From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf0-x235.google.com (mail-lf0-x235.google.com [IPv6:2a00:1450:4010:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 98B403CB35 for ; Sun, 7 Jan 2018 11:22:36 -0500 (EST) Received: by mail-lf0-x235.google.com with SMTP id m8so3687566lfc.6 for ; Sun, 07 Jan 2018 08:22:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=UjxBhA0xT7JmVgWNgHqiNUAjrLkFjMjpG/O5fQ10lVg=; b=aFhjHi4BB4/6zbaFzuh7YLk6GKy5ShFhF+oh/xBNut4vnMSSW6kXQGq/+RoOh9VNMA Dk/osH/j3vVHfsqhkF82DBSKaSzwdNTp4+yn69JUL7fgL7XszdiZ8vEmGdRAIWnN72/3 /6TXAJhYZzKc+WXVHfqxw2YMG9IzOQetYb4x6u0Z55/wZXhN1Bgs1j1/+6qkX1OiWqT6 9UoR48/kOBzN6XZbhVf+7ezyPBwB63QUNSY4ESDLWPDozzSOXeQSzAkFt7sGt8Q6Jsbp E4lxF6oEuM8rqMoNVV6uJ5O4yIvSf9AvzEbdQMsq35mhUC+Ti+B3rZqeVBAOa45utBcf HfCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=UjxBhA0xT7JmVgWNgHqiNUAjrLkFjMjpG/O5fQ10lVg=; b=mQ0xCmKZ0eqTAUoZHgE58Yrnjz2ih2IyREQxEdd3i9F7NuFJPeqwnZL3wdZIK/xwr/ W60s5zquAjgnHeUsbTCMa0xEeHD3wEpXRQPPRS0gC5rqpytZOuQLYexOmtZqHW01B3fv mHwc6OfvQmWXv7kxqzNT3Vey9m6CaqMMjbMi8NSSrnox6gYS4CxMIVF9tz3NYLmqn4Bb uTqKpXs4iA0PS8i6UdBIIYj7C2E8w5c8DfIkOlBBCaUTxcgHkYfU3aiXBlhMAmDE0ahN 0dpnJBPmRA0xc7dINSHITO04HPFe5EltFN28o8dSt9KD2nvybJvjtWJatufFzl1wu9Vg yQpA== X-Gm-Message-State: AKGB3mKnE5rdYMBUdgJHOSxjLwcHysJjlnIDA2SQW5mNl6bbnIY/pZZN lyiiLZ+iIxve76r+O8jKJMA= X-Google-Smtp-Source: ACJfBov/ssufPsYfoHfSjhEsxZJcQnv2U0sOr2aU6txVjfkQ0K71Yg/b6fqILyzJ2flq88I+vLiWkw== X-Received: by 10.46.2.88 with SMTP id 85mr5112273ljc.73.1515342155378; Sun, 07 Jan 2018 08:22:35 -0800 (PST) Received: from [192.168.239.216] (mobile-access-bceee7-52.dhcp.inet.fi. [188.238.231.52]) by smtp.gmail.com with ESMTPSA id h75sm1961704ljf.36.2018.01.07.08.22.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 07 Jan 2018 08:22:34 -0800 (PST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) From: Jonathan Morton In-Reply-To: Date: Sun, 7 Jan 2018 18:22:33 +0200 Cc: cerowrt-devel@lists.bufferbloat.net Content-Transfer-Encoding: quoted-printable Message-Id: <638AB8B9-B17B-44FE-8602-7DDCC9287682@gmail.com> References: To: Dave Taht X-Mailer: Apple Mail (2.3445.5.20) Subject: Re: [Cerowrt-devel] aarch64 exploit POC X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jan 2018 16:22:36 -0000 > On 7 Jan, 2018, at 5:15 pm, Dave Taht wrote: >=20 > https://plus.google.com/+KristianK%C3%B6hntopp/posts/6CduVXSy6Kd >=20 > There comes a time after coping with security holes nonstop for 5 days > straight, when it is best to log off the internet entirely, stop > thinking, drink lots of rum, and go surfing. This is for Variant 3a, which is really not such a big deal, and only = affects a few of ARM's cores. Yes, you can read out privileged MSRs = that way, but they generally don't contain directly-useful information. = ARM claims that the few CPUs where that *isn't* true are already immune = to Variant 3a. Only one of ARM's cores is vulnerable to Variant 3, ie. Meltdown, which = can read privileged memory. The same mitigation applies there as for = x86 CPUs - unmap privileged memory completely, instead of just marking = it inaccessible. Variant 2 is a wider problem, for which ARM has produced mitigation = strategies and patches, and Variant 1 is a near-universal problem for = out-of-order CPUs running untrusted code. Also, I think ARM is in a good position to remove or reduce exposure to = these attacks in future core designs, including new revisions of = existing cores. - Jonathan Morton