[cip-dev] MDS and other speculation issues

[cip-dev] MDS and other speculation issues

[Ben Hutchings]

As with the earlier speculation vulnerabilities, I don't believe that
MDS should be a particularly severe issue for CIP-based systems.

Nevertheless, I have prepared a backport of the mitigations for MDS
(and some changes to the mitigations for other speculation issues) for 
4.4.  This was included in 4.4.180-rc1, which is out for review now.  I
did not have the chance to test this thoroughly, so review and testing
are needed.

Ben.

-- 
Ben Hutchings, Software Developer                ?        Codethink Ltd
https://www.codethink.co.uk/                 Dale House, 35 Dale Street
                                     Manchester, M1 2HF, United Kingdom

[cip-dev] MDS and other speculation issues

[nobuhiro1.iwamatsu at toshiba.co.jp]

Hi Ben,

> -----Original Message-----
> From: cip-dev-bounces at lists.cip-project.org
> [mailto:cip-dev-bounces at lists.cip-project.org] On Behalf Of Ben
> Hutchings
> Sent: Wednesday, May 15, 2019 8:34 PM
> To: cip-dev at lists.cip-project.org
> Subject: [cip-dev] MDS and other speculation issues
> 
> As with the earlier speculation vulnerabilities, I don't believe that
> MDS should be a particularly severe issue for CIP-based systems.
> 
> Nevertheless, I have prepared a backport of the mitigations for MDS (and
> some changes to the mitigations for other speculation issues) for 4.4.
> This was included in 4.4.180-rc1, which is out for review now.  I did
> not have the chance to test this thoroughly, so review and testing are
> needed.

Thank you for your work and information.
I'm just looking into a test tool for this issue, but please let me know what
you already know.

There is a spectre-meltdown-checker, but we can not do a detailed test with this.
https://github.com/speed47/spectre-meltdown-checker/

> 
> Ben.
> 
Best regards,
  Nobuhirio

[cip-dev] MDS and other speculation issues

[Ben Hutchings]

On Thu, 2019-05-16 at 00:44 +0000, nobuhiro1.iwamatsu at toshiba.co.jp wrote:
> Hi Ben,
> 
> > -----Original Message-----
> > From: cip-dev-bounces at lists.cip-project.org
> > > > [mailto:cip-dev-bounces at lists.cip-project.org] On Behalf Of Ben
> > Hutchings
> > Sent: Wednesday, May 15, 2019 8:34 PM
> > To: cip-dev at lists.cip-project.org
> > Subject: [cip-dev] MDS and other speculation issues
> > 
> > As with the earlier speculation vulnerabilities, I don't believe that
> > MDS should be a particularly severe issue for CIP-based systems.
> > 
> > Nevertheless, I have prepared a backport of the mitigations for MDS (and
> > some changes to the mitigations for other speculation issues) for 4.4.
> > This was included in 4.4.180-rc1, which is out for review now.??I did
> > not have the chance to test this thoroughly, so review and testing are
> > needed.
> 
> Thank you for your work and information.
> I'm just looking into a test tool for this issue, but please let me know what
> you already know.

There is proof-of-concept exploit code, but it's not yet public, so far
as I know.  Nor do I have a copy.

> There is a spectre-meltdown-checker, but we can not do a detailed test with this.
> https://github.com/speed47/spectre-meltdown-checker/

That uses kernel interfaces to identify the affected CPUs and any
mitigations that are enabled.  However, it does not test whether the
mitigation is actually effective, so it won't detect incomplete or
incorrect backports.

Ben.

-- 
Ben Hutchings, Software Developer                ?        Codethink Ltd
https://www.codethink.co.uk/                 Dale House, 35 Dale Street
                                     Manchester, M1 2HF, United Kingdom