|
|
Subscribe / Log in / New account

more vulnerabilities to be found

more vulnerabilities to be found

Posted Jan 4, 2018 15:45 UTC (Thu) by jimzhong (subscriber, #112928)
In reply to: more vulnerabilities to be found by jcm
Parent article: Notes from the Intelpocalypse

Checking permissions can prevent the Meltdown attack which is specific to Intel processors. I doubts whether it can prevent Spectre.

to post comments

more vulnerabilities to be found

Posted Jan 4, 2018 15:56 UTC (Thu) by jcm (subscriber, #18262) [Link] (5 responses)

Indeed, but as I said elsewhere in the thread, you can mitigate branch predictor abuse if you correctly index your predictor based upon the full address space (including ASID/PCID/etc.). The hardware fix for variant 2 isn't actually as bad as people claim.

more vulnerabilities to be found

Posted Jan 4, 2018 22:39 UTC (Thu) by roc (subscriber, #30627) [Link] (3 responses)

That's only part of the Spectre attack though.

Even if vendors manage to plug all the stuff in the Spectre paper, a big question is whether there are more big "leaking secrets through hidden CPU state using side channel" attacks that will be found soon, now that everyone's looking. I wouldn't bet against it. In which case we could be in for a long period of scrambling, patching, and performance-eroding mitigations.

more vulnerabilities to be found

Posted Jan 4, 2018 22:54 UTC (Thu) by jcm (subscriber, #18262) [Link] (2 responses)

Indeed. I co-lead the mitigation team within Red Hat for some time on this issue. It's allowed for a few productive conversations around potential future research. I've already spoken with those involved in this research, and similar related efforts. Red Hat turned up to MICRO50 last year, which wasn't on accident. I'm trying to drive more direct engagement with the architecture community, and especially now that we can work with the vendors and researchers to help find the next one. I'd really like it to be RH finding it next time.

more vulnerabilities to be found

Posted Jan 4, 2018 23:07 UTC (Thu) by roc (subscriber, #30627) [Link] (1 responses)

I hope you and your colleagues in the early-disclosure zone are reflecting on whether the "patch and pray" approach to stopping these leaks is sustainable long-term. For example, it was pointed out that retpolines break Intel's CET, i.e. one mitigation stomps on another. Each mitigation makes the system more complex and fragile ... and a lot of them make it slower, too.

I realize you have to do these mitigations for now, but I think some serious long-term thinking needs to be going on alongside the stop-gap work.

more vulnerabilities to be found

Posted Jan 4, 2018 23:20 UTC (Thu) by roc (subscriber, #30627) [Link]

Er, retract that CET point. Apparently it is possible to have a CET-compatible reptoline.

more vulnerabilities to be found

Posted Jan 4, 2018 23:14 UTC (Thu) by rahvin (guest, #16953) [Link]

But the hardware fix is not a quick fix and the concern is of course about permutations of this attack that exploit similar functions.

Spectre appears to lie at the heart of CPU design assumptions and will likely be around causing problems for a very long time as people figure out new ways to do the same thing using various other similar assumptions. As someone else said the person that came up with this was brilliant and it's going to have very far reaching consequences.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds