Assess Vulnerability to RIDL and Fallout MDS attacks

[esote]

Qubes OS version

R4.0

Affected component(s) or functionality

Xen, dom0, domU

Brief summary

https://mdsattacks.com/

They provide a tool to check vulnerability. With the Linux 4.14.116 (and 4.14.103) kernel, on an Intel Core i5-8250U CPU, I get the following:

domU

Direct Branch Prediction
    Status: Vulnerable
    _user pointer sanitization: Enabled
Indirect Branch Speculation
    Status: Vulnerable
    Retpoline: Full
    IBRB: Disabled
    IBRS: Disabled
    STIBP: Disabled
    SMEP: Enabled
Speculative Store Bypass:
    Speculative Store Bypass: Vulnerable
    Speculative Store Bypass: Available
Meltdown
    Status: Vulnerable
    KPTI Present: Yes
    KPTI Enabled: Yes
    PCID Accelerated: Yes
    PCID Invalidation: Yes
L1 Terminal Fault
    Status: Vulnerable
    L1TF Present: Yes
    PTE Inversion: Yes
    SMT: Unaffected
    L1d Flush Present: No
    L1d Flush: Available
Micro-architecture Data Sampling
    Line Fill Buffers (MFBDS): Vulnerable
    Store Buffers (MSBDS): Vulnerable
    Load Ports (MLPDS): Vulnerable
    Uncached Memory (MDSUM): Vulnerable
    SMT: Unaffected
    MD_CLEAR: Not available

dom0

Direct Branch Prediction
    Status: Vulnerable
    _user pointer sanitization: Enabled
Indirect Branch Speculation
    Status: Vulnerable
    Retpoline: Full
    IBRB: Disabled
    IBRS: Disabled
    STIBP: Disabled
    SMEP: Enabled
Speculative Store Bypass:
    Speculative Store Bypass: Vulnerable
    Speculative Store Bypass: Available
Meltdown
    Status: Vulnerable
    KPTI Present: Yes
    KPTI Enabled: No
    PCID Accelerated: Yes
    PCID Invalidation: Yes
L1 Terminal Fault
    Status: Vulnerable
    L1TF Present: Yes
    PTE Inversion: Yes
    SMT: Unaffected
    L1d Flush Present: No
    L1d Flush: Available
Micro-architecture Data Sampling
    Line Fill Buffers (MFBDS): Vulnerable
    Store Buffers (MSBDS): Vulnerable
    Load Ports (MLPDS): Vulnerable
    Uncached Memory (MDSUM): Vulnerable
    SMT: Unaffected
    MD_CLEAR: Not available

I have hyperthreading disabled:

$ xl info | grep threads_per_core
threads_per_core        : 1

I assume Qubes is vulnerable to RIDL and Fallout to some extent, since they're new vulnerabilities. However, their tool also shows Qubes (dom0 and domU) to still be vulnerable to direct/indirect branch speculation, speculative store bypass, Meltdown, and L1TF -- which had been addressed on Qubes a while ago. Any thoughts?

[esote]

Xen security advisory announcement: https://lists.xenproject.org/archives/html/xen-announce/2019-05/msg00001.html

[lunarthegrey]

Looks like this has been patched with the following packages.

https://github.com/QubesOS/updates-status/issues?q=is%3Aopen+is%3Aissue+label%3Ar4.0-dom0-sec-test

intel-microcode v2.1-28.qubes1 vmm-xen v4.8.5-6

linux-kernel v4.14.119-2 or linux-kernel-4-19 v4.19.43-1

No security bulletin from Qubes yet but you can patch with: sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing in dom0 and reboot.

[starius]

I have intel-microcode updaged (3.20190514.1~deb9u1) in debian-9.

That is what I get from the MDS testing tool on AMD CPU:

[marmarek]

Bulletin on the way: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-049-2019.txt

[starius]

I updated from qubes-dom0-security-testing and rebooted. Still having the same status (vulnerable) from the tool. The kernel version is 4.19.43-1.pvops.qubes.x86_64 now.

[lunarthegrey]

@starius Just to be sure you updated with sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing and installed the latest microcode in dom0? Are you running the new Xen version as well?

[starius]

@lunarthegrey I updated with sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing and rebooted. I checked the versions on software in dom0 - they match those from the secpack:

For Qubes 4.0:

• Xen packages, version 4.8.5-6
• microcode_ctl 2.1-28.qubes1
• kernel-qubes-vm package, version 4.19.43-1 (optional)

Running the tool from https://mdsattacks.com/files/mdstool-linux.zip in disp VM.

[esote]

@starius I haven't tried updates from security-testing yet, but you may have to run the tool from dom0 itself, or perhaps also install the updated microcode in the dispVM / domU since you're running the tool from there.

[lunarthegrey]

@starius Ok I've tested it myself and am seeing the same "vulnerable" status on all of the ones you have + L1 Terminal Fault. Unsure why, maybe this tool has some false positives? My DispVM template is up to date and patched as well. I'll test with this next. https://github.com/speed47/spectre-meltdown-checker

@esote It's probably not safe to run anything but default programs in dom0.

[lunarthegrey]

I think that tool @starius is using is wrong. https://github.com/speed47/spectre-meltdown-checker comes back clean. Here is the output from my DispVM.

> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK

Summary shows "OK" on all. From their README:

CVE-2019-11091 [MDSUM] Microarchitectural Data Sampling Uncacheable Memory (RIDL)

 - Note: These 4 CVEs are similar and collectively named "MDS" vulnerabilities, the mitigation is identical for all

[esote]

@lunarthegrey That tool does indeed seem to be more accurate than the one provided on the MDS website, thanks.

[esote]

I'll close this, now that there's a QSB