Diff for /wikisrc/security/intel_mds.mdwn between versions 1.3 and 1.4

version 1.3, 2019/05/14 17:27:04 version 1.4, 2019/05/14 17:35:13
Line 1 Line 1
 #NetBSD Security Update for amd64 Port (X86_64) Architecture - 20190514  [[!meta title="Intel MDS"]]
   
   #NetBSD Security Update for amd64 Port (X86_64) Architecture - 20190514
   
 ###Description  ###Description
 Details and mitigation information about a sub-class of speculative execution  Details and mitigation information about a sub-class of speculative execution
Line 8  hardware starting with select 8th and 9t Line 9  hardware starting with select 8th and 9t
 well as the 2nd Generation Intel® Xeon® Scalable Processor Family.  well as the 2nd Generation Intel® Xeon® Scalable Processor Family.
   
 Please refer to the Intel Security Advisory 00233 is located at:  Please refer to the Intel Security Advisory 00233 is located at:
 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html  [Intel website](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html).
   
 This update is mitigation for the following CVEs:  This update is mitigation for the following CVEs:
   
Line 30  This update is mitigation for the follow Line 31  This update is mitigation for the follow
 **NetBSD-7, and all the anterior releases, have no planned fixes.**  **NetBSD-7, and all the anterior releases, have no planned fixes.**
   
 [[!table data="""  [[!table data="""
 Port            |Vendor/Model   |MDS    |NetBSD-8       |NetBSD-current  Port            |Vendor/Model   |MDS            |NetBSD-8               |NetBSD-current
 amd64   |Intel          |Vulnerable     |Fixed [VERW][smtoff]   |Fixed [VERW][smtoff]  amd64           |Intel          |Vulnerable     |Fixed [VERW][smtoff]   |Fixed [VERW][smtoff]
 """]]  """]]
   
   
 ###Mitigation  ###Mitigation
 The mitigation for MDS depends on the Intel CPU model and available microcode  The mitigation for MDS depends on the Intel CPU model and available microcode
 or motherboard BIOS revision.  or motherboard BIOS revision.
Line 50  can put **smtoff=YES** in your */etc/rc. Line 50  can put **smtoff=YES** in your */etc/rc.
 ###Enabling the mitigation  ###Enabling the mitigation
   
 The two following sysctls are now available:  The two following sysctls are now available:
         machdep.mds.mitigated = {0/1} user-settable  
         machdep.mds.method = {string} constructed by the kernel  [[!template id=programlisting text="""
   machdep.mds.mitigated = {0/1} user-settable
   machdep.mds.method = {string} constructed by the kernel
   """]]
   
 If the BIOS has the MDS update, then NetBSD will have set machdep.mds.mitigated=1 automatically.    If the BIOS has the MDS update, then NetBSD will have set machdep.mds.mitigated=1 automatically.  
   
 To manually enable the check, use  sysctl -w machdep.mds.mitigated=1.  NetBSD  To manually enable the check, use "sysctl -w machdep.mds.mitigated=1".  NetBSD
 will then determine if it can apply the available mitigation.  When set to 0, then  will then determine if it can apply the available mitigation.  When set to 0, then
 NetBSD will disable the mitigation.  NetBSD will disable the mitigation.
   

Removed from v.1.3  
changed lines
  Added in v.1.4


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb