OS-7801: bhyve should expose MD_CLEAR capability

Details

Issue Type:Improvement
Priority:4 - Normal
Status:Resolved
Created at:2019-05-16T18:37:56.192Z
Updated at:2019-05-22T18:42:59.200Z

People

Created by:Patrick Mooney [X]
Reported by:Patrick Mooney [X]
Assigned to:Patrick Mooney [X]

Resolution

Fixed: A fix for this issue is checked into the tree and tested.
(Resolution Date: 2019-05-17T19:12:21.109Z)

Fix Versions

2019-05-23 Spaceman (Release Date: 2019-05-23)

Related Links

Labels

bhyve

Description

With the disclosure of the MDS Intel vulnerability, bhyve should expose the MD_CLEAR capability so that guests can use it for mitigating data leakage across privilege domains.

Comments

Comment by Patrick Mooney [X]
Created at 2019-05-17T13:16:05.466Z
Updated at 2019-05-17T13:16:14.929Z

To test this change, I booted up a vulnerable (Ivy Bridge) machine on the new PI (which also features the ucode that enables MD_CLEAR). I checked that a Linux bhyve guest reported having the md_clear feature in its /proc/cpuinfo.


Comment by Patrick Mooney [X]
Created at 2019-05-17T17:32:53.087Z

After updating a Windows guest, I used the steps detailed at the end of this KB to check that it too detected the MDS vulnerability and MD_CLEAR availability:
https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot

Install the PowerShell Module:

PS> Install-Module SpeculationControl

Run the PowerShell module to verify that protections are enabled:

PS> # Save the current execution policy so it can be reset
PS> $SaveExecutionPolicy = Get-ExecutionPolicy
PS> Set-ExecutionPolicy RemoteSigned -Scope Currentuser
PS> Import-Module SpeculationControl
PS> Get-SpeculationControlSettings
PS> # Reset the execution policy to the original state
PS> Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

Comment by Jira Bot
Created at 2019-05-17T19:08:20.930Z

illumos-joyent commit 8bab6c89a8b6b113b13e1cca5a6dc469de70ef77 (branch master, by Patrick Mooney)

OS-7801 bhyve should expose MD_CLEAR capability
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Approved by: Jerry Jelinek <jerry.jelinek@joyent.com>