Daisuke
Contributor
- Joined
- Jun 23, 2011
- Messages
- 1,041
I created NAS-119450. I see this error in my Dell R720xd Bluefin 22.12.0
What's the correct way to apply in Bluefin the change:
I don't see anything relevant into
dmesg
output:Code:
# dmesg | grep 'data leak' [ 0.434138] MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details. # cat /sys/devices/system/cpu/vulnerabilities/mds Mitigation: Clear CPU buffers; SMT vulnerable
What's the correct way to apply in Bluefin the change:
Code:
GRUB_CMDLINE_LINUX_DEFAULT="quiet mds=full,nosmt"
I don't see anything relevant into
/etc/grub.d
. Running on latest BIOS release, I did some research and setting mds=full,nosmt
will minimally impact performance. Attacks against the MDS vulnerabilities can be mounted from malicious non priviledged user space applications running on hosts or guest. Malicious guest OSes can obviously mount attacks as well.intel-microcode
is newer than 20190514, so this issue should be already fixed. MDS mitigation should be enabled by default after booting the system with current kernel and intel-microcode
packages.Code:
# dpkg -s intel-microcode Package: intel-microcode Status: install ok installed Priority: standard Section: non-free/admin Installed-Size: 5809 Maintainer: Henrique de Moraes Holschuh <hmh@debian.org> Architecture: amd64 Version: 3.20220510.1~deb11u1 Depends: iucode-tool (>= 1.0) Recommends: initramfs-tools (>= 0.113~) Conflicts: microcode.ctl (<< 0.18~0) Conffiles: /etc/default/intel-microcode 6a68a0e6e2d2ef001f1a374ece3c8558 /etc/kernel/preinst.d/intel-microcode 4324b7d12701909b3a76bb5c6468a571 /etc/modprobe.d/intel-microcode-blacklist.conf 71327241f6583b34944e638a955aba91 Description: Processor microcode firmware for Intel CPUs This package contains updated system processor microcode for Intel i686 and Intel X86-64 processors. Intel releases microcode updates to correct processor behavior as documented in the respective processor specification updates. . For AMD processors, please refer to the amd64-microcode package. Homepage: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
Last edited: