1 |
On Thu, Jan 04, 2018 at 11:10:01AM -0500, Rich Freeman wrote |
2 |
> On Thu, Jan 4, 2018 at 11:02 AM, Holger Hoffstätte |
3 |
> <holger@××××××××××××××××××.com> wrote: |
4 |
> > On Wed, 03 Jan 2018 15:53:07 -0500, Rich Freeman wrote: |
5 |
> > |
6 |
> >> On Wed, Jan 3, 2018 at 3:35 PM, Wols Lists <antlists@××××××××××××.uk> wrote: |
7 |
> >>> |
8 |
> >>> And as I understand it the code can be disabled with either a compile |
9 |
> >>> time option or command line switch to the kernel. |
10 |
> >> |
11 |
> >> I suspect the compile-time option is PAGE_TABLE_ISOLATION (which was |
12 |
> >> newly added in 4.14.11). The command line option nopti will disable |
13 |
> >> it at runtime. |
14 |
> >> |
15 |
> >> Rumor has it that it will be disabled on AMD CPUs in 4.14.12, but I |
16 |
> > |
17 |
> > That's not a rumor and it can be easily verified either here: |
18 |
> > |
19 |
> > https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-4.14/x86-cpu-x86-pti-do-not-enable-pti-on-amd-processors.patch |
20 |
> > |
21 |
> > or in mainline git, respectively. |
22 |
> > |
23 |
> |
24 |
> Not back when I made my post, as is evident from the timestamps. |
25 |
> |
26 |
> All the info around these vulnerabilities is rapidly evolving, so take |
27 |
> anything you hear with some skepticism until the dust settles... |
28 |
|
29 |
There are 2 vulnerabities at play here, both caused by speculative |
30 |
execution... |
31 |
|
32 |
1) "Meltdown" is the reading, by userland processes, of kernel memory. |
33 |
This includes stuff like passwords, ssh and gpg keys, and other similar |
34 |
sensitive stuff. Intel is vulnerable; AMD is not, thanks to AMD's |
35 |
ring-level permission checking. |
36 |
|
37 |
2) "Spectre" is the reading, by one userland process, of memory |
38 |
belonging to another userland process. Since this does not require |
39 |
jumping to kernel privilege level, AMD's ring-level permission checking |
40 |
is not invoked, and AMD cpus are vulnerable. Think "cross-site-scripting |
41 |
on steroids", or "cross-process memory access" on your PC. |
42 |
|
43 |
The most obvious attack vector would be web assembler or java plugin |
44 |
or javascript, executing a 3rd-party ad in your browser. By the way, |
45 |
Adobe Flash is scripted by "Ecmascript", a variant of javascript. |
46 |
|
47 |
This is a problem that's associated with "speculative execution". I |
48 |
wonder how much of a performance hit it would be to turn off speculative |
49 |
execution. That would probably require at least a microcode/firmware |
50 |
update, if not a new cpu. |
51 |
|
52 |
-- |
53 |
Walter Dnes <waltdnes@××××××××.org> |
54 |
I don't run "desktop environments"; I run useful applications |