arch/x86/mds.rst

7 --------
12  - Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
13  - Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
14  - Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)
15  - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)
18 dependent load (store-to-load forwarding) as an optimization. The forward
21 buffers are partitioned between Hyper-Threads so cross thread forwarding is
28 operation and also write data to the cache. When the fill buffer is
32 Hyper-Threads so cross thread leakage is possible.
39 exploited eventually. Load ports are shared between Hyper-Threads so cross
43 memory that takes a fault or assist can leave data in a microarchitectural
48 --------------------
54  - to control the load to trigger a fault or assist
56  - to have a disclosure gadget which exposes the speculatively accessed
59  - to control the pointer through which the disclosure gadget exposes the
71 -------------------
90 This does not protect against cross Hyper-Thread attacks except for MSBDS
91 which is only exploitable cross Hyper-thread when one of the Hyper-Threads
92 enters a C-state.
98 Also macro CLEAR_CPU_BUFFERS can be used in ASM late in exit-to-user path.
101 The mitigation is invoked on kernel/userspace, hypervisor/guest and C-state
116 --------------------------------
137 -----------------
154    exit-to-user path is expected to do that anyways. But, there could be
155    a case when an NMI is generated in kernel after the exit-to-user path
162    3. It would take a large number of these precisely-timed NMIs to mount
170 2. C-State transition
173    When a CPU goes idle and enters a C-State the CPU buffers need to be
175    repartitioning of the store buffer when one of the Hyper-Threads enters
176    a C-State.
183    protected against cross Hyper-Thread attacks because the Fill Buffer and
192    The buffer clear is only invoked before entering the C-State to prevent
193    that stale data from the idling CPU from spilling to the Hyper-Thread
204    not cover the legacy ACPI IO-Port mechanism because the ACPI idle driver
207    functionality in microcode. Aside of that the IO-Port mechanism is a