File: buffer-overwriting-mitigation.dita

package info (click to toggle)
virtualbox 7.1.12-dfsg-2
  • links: PTS, VCS
  • area: contrib
  • in suites: sid
  • size: 565,672 kB
  • sloc: ansic: 2,330,854; cpp: 2,193,228; asm: 230,777; python: 223,895; xml: 86,771; sh: 25,541; makefile: 8,158; perl: 5,697; java: 5,337; cs: 4,872; pascal: 1,782; javascript: 1,692; objc: 1,131; lex: 931; php: 906; sed: 899; yacc: 707
file content (52 lines) | stat: -rw-r--r-- 2,700 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
<topic xml:lang="en-us" id="buffer-overwriting-mitigation">
  <title>Buffer Overwriting and Disabling Hyper-Threading</title>
  
  <body>
    <p> First, up-to-date CPU microcode is a prerequisite for the buffer overwriting (clearing)
      mitigations. Some host OSes may install these automatically, though it has traditionally been
      a task best performed by the system firmware. Please check with your system or mainboard
      manufacturer for the latest firmware update. </p>
    <p>
          This mitigation aims at removing potentially sensitive data
          from the affected buffers before running guest code. Since
          this means additional work each time the guest is scheduled,
          there might be some performance side effects.
        </p>
    <p>
          We recommend disabling hyper-threading (HT) on hosts affected
          by CVE-2018-12126 and CVE-2018-12127, because the affected
          sets of buffers are normally shared between thread pairs and
          therefore cause leaks between the threads. This is
          traditionally done from the firmware setup, but some OSes also
          offers ways disable HT. In some cases it may be disabled by
          default, but please verify as the effectiveness of the
          mitigation depends on it.
        </p>
    <p>
          The default action taken by <ph conkeyref="vbox-conkeyref-phrases/product-name"/> is to clear the
          affected buffers when a thread is scheduled to execute guest
          code, rather than on each VM entry. This reduces the
          performance impact, while making the assumption that the host
          OS will not handle security sensitive data from interrupt
          handlers and similar without taking precautions.
        </p>
    <p>
          The <userinput>VBoxManage modifyvm</userinput> command provides a
          more aggressive flushing option is provided by means of the
          <codeph>--mds-clear-on-vm-entry</codeph> option. When enabled
          the affected buffers will be cleared on every VM entry. The
          performance impact is greater than with the default option,
          though this of course depends on the workload. Workloads
          producing a lot of VM exits (like networking, VGA access, and
          similiar) will probably be most impacted.
        </p>
    <p>
          For users not concerned by this security issue, the default
          mitigation can be disabled using the <userinput>VBoxManage
          modifyvm name --mds-clear-on-sched off</userinput> command.
        </p>
  </body>
  
</topic>