[Cerowrt-devel] KASLR: Do we have to worry about other arches than x86?

Jonathan Morton chromatix99 at gmail.com
Thu Jan 4 16:20:45 EST 2018



> On 4 Jan, 2018, at 10:28 pm, dpreed at deepplum.com wrote:
> 
> The really core issue with Meltdown at the highest level is that the kernel is addressable from userspace, except for the "privilege level" in the page table entries. That's a couple of bits between userspace and data that userspace isn't supposed to ever see. And those bits are ignored during specutlative execution's memory accesses.

...on Intel CPUs since Nehalem and Silvermont, and on a very small number of ARM's highest-performance cores (which you're unlikely to find in CPE).

But not on most ARM cores, nor on AMD CPUs.  These all do their security checks more promptly, so the rogue data never reaches either a shadow register nor an execution unit, even under speculative execution.

The conceptually simplest mitigation turns out to be switching off branch prediction.

 - Jonathan Morton



More information about the Cerowrt-devel mailing list