From: "dpreed@deepplum.com" <dpreed@deepplum.com>
To: "Dave Taht" <dave.taht@gmail.com>
Cc: "Jonathan Morton" <chromatix99@gmail.com>,
cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] KASLR: Do we have to worry about other arches than x86?
Date: Thu, 04 Jan 2018 20:28:55 -0000 [thread overview]
Message-ID: <1515097734.30384822@apps.rackspace.com> (raw)
In-Reply-To: <CAA93jw5b9gdsS4B-pAQhC9Q4d52fQj2MeJJgH=KGYr_+Te_CeQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2672 bytes --]
Meltdown is very easy to exploit, and doesn't need heavy CPU usage (well, the obvious exploit is dumping all of kernel data space, which might be somewhat slower than a memcpy() of that data. :-)
Essentially, you run a loop that uses speculative memory tests to load a unique userspace cache line for each bit of kernel memory, and after loading some cache lines, you check to see if those userspace locations are in the cache. If you stick lo L1 cache, you can do this concurrently on multiple cores. But you don't need multiple cores, one will do.
That assumes that you are running a program that wants to read your kernel data looking for passwords in the clear, etc.
Sceptre may require heavy CPU usage, but Meltdown doesn't.
Depending on how you set up your "home router", you might allow "infected" or "trojan" programs to run in userspace there. I wouldn't do that, because hardware is cheap. But some people like to throw all kinds of server code into their router setups - even stuff like node.js servers.
The really core issue with Meltdown at the highest level is that the kernel is addressable from userspace, except for the "privilege level" in the page table entries. That's a couple of bits between userspace and data that userspace isn't supposed to ever see. And those bits are ignored during specutlative execution's memory accesses.
-----Original Message-----
From: "Dave Taht" <dave.taht@gmail.com>
Sent: Thursday, January 4, 2018 9:53am
To: "Jonathan Morton" <chromatix99@gmail.com>
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] KASLR: Do we have to worry about other arches than x86?
On Thu, Jan 4, 2018 at 6:49 AM, Jonathan Morton <chromatix99@gmail.com> wrote:
>> On 4 Jan, 2018, at 3:59 pm, Dave Taht <dave.taht@gmail.com> wrote:
>>
>> Alan cox has been doing a good job of finding the good stuff. Power
>> and the IBM z-series are also affected.
>
> Conversely, the ARM-1176, Cortex-A7 and Cortex-A53 cores used by various iterations of the Raspberry Pi are not affected. These are all in-order execution CPUs with short pipelines, and I think they're representative of what you'd want in CPE.
Well, I'd hope that this string of bugs stalls deployment of more
advanced arches in this space until the speculative execution bugs are
fully resolved.
(and I *vastly* prefer short pipelines)
> - Jonathan Morton
>
--
Dave Täht
CEO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-669-226-2619
_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel
[-- Attachment #2: Type: text/html, Size: 4346 bytes --]
next prev parent reply other threads:[~2018-01-04 20:28 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-01 23:08 Dave Taht
[not found] ` <CAJq5cE23bbiPE0a_9zd1VLnO7=c7bjmwwxVwaD2=to3fg5TOjA@mail.gmail.com>
2018-01-01 23:27 ` Jonathan Morton
2018-01-02 19:06 ` Jonathan Morton
2018-01-04 12:09 ` Jonathan Morton
2018-01-04 13:38 ` Dave Taht
2018-01-04 13:48 ` Jonathan Morton
2018-01-04 13:59 ` Dave Taht
2018-01-04 14:49 ` Jonathan Morton
2018-01-04 14:53 ` Dave Taht
2018-01-04 20:28 ` dpreed [this message]
2018-01-04 21:20 ` Jonathan Morton
2018-01-04 21:40 ` Dave Taht
2018-01-04 21:51 ` valdis.kletnieks
2018-01-04 21:44 ` Joel Wirāmu Pauling
2018-01-04 21:47 ` Dave Taht
2018-01-04 21:52 ` Joel Wirāmu Pauling
2018-01-04 21:54 ` Dave Taht
2018-01-04 21:57 ` Joel Wirāmu Pauling
[not found] ` <1515103187.670416570@apps.rackspace.com>
2018-01-04 22:02 ` Joel Wirāmu Pauling
[not found] ` <1515103048.715224709@apps.rackspace.com>
2018-01-04 22:00 ` Joel Wirāmu Pauling
2018-01-04 22:09 ` dpreed
2018-01-04 22:13 ` Joel Wirāmu Pauling
2018-01-04 22:15 ` Dave Taht
2018-01-04 22:26 ` Jonathan Morton
2018-01-04 22:35 ` Joel Wirāmu Pauling
2018-01-04 22:58 ` [Cerowrt-devel] Spectre and EBPF JIT dpreed
2018-01-05 4:53 ` Dave Taht
2018-01-05 14:07 ` Jonathan Morton
2018-01-05 15:35 ` dpreed
2018-01-05 19:18 ` Jonathan Morton
2018-01-05 20:15 ` David Lang
2018-01-04 22:02 [Cerowrt-devel] KASLR: Do we have to worry about other arches than x86? dpreed
2018-01-04 22:02 dpreed
2018-01-04 22:04 ` Dave Taht
2018-01-04 22:12 ` dpreed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1515097734.30384822@apps.rackspace.com \
--to=dpreed@deepplum.com \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=chromatix99@gmail.com \
--cc=dave.taht@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox