From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from omr2.cc.vt.edu (omr2.cc.ipv6.vt.edu [IPv6:2607:b400:92:8400:0:33:fb76:806e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 49D7F3B2A4 for ; Thu, 4 Jan 2018 16:51:18 -0500 (EST) Received: from mr2.cc.vt.edu (mail.ipv6.vt.edu [IPv6:2607:b400:92:9:0:9d:8fcb:4116]) by omr2.cc.vt.edu (8.14.4/8.14.4) with ESMTP id w04LpHgo016434 for ; Thu, 4 Jan 2018 16:51:17 -0500 Received: from mail-qk0-f198.google.com (mail-qk0-f198.google.com [209.85.220.198]) by mr2.cc.vt.edu (8.14.7/8.14.7) with ESMTP id w04LpCUD010137 for ; Thu, 4 Jan 2018 16:51:17 -0500 Received: by mail-qk0-f198.google.com with SMTP id x129so1934106qkb.17 for ; Thu, 04 Jan 2018 13:51:17 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:in-reply-to:references :mime-version:content-transfer-encoding:date:message-id; bh=c9KkOtxj+QqSj0wvdbwFJhZifomQGS99n2Ayc6BSYkQ=; b=t7vm0nOu4Z6XQFoINDaVXlwxsVotVe0wL2HUXOmlRJiky8ZDYdR30vNZ23bMOSnoc2 n1BfEn0sNcdTwII14lWz7nDQg/ksUna1k4KYJMdm7urswZ46SqLNUmHM+Ek0ge35nb9e S+53KmeIrvOdxg4OLGdoWAmPB2vYKdNK1VWfQzHo+33gwZzHZTVhjwSojpiVEBjGr7nR hNWaVGTeqLezd/396bV9tFtsyWzLhkOgz/ZcEeZsuOyBSw/GBOttK+A7PY0qYIQp8i67 DvJVOFRC2WSEttNbbt7MfgItdzXfEaO3/j/Z4x0zN+2Fzq6caL7qXvUr7TaSwURw+naD vvbw== X-Gm-Message-State: AKwxytehY9n3wIVvOu4YN/JS9pVa4jiorW8R+jTkK0PJDPSnv298TK+a P8gMamQZC2rDR/C/cIIMI5lBsx+7lkl2Sh/7aPXOQr35XiNvHAXPNs1Alh7yT/szdE1w/9NKATN Z1hnetN1xlV/KC/H+s17M1+WEeCslsZYFJBKpBTT4n/XJ X-Received: by 10.233.230.77 with SMTP id x13mr1291884qkl.154.1515102672083; Thu, 04 Jan 2018 13:51:12 -0800 (PST) X-Google-Smtp-Source: ACJfBosFlFFQ7ga8TaSubl0CuKedd7/vh7t8BZg60u4X2OVYwSH1mfMw7hnbq9xJkQjAcyM9viW3Iw== X-Received: by 10.233.230.77 with SMTP id x13mr1291874qkl.154.1515102671807; Thu, 04 Jan 2018 13:51:11 -0800 (PST) Received: from turing-police.cc.vt.edu ([2607:b400:24:0:c938:abe9:7a19:bb03]) by smtp.gmail.com with ESMTPSA id n24sm2658094qta.50.2018.01.04.13.51.09 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 04 Jan 2018 13:51:09 -0800 (PST) Sender: Valdis Kletnieks From: valdis.kletnieks@vt.edu X-Google-Original-From: Valdis.Kletnieks@vt.edu X-Mailer: exmh version 2.8.0 04/21/2017 with nmh-1.7+dev To: Dave Taht Cc: "dpreed@deepplum.com" , Jonathan Morton , cerowrt-devel@lists.bufferbloat.net In-Reply-To: References: <2D7460E1-C724-4DAE-86CA-2D48AB2DAFE5@gmail.com> <1515097734.30384822@apps.rackspace.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1515102668_2505P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Thu, 04 Jan 2018 16:51:08 -0500 Message-ID: <134949.1515102668@turing-police.cc.vt.edu> Subject: Re: [Cerowrt-devel] KASLR: Do we have to worry about other arches than x86? X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jan 2018 21:51:18 -0000 --==_Exmh_1515102668_2505P Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable On Thu, 04 Jan 2018 13:40:28 -0800, Dave Taht said: > I guess I'm hoping for simple patches to the microcode to arrive next > week, even simply stuff to disable the branch predictor or speculative > execution, something simple, slow, and sane. In my inbox this morning. I have *no* idea why Intel is allegedly shippin= g a microcode fix for something believed to not be fixable via microcode. It may be this is a fix for only this one variant of the attack, and the ot= her two require kernel hacks. Summary: An update for microcode_ctl is now available for Red Hat Enterprise Linux= 7. Red Hat Product Security has rated this update as having a security impac= t of Important. A Common Vulnerability Scoring System (CVSS) base score, which= gives a detailed severity rating, is available for each vulnerability from the = CVE link(s) in the References section. The microcode_ctl packages provide microcode updates for Intel and AMD pr= ocessors. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonl= y used performance optimization). There are three primary variants of the issue = which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch targ= et It relies on the presence of a precisely-defined instruction sequence in the= privileged code as well as the fact that memory accesses may cause alloca= tion into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivi= leged attacker could use this flaw to cross the syscall and guest/host boundari= es and read privileged memory by conducting targeted cache side-channel attacks.= (CVE-2017-5715) Note: This is the microcode counterpart of the CVE-2017-5715 kernel mitig= ation. injection. --==_Exmh_1515102668_2505P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Comment: Exmh version 2.8.0 04/21/2017 iQEVAwUBWk6hzI0DS38y7CIcAQIH3Qf/cTmGGmy1PwIbtjyP4xlngPd6ebzjmTgW ldcmgJ+xMKhh4XDrk0Jt+5JDbYgK+K5e2jpLNc/Dq25YkELtGbghCx1zg8DNJeWo mUgukjbt0CIgjA7dY8ybsT6zbp6HPSXainljAS8OANjmCRXafre+qehrHeTw1NPq 1HxG6UaWCJ6IObPpMvaxbfuXvOKqVJNOv2nulxEPd1qPFbOXkcvoxktrACEn2dvG hFtfj4gNJZT77Dfowl120vN6o++C2sqiUnZLvp13ZAT2qkoK/8KOblJ8lzSfDCMW lDPjdRBDUt7H2kiFyrkdlAnUI1UthRSmDXPMvwXi1MZMRGj3xH4dww== =3cCV -----END PGP SIGNATURE----- --==_Exmh_1515102668_2505P--