update sources to Ubuntu-4.15.0-50.54
It mainly comes with some mitigation for MDS[1][3][4][5], for best
result a microupdate of the CPU is required, else the kernel falls
back to some "best effort mitigation", trying to clear the CPU
buffers on kernel/userspace, hypervisor/guest and C-state (idle)
transitions.
With this applied you will have a new file in sysfs to get the
mitigation state of the server regarding MDS:
$ cat /sys/devices/system/cpu/vulnerabilities/mds
Microcode updates should come available in stretch with
3.
20190514.1~deb9u1 [2] version currently only tagged[2], but not yet
released.
[1]: https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html#mitigation-strategy
[2]: https://salsa.debian.org/hmh/intel-microcode/commits/debian/3.
20190514.1_deb9u1
[3]: https://mdsattacks.com/
[4]: https://cpu.fail/
[5]: https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
projects / pve-kernel.git / commit