a fault/assi    
 50 operation, data unrelated to the load memory a    
 51 forwarded from the buffers. Because the load o    
 52 assist and its result will be discarded, the f    
 53 incorrect program execution or state changes.     
 54 may be able to forward this speculative data t    
 55 allows in turn to infer the value via a cache     
 56                                                   
 57 Because the buffers are potentially shared bet    
 58 Hyper-Thread attacks are possible.                
 59                                                   
 60 Deeper technical information is available in t    
 61 architecture section: :ref:`Documentation/arch    
 62                                                   
 63                                                   
 64 Attack scenarios                                  
 65 ----------------                                  
 66                                                   
 67 Attacks against the MDS vulnerabilities can be    
 68 privileged user space applications running on     
 69 guest OSes can obviously mount attacks as well    
 70                                                   
 71 Contrary to other speculation based vulnerabil    
 72 does not allow the attacker to control the mem    
 73 consequence the attacks are purely sampling ba    
 74 the TLBleed attack samples can be postprocesse    
 75                                                   
 76 Web-Browsers                                      
 77 ^^^^^^^^^^^^                                      
 78                                                   
 79   It's unclear whether attacks through Web-Bro    
 80   all. The exploitation through Java-Script is    
 81   but other widely used web technologies like     
 82   abused.                                         
 83                                                   
 84                                                   
 85 .. _mds_sys_info:                                 
 86                                                   
 87 MDS system information                            
 88 -----------------------                           
 89                                                   
 90 The Linux kernel provides a sysfs interface to    
 91 status of the system: whether the system is vu    
 92 mitigations are active. The relevant sysfs fil    
 93                                                   
 94 /sys/devices/system/cpu/vulnerabilities/mds       
 95                                                   
 96 The possible values in this file are:             
 97                                                   
 98   .. list-table::                                 
 99                                                   
100      * - 'Not affected'                           
101        - The processor is not vulnerable          
102      * - 'Vulnerable'                             
103        - The processor is vulnerable, but no m    
104      * - 'Vulnerable: Clear CPU buffers attemp    
105        - The processor is vulnerable but micro    
106          mitigation is enabled on a best effor    
107                                                   
108          If the processor is vulnerable but th    
109          based mitigation mechanism is not adv    
110          selects a best effort mitigation mode    
111          instructions without a guarantee that    
112                                                   
113          This is done to address virtualizatio    
114          microcode update applied, but the hyp    
115          expose the CPUID to the guest. If the    
116          protection takes effect; otherwise a     
117          pointlessly.                             
118      * - 'Mitigation: Clear CPU buffers'          
119        - The processor is vulnerable and the C    
120          enabled.                                 
121                                                   
122 If the processor is vulnerable then the follow    
123 to the above information:                         
124                                                   
125     ========================  ================    
126     'SMT vulnerable'          SMT is enabled      
127     'SMT mitigated'           SMT is enabled a    
128     'SMT disabled'            SMT is disabled     
129     'SMT Host state unknown'  Kernel runs in a    
130     ========================  ================    
131                                                   
132 Mitigation mechanism                              
133 -------------------------                         
134                                                   
135 The kernel detects the affected CPUs and the p    
136 which is required.                                
137                                                   
138 If a CPU is affected and the microcode is avai    
139 enables the mitigation by default. The mitigat    
140 time via a kernel command line option. See        
141 :ref:`mds_mitigation_control_command_line`.       
142                                                   
143 .. _cpu_buffer_clear:                             
144                                                   
145 CPU buffer clearing                               
146 ^^^^^^^^^^^^^^^^^^^                               
147                                                   
148   The mitigation for MDS clears the affected C    
149   space and when entering a guest.                
150                                                   
151   If SMT is enabled it also clears the buffers    
152   is only affected by MSBDS and not any other     
153   other variants cannot be protected against c    
154                                                   
155   For CPUs which are only affected by MSBDS th    
156   transition mitigations are sufficient and SM    
157                                                   
158 .. _virt_mechanism:                               
159                                                   
160 Virtualization mitigation                         
161 ^^^^^^^^^^^^^^^^^^^^^^^^^                         
162                                                   
163   The protection for host to guest transition     
164   vulnerability of the CPU:                       
165                                                   
166   - CPU is affected by L1TF:                      
167                                                   
168     If the L1D flush mitigation is enabled and    
169     available, the L1D flush mitigation is aut    
170     guest transition.                             
