| 1 |
On Thu, Jan 04, 2018 at 11:10:01AM -0500, Rich Freeman wrote |
| 2 |
> On Thu, Jan 4, 2018 at 11:02 AM, Holger Hoffstätte |
| 3 |
> <holger@××××××××××××××××××.com> wrote: |
| 4 |
> > On Wed, 03 Jan 2018 15:53:07 -0500, Rich Freeman wrote: |
| 5 |
> > |
| 6 |
> >> On Wed, Jan 3, 2018 at 3:35 PM, Wols Lists <antlists@××××××××××××.uk> wrote: |
| 7 |
> >>> |
| 8 |
> >>> And as I understand it the code can be disabled with either a compile |
| 9 |
> >>> time option or command line switch to the kernel. |
| 10 |
> >> |
| 11 |
> >> I suspect the compile-time option is PAGE_TABLE_ISOLATION (which was |
| 12 |
> >> newly added in 4.14.11). The command line option nopti will disable |
| 13 |
> >> it at runtime. |
| 14 |
> >> |
| 15 |
> >> Rumor has it that it will be disabled on AMD CPUs in 4.14.12, but I |
| 16 |
> > |
| 17 |
> > That's not a rumor and it can be easily verified either here: |
| 18 |
> > |
| 19 |
> > https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-4.14/x86-cpu-x86-pti-do-not-enable-pti-on-amd-processors.patch |
| 20 |
> > |
| 21 |
> > or in mainline git, respectively. |
| 22 |
> > |
| 23 |
> |
| 24 |
> Not back when I made my post, as is evident from the timestamps. |
| 25 |
> |
| 26 |
> All the info around these vulnerabilities is rapidly evolving, so take |
| 27 |
> anything you hear with some skepticism until the dust settles... |
| 28 |
|
| 29 |
There are 2 vulnerabities at play here, both caused by speculative |
| 30 |
execution... |
| 31 |
|
| 32 |
1) "Meltdown" is the reading, by userland processes, of kernel memory. |
| 33 |
This includes stuff like passwords, ssh and gpg keys, and other similar |
| 34 |
sensitive stuff. Intel is vulnerable; AMD is not, thanks to AMD's |
| 35 |
ring-level permission checking. |
| 36 |
|
| 37 |
2) "Spectre" is the reading, by one userland process, of memory |
| 38 |
belonging to another userland process. Since this does not require |
| 39 |
jumping to kernel privilege level, AMD's ring-level permission checking |
| 40 |
is not invoked, and AMD cpus are vulnerable. Think "cross-site-scripting |
| 41 |
on steroids", or "cross-process memory access" on your PC. |
| 42 |
|
| 43 |
The most obvious attack vector would be web assembler or java plugin |
| 44 |
or javascript, executing a 3rd-party ad in your browser. By the way, |
| 45 |
Adobe Flash is scripted by "Ecmascript", a variant of javascript. |
| 46 |
|
| 47 |
This is a problem that's associated with "speculative execution". I |
| 48 |
wonder how much of a performance hit it would be to turn off speculative |
| 49 |
execution. That would probably require at least a microcode/firmware |
| 50 |
update, if not a new cpu. |
| 51 |
|
| 52 |
-- |
| 53 |
Walter Dnes <waltdnes@××××××××.org> |
| 54 |
I don't run "desktop environments"; I run useful applications |
Archives