]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob - queue-4.9/0072-x86-mds-Add-MDSUM-variant-to-the-MDS-documentation.patch
4.9-stable patches
[thirdparty/kernel/stable-queue.git] / queue-4.9 / 0072-x86-mds-Add-MDSUM-variant-to-the-MDS-documentation.patch
1 From c06838407a09b2f8c1fca01e30ea4a8eb9c5a5b9 Mon Sep 17 00:00:00 2001
2 From: speck for Pawan Gupta <speck@linutronix.de>
3 Date: Mon, 6 May 2019 12:23:50 -0700
4 Subject: [PATCH 72/76] x86/mds: Add MDSUM variant to the MDS documentation
5
6 commit e672f8bf71c66253197e503f75c771dd28ada4a0 upstream.
7
8 Updated the documentation for a new CVE-2019-11091 Microarchitectural Data
9 Sampling Uncacheable Memory (MDSUM) which is a variant of
10 Microarchitectural Data Sampling (MDS). MDS is a family of side channel
11 attacks on internal buffers in Intel CPUs.
12
13 MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from
14 memory that takes a fault or assist can leave data in a microarchitectural
15 structure that may later be observed using one of the same methods used by
16 MSBDS, MFBDS or MLPDS. There are no new code changes expected for MDSUM.
17 The existing mitigation for MDS applies to MDSUM as well.
18
19 Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
20 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
21 Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
22 Reviewed-by: Jon Masters <jcm@redhat.com>
23 [bwh: Backported to 4.9: adjust filename]
24 Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
25 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
26 ---
27 Documentation/hw-vuln/mds.rst | 5 +++--
28 Documentation/x86/mds.rst | 5 +++++
29 2 files changed, 8 insertions(+), 2 deletions(-)
30
31 diff --git a/Documentation/hw-vuln/mds.rst b/Documentation/hw-vuln/mds.rst
32 index aec9e49256b5..5e92eca5c0a7 100644
33 --- a/Documentation/hw-vuln/mds.rst
34 +++ b/Documentation/hw-vuln/mds.rst
35 @@ -32,11 +32,12 @@ Related CVEs
36
37 The following CVE entries are related to the MDS vulnerability:
38
39 - ============== ===== ==============================================
40 + ============== ===== ===================================================
41 CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling
42 CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling
43 CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling
44 - ============== ===== ==============================================
45 + CVE-2019-11091 MDSUM Microarchitectural Data Sampling Uncacheable Memory
46 + ============== ===== ===================================================
47
48 Problem
49 -------
50 diff --git a/Documentation/x86/mds.rst b/Documentation/x86/mds.rst
51 index 3d6f943f1afb..979945be257a 100644
52 --- a/Documentation/x86/mds.rst
53 +++ b/Documentation/x86/mds.rst
54 @@ -12,6 +12,7 @@ on internal buffers in Intel CPUs. The variants are:
55 - Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
56 - Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
57 - Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)
58 + - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)
59
60 MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a
61 dependent load (store-to-load forwarding) as an optimization. The forward
62 @@ -38,6 +39,10 @@ faulting or assisting loads under certain conditions, which again can be
63 exploited eventually. Load ports are shared between Hyper-Threads so cross
64 thread leakage is possible.
65
66 +MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from
67 +memory that takes a fault or assist can leave data in a microarchitectural
68 +structure that may later be observed using one of the same methods used by
69 +MSBDS, MFBDS or MLPDS.
70
71 Exposure assumptions
72 --------------------
73 --
74 2.21.0
75