FreeBSD MDS Question

[ComputerCraftr]

Hi, I am using FreeBSD on a server with Intel Xeon X5675 CPUs on the latest 0x1f microcode and was wondering if the vulnerability status reported here is correct:

CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Kernel supports using MD_CLEAR mitigation:  YES
* CPU Hyper-Threading (SMT) is disabled:  NO
* Kernel mitigation is enabled:  YES
* Kernel mitigation is active:  YES  (software-only support (SLOW))
> STATUS:  VULNERABLE  (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Kernel supports using MD_CLEAR mitigation:  YES
* CPU Hyper-Threading (SMT) is disabled:  NO
* Kernel mitigation is enabled:  YES
* Kernel mitigation is active:  YES  (software-only support (SLOW))
> STATUS:  VULNERABLE  (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)

CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Kernel supports using MD_CLEAR mitigation:  YES
* CPU Hyper-Threading (SMT) is disabled:  NO
* Kernel mitigation is enabled:  YES
* Kernel mitigation is active:  YES  (software-only support (SLOW))
> STATUS:  VULNERABLE  (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)

CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Kernel supports using MD_CLEAR mitigation:  YES
* CPU Hyper-Threading (SMT) is disabled:  NO
* Kernel mitigation is enabled:  YES
* Kernel mitigation is active:  YES  (software-only support (SLOW))
> STATUS:  VULNERABLE  (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)

I know that the latest microcode does not mitigate these MDS vulnerabilities, but is this software mitigation reported by sysctl sufficient to close the MDS vulnerabilities and fully mitigate them when HyperThreading is also disabled?

~ » sysctl -d hw.mds_disable
hw.mds_disable: Microarchitectural Data Sampling Mitigation (0 - off, 1 - on VERW, 2 - on SW, 3 - on AUTO)
--------------------------------------------------------------------------------
~ » sysctl -d hw.mds_disable_state
hw.mds_disable_state: Microarchitectural Data Sampling Mitigation state
--------------------------------------------------------------------------------
~ » sysctl hw.mds_disable
hw.mds_disable: 3
--------------------------------------------------------------------------------
~ » sysctl hw.mds_disable_state
hw.mds_disable_state: software IvyBridge

References:
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
intel/Intel-Linux-Processor-Microcode-Data-Files#2

[ComputerCraftr]

Based on the FreeBSD kernel code, I think that the vulnerability status reported here is wrong because FreeBSD includes serialized functions using lfence and mfence which overwrite the speculative data in microarchitectural buffers with dummy data even in the absence of an updated verw instruction from the microcode to clear them. These functions are invoked during system calls/context switches so that the only situation where speculative data is accessible to another process is when the buffers are shared during HyperThreading.

https://github.com/freebsd/freebsd-src/blob/releng/14.2/sys/amd64/amd64/support.S#L1751