6f58e3c81d
It mainly comes with some mitigation for MDS[1][3][4][5], for best result a microupdate of the CPU is required, else the kernel falls back to some "best effort mitigation", trying to clear the CPU buffers on kernel/userspace, hypervisor/guest and C-state (idle) transitions. With this applied you will have a new file in sysfs to get the mitigation state of the server regarding MDS: $ cat /sys/devices/system/cpu/vulnerabilities/mds Microcode updates should come available in stretch with 3.20190514.1~deb9u1 [2] version currently only tagged[2], but not yet released. [1]: https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html#mitigation-strategy [2]: https://salsa.debian.org/hmh/intel-microcode/commits/debian/3.20190514.1_deb9u1 [3]: https://mdsattacks.com/ [4]: https://cpu.fail/ [5]: https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> |
||
|---|---|---|
| .. | ||
| ubuntu-bionic@410b374872 | ||
| zfsonlinux@5e3e80687e | ||