Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2e4c5489 authored by speck for Pawan Gupta's avatar speck for Pawan Gupta Committed by Greg Kroah-Hartman
Browse files

x86/mds: Add MDSUM variant to the MDS documentation 



commit e672f8bf71c66253197e503f75c771dd28ada4a0 upstream

Updated the documentation for a new CVE-2019-11091 Microarchitectural Data
Sampling Uncacheable Memory (MDSUM) which is a variant of
Microarchitectural Data Sampling (MDS). MDS is a family of side channel
attacks on internal buffers in Intel CPUs.

MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from
memory that takes a fault or assist can leave data in a microarchitectural
structure that may later be observed using one of the same methods used by
MSBDS, MFBDS or MLPDS. There are no new code changes expected for MDSUM.
The existing mitigation for MDS applies to MDSUM as well.

Signed-off-by: default avatarPawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Reviewed-by: default avatarTyler Hicks <tyhicks@canonical.com>
Reviewed-by: default avatarJon Masters <jcm@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 12a0dad7

Documentation/admin-guide/hw-vuln/mds.rst

+3 −2
Original line number Diff line number Diff line
@@ -32,11 +32,12 @@ Related CVEs 


The following CVE entries are related to the MDS vulnerability:



   ==============  =====  ==============================================

   ==============  =====  ===================================================

   CVE-2018-12126  MSBDS  Microarchitectural Store Buffer Data Sampling

   CVE-2018-12130  MFBDS  Microarchitectural Fill Buffer Data Sampling

   CVE-2018-12127  MLPDS  Microarchitectural Load Port Data Sampling

   ==============  =====  ==============================================

   CVE-2019-11091  MDSUM  Microarchitectural Data Sampling Uncacheable Memory

   ==============  =====  ===================================================



Problem

-------

Documentation/x86/mds.rst

+5 −0
Original line number Diff line number Diff line
@@ -12,6 +12,7 @@ on internal buffers in Intel CPUs. The variants are: 
 - Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)

 - Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)

 - Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)

 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)



MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a

dependent load (store-to-load forwarding) as an optimization. The forward
@@ -38,6 +39,10 @@ faulting or assisting loads under certain conditions, which again can be 
exploited eventually. Load ports are shared between Hyper-Threads so cross

thread leakage is possible.



MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from

memory that takes a fault or assist can leave data in a microarchitectural

structure that may later be observed using one of the same methods used by

MSBDS, MFBDS or MLPDS.



Exposure assumptions

--------------------