An MDS reading list
We contemplated putting together an LWN article on the "microarchitectural
data sampling" (MDS) vulnerabilities, as we've done for past
speculative-execution issues. But the truth of the matter is that it's
really more of the same, and there is a lot of material out there on the
net already. So, for those who would like to learn more, here's a list of
resources.
(Log in to post comments)
- This page from the kernel documentation contains a fairly detailed description of the problem and this page has mitigation information.
- ZombieLoadAttack.com
describes the ZombieLoad MDS attack and, in particular, contains this paper
[PDF] from Michael Schwarz et al. with the details.
- mdsattacks.com holds academic papers on the Fallout [PDF] (Marina Minkin et al.) and RIDL [PDF] (Stephan van Schaik et al.) attacks.
- Jon Masters has written an overview article complete with a three-minute video on the vulnerabilities and their exploits. For those wanting more Masters, there is also a longer video that goes deeper.
- Here is Intel's "deep dive" into the MDS vulnerabilities.
- Cyberus Technology has put up an overview article that discusses some of the possible attacks enabled by the MDS vulnerabilities.
(Log in to post comments)
An MDS reading list
Posted May 15, 2019 19:00 UTC (Wed) by jcm (subscriber, #18262) [Link]
One of my favorite things to do over the past few months has been to read every (mostly expired) Intel patent on memory uarch since 1993. If you go through them, it's enough to explain how they implement fill and store buffers, assists, and the like. None of this is otherwise documented. But it's great bedtime reading.
An MDS reading list
Posted May 16, 2019 9:34 UTC (Thu) by sagi (subscriber, #64671) [Link]
I’d be interested to understand the rough impact of mitigation on performance for a number of use-cases, say: modern laptop with web browser, containerisation and/or process isolation, and virtualisation with untrusted guests.
Is this mitigation better or worse than some of the others before it? And to what degree is performance improvement expected?
Any pointers other may have come across are appreciated!
An MDS reading list
Posted May 16, 2019 11:21 UTC (Thu) by tureba (subscriber, #108208) [Link]
The PostgreSQL people have begun their measurements: https://www.postgresql.org/message-id/flat/20190514223052...