OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: franco on May 17, 2019, 10:01:23 am

Title: [CALL FOR TESTING] Microarchitectural Data Sampling (MDS) patch
Post by: franco on May 17, 2019, 10:01:23 am

Hi everyone,

I'm sure you've heard another Intel CPU bug class is making its rounds. Amongst them is https://zombieloadattack.com/

We would like to get your early feedback for Monday's patching using this call for testing for the to be shipped operating system update. To apply the upcoming patch you can use the following commands from the shell which will install both the base (-b) and kernel (-k) to be included in 19.1.8 (-r):

# opnsense-update -r 19.1.8 -b -k
# opnsense-shell reboot

All feedback for amd64 and i386 architectures is appreciated. Let us know you're running the patch under what architecture and possibly hardware even if it works fine. You can check the install state with the uname utility after reboot:

# uname -a
FreeBSD host.domain 11.2-RELEASE-p10-HBSD FreeBSD 11.2-RELEASE-p10-HBSD  5e5adf26fc3(stable/19.1)  amd64

Read more about the MDS patch and subsequent microcode updates via FreeBSD's security advisory:

https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc


Thank you,
Franco

Title: Re: [CALL FOR TESTING] Microarchitectural Data Sampling (MDS) patch
Post by: mimugmail on May 17, 2019, 02:16:47 pm

Tested with:

- Virtualbox CPU: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz (3192.08-MHz K8-class CPU)
- OpenStack VPS CPU: AMD Opteron 62xx class CPU (2800.17-MHz K8-class CPU)
- Thomas Krenn Les Network CPU: Intel(R) Celeron(R) CPU  J1900  @ 1.99GHz (2000.05-MHz K8-class CPU)
- Sophos SG115 CPU: Intel(R) Atom(TM) CPU N450   @ 1.66GHz (1666.71-MHz K8-class CPU)

Title: Re: [CALL FOR TESTING] Microarchitectural Data Sampling (MDS) patch
Post by: Ralf Kirmis on May 17, 2019, 03:28:38 pm

Tested with:

-VMWare ESX 6.0

Title: Re: [CALL FOR TESTING] Microarchitectural Data Sampling (MDS) patch
Post by: LouieLouie on May 17, 2019, 04:23:23 pm

Opnsense GUI is up and all diagnostic metrics on it look correct and consistent.  I have full internet access.  SSH was slow to come up.

uname -a:  FreeBSD host.domain 11.2-RELEASE-p10-HBSD FreeBSD 11.2-RELEASE-p10-HBSD 5e5adf26fc3(stable/19.1) amd64
 
Intel(R) Core(TM) i5-5250U CPU @ 1.60GHz (4 cores)

Title: Re: [CALL FOR TESTING] Microarchitectural Data Sampling (MDS) patch
Post by: qinohe on May 17, 2019, 04:57:44 pm

Supermicro X7SPA-L - Intel Atom® Processor D410

Tested a local OpenVPN connection - works fine
SSH connections - snappy as always
CPU usage seems a little higher after reboot, though, this is mostly the case!

Thanks for the quick response  8) to, again, a nasty Intel bug..

edit: a short day later everything still works as expected, average load back to 'normal' values.

edit2: duh, after looking at the list at Intel it seems seems AtomD410 is not even vulnerable  ;D

Greetings, mark