Opened 5 years ago
#15064 new bug
Mitigate ZombieLoad and other MDS (Microarchitectural Data Sampling) Intel vulnerabilities
| Reported by: | waddlesplash | Owned by: | nobody |
|---|---|---|---|
| Priority: | normal | Milestone: | Unscheduled |
| Component: | System/Kernel | Version: | R1/Development |
| Keywords: | security | Cc: | |
| Blocked By: | Blocking: | ||
| Platform: | All |
Description
The fix is to use the VERW instruction with patched microcode on kernel exit; this flushes the relevant buffers.
NetBSD's fix: https://github.com/NetBSD/src/commit/afab82aeafd0c51afc036a8b35dd0ed428b2885b
We already have a kernel altcodepatch mechanism for SMAP, so we can use that here for the vulerable CPUs as well.
Note:
See TracTickets
for help on using tickets.
