Unclear On The New MDS Patch

Mel Pilgrim list_freebsd at bluerosetech.com
Tue May 21 02:55:43 UTC 2019


On 2019-05-20 11:11, Tim Daneliuk wrote:
> What about cloud based servers like Digital Ocean FreeBSD droplets?  Does
> microcode updating even make sense in that context since the underlying
> system is actually what touches the hardware?

Short answer: no.

Longer answer:

Microcode updates use the WRMSR (WRite Model Specific Register) 
instruction, which requires ring 0.  Intel and AMD virtualization both 
emulate ring 0 for guests by pushing the physical ring 0 into a layer 
only accessible by the VMM and faking it for guests so they can operate 
without paravirtualization.  This is visible with software like 
msr-tools, where the rdmsr tool works fine but wrmsr appears to have no 
effect when run on a guest.


More information about the freebsd-questions mailing list