* [MODERATED] SRBDS on IvyBridge
@ 2020-06-09 20:12 Andrew Cooper
0 siblings, 0 replies; only message in thread
From: Andrew Cooper @ 2020-06-09 20:12 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 645 bytes --]
It has recently become clear that IvyBridge isn't getting microcode to
address this issue.
This has caused me to start taking remediation actions for Xen. It
occurs to me that the same will work for Linux.
For the virt case, hiding the RDRAND CPUID bit will work around the
problem, by not allowing unwitting software to use RDRAND when it might
be snooped upon.
IvyBridge CPUs also support CPUID Faulting (tracked by
X86_FEATURE_CPUID_FAULT), which means the same technique could be
applied to native userspace software. There is already a PRCTL
(ARCH_SET_CPUID) to do this, which could be extended.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-06-09 20:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-09 20:12 [MODERATED] SRBDS on IvyBridge Andrew Cooper
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).