Uploaded image for project: 'FreeNAS / TrueNAS'
  1. FreeNAS / TrueNAS
  2. NAS-101878

Add Intel MDS mitigation to address FreeBSD-SA-19:07

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Done (View Workflow)
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: 11.2-U4
    • Fix Version/s: 11.2-U5
    • Component/s: OS
    • Labels:
      None
    • Attempts to pass:
      1
    • Testing System:
      X10-HA
    • QA Status:
      Test Passes TrueNAS
    • Acceptance Criteria:
      Hide
      By default the code should change nothing and `sysctl hw.mds_disable_state` should report "inactive". Enabling it by setting sysctl/tunable hw.mds_disable to 3 should result in "VERW" reporting if microcode is update or "software ..." otherwise. Software mitigation may affect syscall latency (performance).
      Show
      By default the code should change nothing and `sysctl hw.mds_disable_state` should report "inactive". Enabling it by setting sysctl/tunable hw.mds_disable to 3 should result in "VERW" reporting if microcode is update or "software ..." otherwise. Software mitigation may affect syscall latency (performance).
    • Doc Engineer:
      Dru Lavigne
    • Doc Commit Version:
      11.2-legacy, 11.2-angular
    • Docs Complete:
      Yes

      Description

      Mitigation for Microarchitectural Data Sampling includes two parts: software patch and preferably also CPU microcode update.  Without microcode update mitigation is also possible, but consumes more CPU resources.  This patch does not enable mitigation by default, but provides loader tunable and sysctl hw.mds_disable which can be used to activate different ways of mitigation (0 - off, 1 - on VERW, 2 - on SW, 3 - on AUTO).

        Attachments

          Container Issues

            Activity

              People

              • Assignee:
                mav Alexander Motin
                Reporter:
                mav Alexander Motin
                QE Engineer:
                Bonnie Follweiler
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Summary Panel