The BSDs Get Promptly Mitigated For The MDS Side-Channel Vulnerabilities

Written by Michael Larabel in BSD on 15 May 2019 at 09:09 AM EDT. 10 Comments
BSD
When Spectre and Meltdown came to light, there was some frustrations in the BSD community that it took time for them to be briefed and ultimately handling the mitigations for these CPU security vulnerabilities. Fortunately, with the new Microarchitectural Data Sampling (MDS, also dubbed "Zombieload") vulnerabilities, the key BSDs have seen punctual patches.

FreeBSD on Tuesday issued a security advisory that does include patches and additional guidance. FreeBSD's guidance is also recommending the disabling of Hyper Threading for systems with users/processors in different trust domains. FreeBSD also provides instructions on setting up the loading of the latest Intel CPU microcode files and applying patches for FreeBSD 12 and 11 series.

NetBSD and DragonFlyBSD have also been mitigated with DragonFlyBSD basing their work on the former's patch. That is now in their Git code. Besides needing to update the CPU microcode, a new sysctl knob needs to be flipped on. Without the microcode update, DragonFlyBSD also recommends disabling the Hyper Threading. Matthew Dillon warns, "This mitigation burns around 250nS of additional latency on kernel to user transitions (system calls and interrupts primarily)."

I'll have out my initial MDS benchmarks on Thursday based on the new Linux kernel releases.
10 Comments
Related News
FreeBSD 14.2 Released With OpenZFS Upgrade, Installer Improvements
FreeBSD 14.2-RC1 Brings Install Image Improvements
FreeBSD 14.2 Beta 3 Released - FreeBSD Now Publishing OCI Container Images
FreeBSD Reduces OS Support From 5 To 4 Years, Continues Collaboration With AMD
FreeBSD 14.2 Beta 1 Released To Work Toward This Next Release
OpenBSD 7.6 Released With AVX-512, Initial Support For Snapdragon X Elite SoCs
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
Rustls Multi-Threaded Performance Is Battering OpenSSL
Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience
KDE Starts December By Landing A Number Of New Features
Linux 6.12 Officially Promoted To Being An LTS Kernel