You are not logged in.
- Topics: Active | Unanswered
#1 2023-07-14 11:53:32
- Ferdinand
- Member
- From: Norway
- Registered: 2020-01-02
- Posts: 338
Ignoring CPU vulnerabilities related to cross-thread data leakage?
It seems my Intel Core i7-6500U is vulnerable to Microarchitectural Data Sampling (MDS), L1 Terminal Fault (L1TF) and Processor MMIO Stale Data:
$ grep . -r /sys/devices/system/cpu/vulnerabilities/
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: IBRS, IBPB: conditional, STIBP: conditional, RSB filling, PBRSB-eIBRS: Not affected
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:KVM: Mitigation: VMX disabled
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data:Mitigation: Clear CPU buffers; SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/mds:Mitigation: Clear CPU buffers; SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/retbleed:Mitigation: IBRS
/sys/devices/system/cpu/vulnerabilities/srbds:Mitigation: Microcode
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
$From the linked descriptions I get the understanding that these vulnerabilities are exclusively about data leakage through CPU buffers and caches shared between threads on the same core, i.e. compromization of confidentiality (with quite a narrow window to peek through), and I see no scenarios where an attack can modify any aspect of the host.
If that is true, then the full protection mitigation of disabling SMT, seems rather excessive (which is why the kernel doesn't disable it by default upon detecting the vulnerabilities).
Hence, I'm inclined to accept the vulnerability; if somebody actually manages to squeeze out my credit card number this way, they can have it 
It seems these vulnerabilities are quite common, and probably affect many Arch users, so I'd like to seek your advice: Does this make sense to you, or do you see any problems related to this that I have overlooked or misunderstood?
Offline
#2 2023-07-17 20:31:10
- RandomRanger
- Member
- Registered: 2023-06-26
- Posts: 42
Re: Ignoring CPU vulnerabilities related to cross-thread data leakage?
Personally I'm not convinced that the risk mitigation is worth the cost. Last I heard the (way back when it was discovered) was that the "Fix" could have up to a 30% performance hit. Personally, if I feel like running my own kernel I turn it off. Granted, this is on a personal laptop, if I was running a server, AWS instance, or etc. I would definitely leave it on.
Any sufficiently advanced magic is indistinguishable from science.
Offline