MDS CPU bug present and SMT on, data leak possible

[superloopy1]

This message is being logged to my syslog, what does it mean and is any action required?

 

I have looked at a few references online, its been around since 2019 apparently but as i never had a 'vulnerable' cpu config until now i've never seen it. Seems to affect a good few xeon processors so i'm trusting that this has been seen before now but a quick search on here came up with no results for me. Can anyone advise?

[Squid]

MDS / SMT are "bugs" that affect a good chunk of processors, whereby it's theoretically possible for malicious software to be able to determine the contents of memory locations (Spectre, Meltdown et al)

 

The SMT you can address by disabling all the hyperthreading cores within your BIOS.  MDS is probably being mitigated via the kernel.

 

Since all these mitigations will lower your effective processing power (especially disabling SMT), it's really up to you whether or not you handle this or not.  If you're presumably not running a bank out of your house (or currently have an FISA order against you [not that the gov't is required to tell you about that, but that's a completely different story]), then very highly doubtful you would ever be subjected to an attack via these vectors.  

 

You can disable all the mitigations and regain the CPU power you paid for via the Disable Mitigations plugin.

 

On the other hand, if you are running a bank, and/or planning world domination and/or a terrorist attack against the creators of the Teletubbies, then you definitely do want to disable SMT, keep all the kernel mitigations and probably upgrade your processor to something that's not vulnerable.  (Note: tin foil hat wearing also falls under the above)

 

It's really all up to you and the risk you're willing to entail (no matter how small)

[superloopy1]

I'm confused .... just a lowdown home user, not serving vm's or anything else to anyone. I'm guessing i'm safe to install this, yes? I'd like not to see the errors in my syslog, will this suppress these, i'm doubting it.

[Squid]

Pretty much anything the OS kernel is capable of mitigating is already being done (with the exception of disabling SMT).  

 

These are valid attack vectors for malicious players to make use of to possibly determine the contents of a memory location which the program doesn't have access to.  Realistically though, even if you were running a bank in your house, the odds of actually discerning any private information that would be of use is very (very) low, but not zero.

 

A financial institution has no choice but to close all possible vectors.  As a normal user it's up to you.  The performance hit (depending upon what the kernel has to do etc) is up to 15%.  With the power of CPUs being what they are, you may not even notice it.

 

TLDR: Don't worry about it.

[superloopy1]

I wont then .... i'll 'let it be' and get on with life. I've got a 32 core cpu doing zilch so doubt i'll miss the mitigated horsepower.

[Vetteman]

Checking my syslogs on my registered UNRAID server (I7-4700S) and on my trial UNRAID server (Xeon E-1240) reports  "MDS CPU bug present and SMT on".

 

Searching the forum here landed me on this thread.

 

So can I assume that this bug is disabled in UNRAID by Limetech or in the Linux kernet by Kernel.org?

 

and I think my hyperthreading is being throttled, to install the "Disable Mitigations" plugin?

 

Sorry for waking up an older thread, but I thought it made more sense to post in this thread, then start a new.

 

Cheers and many thanks...