Talk:Microarchitectural Data Sampling

This is the talk page for discussing improvements to the Microarchitectural Data Sampling article. This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic. New to Wikipedia? Welcome! Learn to edit; get help. Assume good faith Be polite and avoid personal attacks Be welcoming to newcomers Seek dispute resolution if needed Article policies Neutral point of view No original research Verifiability

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

Daily pageviews of this article A graph should have been displayed here but graphs are temporarily disabled. Until they are enabled again, visit the interactive graph at pageviews.wmcloud.org

This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computing: Software Mid‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. Mid This article has been rated as Mid-importance on the project's importance scale. This article is supported by WikiProject Software (assessed as Mid-importance). This article is supported by Computer hardware task force (assessed as Mid-importance). This article is supported by WikiProject Computer Security (assessed as Mid-importance). Things you can help WikiProject Computer Security with: edit history watch purge Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Linux Mid‑importance Linux portal This article is within the scope of WikiProject Linux, a collaborative effort to improve the coverage of Linux on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. Mid This article has been rated as Mid-importance on the project's importance scale. Microsoft Windows: Computing Mid‑importance This article is within the scope of WikiProject Microsoft Windows, a collaborative effort to improve the coverage of Microsoft Windows on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. Mid This article has been rated as Mid-importance on the project's importance scale. This article is supported by WikiProject Computing. Apple Inc. Mid‑importance This article is within the scope of WikiProject Apple Inc., a collaborative effort to improve the coverage of Apple, Mac, iOS and related topics on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. Mid This article has been rated as Mid-importance on the project's importance scale.

Lead

Latest comment: 4 years ago2 comments2 people in discussion

The phasing of the lead section is confusing and the grammar could be improved. What does "...whilst those data are not architecturally supposed to be visible across" actually mean? 83.104.249.240 (talk) 09:30, 15 May 2019 (UTC)Reply

Assume it was supposed to read "which". —DIYeditor (talk) 11:34, 15 May 2019 (UTC)Reply

2011

Latest comment: 4 years ago2 comments2 people in discussion

What is the significance of 2011? What was the architecture change that introduced the flaw? 83.104.249.240 (talk) 09:34, 15 May 2019 (UTC)Reply

Wired article say chips going back to 2008? —DIYeditor (talk) 16:21, 15 May 2019 (UTC)Reply

Any notable attacks using the exploits yet?

Latest comment: 4 years ago1 comment1 person in discussion

Probably unlikely, but if there was a notable attack using any of the exploits we should probably mention it in the article. Kirbanzo ^{(userpage - talk - contribs)} 14:51, 15 May 2019 (UTC)Reply

Favoritism towards ZombieLoad

Latest comment: 4 years ago1 comment1 person in discussion

I noticed at the time of this writing, almost every time the three exploits are mentioned, ZombieLoad appears first and I do not see why this should be. Alphabetically, ‘Z’ should be last, and even if when going by CVE numbers, RIDL (CVE-2018-12127) seems to have came before ZombieLoad (CVE-2018-12130 which may actually be part of RIDL). Should we be listing these alphabetically or otherwise?

Even the Wikipedia article is linking the official website as zombieloadattack.com. Why not mdsattacks.com?

After all, while news on the internet seems to skew in either direction -- some mentioning only RIDL & Fallout , others mentioning ZombieLoad, and some mentioning all three -- RIDL and Fallout has the earliest (and the most) CVE numbers, AMD and RedHat seem to only recognize RIDL and Fallout, and according to Wired only Amsterdam’s VUSec received Intel's $100,000 bounty, apparently for RIDL. Sadly this seems only hinted in the history of the article.

I'm guessing that only those from the ZombieLoad side were the ones that worked on this page so far, while nobody familiar with RIDL and Fallout stepped up to contribute. This would explain zombieloadattack.com being a top-level source (currently #3) while nothing from mdsattacks.com appears in the article.

If this is the case, I would be happy to follow up with the RIDL and Fallout groups to see if they are willing to help contribute. I am sure a cohesive story can be told that brings in the history of all three exploits instead of focusing on one.--Ianozia (talk) 23:22, 15 May 2019 (UTC)Reply

Mitgatable?

Is this really mitigatable via a kernel update?

Linux 5.1.5, for example still reports vulnerable (within a VM) :

[root@testbox /] # uname -a
Linux testbox 5.1.5 #1 SMP Mon May 27 10:21:56 EST 2019 x86_64 GNU/Linux
[root@testbox /] # cat /sys/devices/system/cpu/vulnerabilities/mds
Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown

False claim about microcode updates requiring MB firmware updates.

"Microcode is the implementation of processor instructions on the processor itself, and updates require a firmware patch,[1] also known as BIOS or UEFI, to the motherboard." This is patently false. Operating systems such as any reasonably modern Linux distributions and Windows versions can and do upload microcodes fixes to the CPU during the boot process. Unfortunately I don't know a citable source for this. So maybe if you know one? -- 10:07, 30 August 2019 (UTC) — Preceding unsigned comment added by 194.39.218.10 (talk)