In May 2019, four new microprocessor security flaws, known as "MDS"
(Microarchitectural Data Sampling) have been discovered. These flaws
affect unpatched Nova Compute nodes and instances running on Intel
x86_64 CPUs. The said security flaws are also referred to as "RIDL"
(Rogue In-Flight Data Load) and "Fallout".
Refer to the following pages for further details:
- https://access.redhat.com/security/vulnerabilities/mds
- https://mdsattacks.com/
- https://zombieloadattack.com/
* * *
If we're adding the guide for "MDS" flaws, then it begs the
question: "What about mitigation guides for previous vulnerabilities?"
Two points:
(a) Write the mitigation document for rest of the previous
vulnerabilities too, for completeness' sake. (In April 2018 I wrote
this doc[1] for Meltdown — polish it and submit it. Parts of that
document's content is already incorporated into the help text for
the config attribute `cpu_model_extra_flags`.)
(b) For now, we can live with the cliché, "something is better than
nothing"; we'll add the other docs "when we get to it". Meanwhile,
operators get mitigation details from various other places —
processor vendors, Linux distributions, etc.
[1] https://kashyapc.fedorapeople.org/Reducing-OpenStack-Guest-Perf-Impact-from-Meltdown.txt
Change-Id: I1bb472c3438cc9a91945999d2350b2c59fa6a1f3
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
Kashyap Chamarthy
f394703f7e