From: Jonathan Morton <chromatix99@gmail.com>
To: Dave Taht <dave.taht@gmail.com>
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] aarch64 exploit POC
Date: Sun, 7 Jan 2018 18:22:33 +0200 [thread overview]
Message-ID: <638AB8B9-B17B-44FE-8602-7DDCC9287682@gmail.com> (raw)
In-Reply-To: <CAA93jw7NpeMjpayH4p_6W4GK-xK3kqUM+_tKfV_MKxn6RMuqQQ@mail.gmail.com>
> On 7 Jan, 2018, at 5:15 pm, Dave Taht <dave.taht@gmail.com> wrote:
>
> https://plus.google.com/+KristianK%C3%B6hntopp/posts/6CduVXSy6Kd
>
> There comes a time after coping with security holes nonstop for 5 days
> straight, when it is best to log off the internet entirely, stop
> thinking, drink lots of rum, and go surfing.
This is for Variant 3a, which is really not such a big deal, and only affects a few of ARM's cores. Yes, you can read out privileged MSRs that way, but they generally don't contain directly-useful information. ARM claims that the few CPUs where that *isn't* true are already immune to Variant 3a.
Only one of ARM's cores is vulnerable to Variant 3, ie. Meltdown, which can read privileged memory. The same mitigation applies there as for x86 CPUs - unmap privileged memory completely, instead of just marking it inaccessible.
Variant 2 is a wider problem, for which ARM has produced mitigation strategies and patches, and Variant 1 is a near-universal problem for out-of-order CPUs running untrusted code.
Also, I think ARM is in a good position to remove or reduce exposure to these attacks in future core designs, including new revisions of existing cores.
- Jonathan Morton
next prev parent reply other threads:[~2018-01-07 16:22 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-07 15:15 Dave Taht
2018-01-07 15:47 ` Outback Dingo
2018-01-07 16:10 ` Dave Taht
2018-01-07 16:21 ` Outback Dingo
2018-01-07 16:46 ` Dave Taht
2018-01-07 16:22 ` Jonathan Morton [this message]
2018-01-07 19:03 dpreed
2018-01-08 15:49 ` Dave Taht
2018-01-08 15:57 ` Jonathan Morton
2018-01-09 18:19 ` Dave Taht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=638AB8B9-B17B-44FE-8602-7DDCC9287682@gmail.com \
--to=chromatix99@gmail.com \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=dave.taht@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox