admin-guide/hw-vuln/mds.rst

1 MDS - Microarchitectural Data Sampling
23 Whether a processor is affected or not can be read out from the MDS
26 Not all processors are affected by all variants of MDS, but the mitigation
33 The following CVE entries are related to the MDS vulnerability:
60 Deeper technical information is available in the MDS specific x86
67 Attacks against the MDS vulnerabilities can be mounted from malicious non-
71 Contrary to other speculation based vulnerabilities the MDS vulnerability
87 MDS system information
90 The Linux kernel provides a sysfs interface to enumerate the current MDS
148   The mitigation for MDS clears the affected CPU buffers on return to user
152   is only affected by MSBDS and not any other MDS variant, because the
172     If the L1D flush mitigation is disabled then the MDS mitigation is
173     invoked explicit when the host MDS mitigation is enabled.
180     CPU buffers are flushed before entering the guest when the host MDS
183   The resulting MDS protection matrix for the host to guest transition:
186    L1TF         MDS   VMX-L1FLUSH   Host MDS     MDS-State
216   XEON PHI is not affected by the other MDS variants and MSBDS is mitigated
225   All MDS variants except MSBDS can be attacked cross Hyper-Threads. That
242 The kernel command line allows to control the MDS mitigations at boot
247 		for the MDS vulnerability, CPU buffer clearing on exit to
256   off		Disables MDS mitigations completely.
261 that are affected by both TAA (TSX Asynchronous Abort) and MDS,
288    If the MDS mitigation is enabled and SMT is disabled, guest to host and