The BSDs Get Promptly Mitigated For The MDS Side-Channel Vulnerabilities
![BSD](/assets/categories/bsd.webp)
FreeBSD on Tuesday issued a security advisory that does include patches and additional guidance. FreeBSD's guidance is also recommending the disabling of Hyper Threading for systems with users/processors in different trust domains. FreeBSD also provides instructions on setting up the loading of the latest Intel CPU microcode files and applying patches for FreeBSD 12 and 11 series.
NetBSD and DragonFlyBSD have also been mitigated with DragonFlyBSD basing their work on the former's patch. That is now in their Git code. Besides needing to update the CPU microcode, a new sysctl knob needs to be flipped on. Without the microcode update, DragonFlyBSD also recommends disabling the Hyper Threading. Matthew Dillon warns, "This mitigation burns around 250nS of additional latency on kernel to user transitions (system calls and interrupts primarily)."
I'll have out my initial MDS benchmarks on Thursday based on the new Linux kernel releases.
10 Comments