171                                                   
172     If the L1D flush mitigation is disabled th    
173     invoked explicit when the host MDS mitigat    
174                                                   
175     For details on L1TF and virtualization see    
176     :ref:`Documentation/admin-guide/hw-vuln//l    
177                                                   
178   - CPU is not affected by L1TF:                  
179                                                   
180     CPU buffers are flushed before entering th    
181     mitigation is enabled.                        
182                                                   
183   The resulting MDS protection matrix for the     
184                                                   
185   ============ ===== ============= ===========    
186    L1TF         MDS   VMX-L1FLUSH   Host MDS      
187                                                   
188    Don't care   No    Don't care    N/A           
189                                                   
190    Yes          Yes   Disabled      Off           
191                                                   
192    Yes          Yes   Disabled      Full          
193                                                   
194    Yes          Yes   Enabled       Don't care    
195                                                   
196    No           Yes   N/A           Off           
197                                                   
198    No           Yes   N/A           Full          
199   ============ ===== ============= ===========    
200                                                   
201   This only covers the host to guest transitio    
202   host to guest, but does not protect the gues    
203   have their own protections.                     
204                                                   
205 .. _xeon_phi:                                     
206                                                   
207 XEON PHI specific considerations                  
208 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                  
209                                                   
210   The XEON PHI processor family is affected by    
211   cross Hyper-Threads when entering idle state    
212   to use MWAIT in user space (Ring 3) which op    
213   for malicious user space. The exposure can b    
214   command line with the 'ring3mwait=disable' c    
215                                                   
216   XEON PHI is not affected by the other MDS va    
217   before the CPU enters a idle state. As XEON     
218   either disabling SMT is not required for ful    
219                                                   
220 .. _mds_smt_control:                              
221                                                   
222 SMT control                                       
223 ^^^^^^^^^^^                                       
224                                                   
225   All MDS variants except MSBDS can be attacke    
226   means on CPUs which are affected by MFBDS or    
227   disable SMT for full protection. These are m    
228   exception is XEON PHI, see :ref:`xeon_phi`.     
229                                                   
230   Disabling SMT can have a significant perform    
231   depends on the type of workloads.               
232                                                   
233   See the relevant chapter in the L1TF mitigat    
234   :ref:`Documentation/admin-guide/hw-vuln/l1tf    
235                                                   
236                                                   
237 .. _mds_mitigation_control_command_line:          
238                                                   
239 Mitigation control on the kernel command line     
240 ---------------------------------------------     
241                                                   
242 The kernel command line allows to control the     
243 time with the option "mds=". The valid argumen    
244                                                   
245   ============  ==============================    
246   full          If the CPU is vulnerable, enab    
247                 for the MDS vulnerability, CPU    
248                 userspace and when entering a     
249                 protected as well if SMT is en    
250                                                   
251                 It does not automatically disa    
252                                                   
253   full,nosmt    The same as mds=full, with SMT    
254                 CPUs.  This is the complete mi    
255                                                   
256   off           Disables MDS mitigations compl    
257                                                   
258   ============  ==============================    
259                                                   
260 Not specifying this option is equivalent to "m    
261 that are affected by both TAA (TSX Asynchronou    
262 specifying just "mds=off" without an accompany    
263 will have no effect as the same mitigation is     
264 vulnerabilities.                                  
265                                                   
266 Mitigation selection guide                        
267 --------------------------                        
268                                                   
269 1. Trusted userspace                              
270 ^^^^^^^^^^^^^^^^^^^^                              
271                                                   
272    If all userspace applications are from a tr    
273    execute untrusted code which is supplied ex    
274    can be disabled.                               
275                                                   
276                                                   
277 2. Virtualization with trusted guests             
278 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^             
279                                                   
280    The same considerations as above versus tru    
281                                                   
282 3. Virtualization with untrusted guests           
283 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^           
284                                                   
285    The protection depends on the state of the     
286    See :ref:`virt_mechanism`.                     
287                                                   
288    If the MDS mitigation is enabled and SMT is    
289    guest to guest attacks are prevented.          
290                                                   
291 .. _mds_default_mitigations:                      
292                                                   
293 Default mitigations                               
294 -------------------                               
295                                                   
296   The kernel default mitigations for vulnerabl    
297                                                   
298   - Enable CPU buffer clearing                    
299                                                   
300   The kernel does not by default enforce the d    
301   SMT systems vulnerable when running untruste    
302   for L1TF applies.                               
303   See :ref:`Documentation/admin-guide/hw-vuln/    
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php