Meltdown/Spectre: Unauthorized Disclosure of Kernel Memory

[EasterParade]

[Jaglover]

Generally, if a defective product is sold a recall should be done.

[NightMonkey]

Is there any mitigation possible, perhaps in either the kernel config, or via CFLAGs, that removes some feature that is allowing this exploitable path in our chipsets? Pretty ugly stuff - and I wonder who has been exploiting this for years without the public knowing...

[PrSo]

Here is part of Spectre patch:

http://lists.llvm.org/pipermail/llvm-co ... 13630.html

[Myu]

Is there any mitigation possible, perhaps in either the kernel config, or via CFLAGs, that removes some feature that is allowing this exploitable path in our chipsets? Pretty ugly stuff - and I wonder who has been exploiting this for years without the public knowing...

Kernel 4.14.11 has CONFIG_PAGE_TABLE_ISOLATION=y but that only for Meltdown attack. Spectre is a different beast

(edited)

[CPUFan]

Just FYI: This is "part" of a solution:

Code: Select all

# Meltdown:
=sys-kernel/gentoo-sources-4.14.11-r2 ~amd64

(followed by an update)

There will be 3 GLSAs about the full solution.

Thanks to grknight from #gentoo for confirming.

[eccerr0r]

Anyone have the PoC code, and whether disabling L1/L2 caches would mitigate the problem?

Granted, this would kill performance really badly, but it's a stopgap solution? heh heh heh

[Naib]

Is there any mitigation possible, perhaps in either the kernel config, or via CFLAGs, that removes some feature that is allowing this exploitable path in our chipsets? Pretty ugly stuff - and I wonder who has been exploiting this for years without the public knowing...

yes, buy a ryzen setup

[Myu]

@CPUFan :

Have an Intel CPU and 4.14.11 ? Then run

Code: Select all

cat /proc/cpuinfo | grep -i insecure

If you have something like this, the KPTI patch is enabled :

Code: Select all

bugs		: cpu_insecure
bugs		: cpu_insecure
...

[ycUygB1]

There will be 3 GLSAs about the full solution.

Thanks to grknight from #gentoo for confirming.

Thank you.

[Cyker]

Wooo! Time for the C64 to RISE AGAIN!!!!!

[EasterParade]

[Joseph Powers]

Can I patch the Meltdown bug with Gentoo hardened sources?

[papas]

great news for me 2 days ago I ordered a i7 8700k just to avoid the AMD segfault

[1clue]

It's going to take awhile before any fixed hardware reaches the market. First the design needs to be fixed, then it needs to be tested and then boards need to be designed around the newer chips. We're all screwed for awhile.

[Naib]

It's going to take awhile before any fixed hardware reaches the market. First the design needs to be fixed, then it needs to be tested and then boards need to be designed around the newer chips. We're all screwed for awhile.

You can take the risk with present Ryzen stock & you might be lucky not to pick up with early fab issues OR wait a couple of months an Zen2 is due out
If you want to stick with intel then sure... might take some time *if* they actually fix it (note they never actually fixed the fpu issue) as they have to gut their entire arch rather than building on it

[1clue]

It's going to take awhile before any fixed hardware reaches the market. First the design needs to be fixed, then it needs to be tested and then boards need to be designed around the newer chips. We're all screwed for awhile.

You can take the risk with present Ryzen stock & you might be lucky not to pick up with early fab issues OR wait a couple of months an Zen2 is due out
If you want to stick with intel then sure... might take some time *if* they actually fix it (note they never actually fixed the fpu issue) as they have to gut their entire arch rather than building on it

FWIW I'm sticking with Intel.

The idea that they don't fix this is insane. The FPU issue was a minor irritant with an easy software fix. This decimates the security or speed of their entire processor line for the last 15 years.

[gengreen]

Better to directly turn off the javascript in about:config than use some plugins

javascript is a general useflag, I will put it in my make.conf (-javascript)

it's better than nothing...

[roki942]

Came across these:
"We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare" http://www.theregister.co.uk/2018/01/04 ... notations/
"Azure VMs borked following Meltdown patch, er, meltdown" https://www.theregister.co.uk/2018/01/0 ... own_patch/

[luiztux]

Who knows now is the chance of Open Source Hardware gaining momentum? Or live like Stallman ...

[The Main Man]

Anyone have the PoC code, and whether disabling L1/L2 caches would mitigate the problem?

PoC code :
http://cxsecurity.com/issue/WLB-2018010039

[Naib]

https://www.bleepingcomputer.com/news/s ... e-attacks/

[The Main Man]

It's easier to copy the PoC code from here instead of the link I posted above:
https://github.com/Eugnis/spectre-attack

Anyway, I've executed this code on 4.14.11-gentoo-r2 with cpu_insecure and got this :

Code: Select all

$ ./a.out                                                                                                                                                                          
Putting 'The Magic Words are Squeamish Ossifrage.' in memory
Reading 40 bytes:
zsh: illegal hardware instruction  ./a.out

Would be interesting to see the result on non-patched system but I can't do it atm.

[gengreen]

https://paste.pound-python.org/show/X9O ... CgOKMTwTc/

[The Main Man]

https://paste.pound-python.org/show/X9O ... CgOKMTwTc/

Interesting, so the code actually works. On patched or non-patched system?
I just had to try it and on the same machine I have another gentoo installation that hasn't been updated in awhile (couple of months) , and I get the same result (zsh: illegal hardware instruction ./a.out), thought maybe it's zsh so I tried to execute in bash but I got the same thing. Maybe I'm doing something wrong, I've compiled the source with "gcc Source.c"