| From cbff705bb8120ae6d874e9d71edd0385135ddf8f Mon Sep 17 00:00:00 2001 |
| From: speck for Pawan Gupta <speck@linutronix.de> |
| Date: Mon, 6 May 2019 12:23:50 -0700 |
| Subject: [PATCH 28/30] x86/mds: Add MDSUM variant to the MDS documentation |
| |
| commit e672f8bf71c66253197e503f75c771dd28ada4a0 upstream |
| |
| Updated the documentation for a new CVE-2019-11091 Microarchitectural Data |
| Sampling Uncacheable Memory (MDSUM) which is a variant of |
| Microarchitectural Data Sampling (MDS). MDS is a family of side channel |
| attacks on internal buffers in Intel CPUs. |
| |
| MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from |
| memory that takes a fault or assist can leave data in a microarchitectural |
| structure that may later be observed using one of the same methods used by |
| MSBDS, MFBDS or MLPDS. There are no new code changes expected for MDSUM. |
| The existing mitigation for MDS applies to MDSUM as well. |
| |
| Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> |
| Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
| Reviewed-by: Tyler Hicks <tyhicks@canonical.com> |
| Reviewed-by: Jon Masters <jcm@redhat.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| Documentation/admin-guide/hw-vuln/mds.rst | 5 +++-- |
| Documentation/x86/mds.rst | 5 +++++ |
| 2 files changed, 8 insertions(+), 2 deletions(-) |
| |
| diff --git a/Documentation/admin-guide/hw-vuln/mds.rst b/Documentation/admin-guide/hw-vuln/mds.rst |
| index 244ab47d1fb3..e0dccf414eca 100644 |
| --- a/Documentation/admin-guide/hw-vuln/mds.rst |
| +++ b/Documentation/admin-guide/hw-vuln/mds.rst |
| @@ -32,11 +32,12 @@ Related CVEs |
| |
| The following CVE entries are related to the MDS vulnerability: |
| |
| - ============== ===== ============================================== |
| + ============== ===== =================================================== |
| CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling |
| CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling |
| CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling |
| - ============== ===== ============================================== |
| + CVE-2019-11091 MDSUM Microarchitectural Data Sampling Uncacheable Memory |
| + ============== ===== =================================================== |
| |
| Problem |
| ------- |
| diff --git a/Documentation/x86/mds.rst b/Documentation/x86/mds.rst |
| index 3d6f943f1afb..979945be257a 100644 |
| --- a/Documentation/x86/mds.rst |
| +++ b/Documentation/x86/mds.rst |
| @@ -12,6 +12,7 @@ on internal buffers in Intel CPUs. The variants are: |
| - Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126) |
| - Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130) |
| - Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127) |
| + - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091) |
| |
| MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a |
| dependent load (store-to-load forwarding) as an optimization. The forward |
| @@ -38,6 +39,10 @@ faulting or assisting loads under certain conditions, which again can be |
| exploited eventually. Load ports are shared between Hyper-Threads so cross |
| thread leakage is possible. |
| |
| +MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from |
| +memory that takes a fault or assist can leave data in a microarchitectural |
| +structure that may later be observed using one of the same methods used by |
| +MSBDS, MFBDS or MLPDS. |
| |
| Exposure assumptions |
| -------------------- |
| -- |
| 2.21.0 |
| |