Re: [Test-Announce] Re: Call for testing: updates to address today's CPU/kernel vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 01/03/2018 08:24 PM, Matthew Miller wrote:

On Wed, Jan 03, 2018 at 06:06:11PM -0700, stan wrote:

It turns out that AMD processors are not affected by this problem.


This is not completely clear. AMD processors seem to be not affected by
at least some forms of the "Meltdown" variant of the problem; I don't
think we can confidently state anything stronger than that.

AMD processors _are_ vulnerable to the "Spectre" variant ... but we
don't have fixes for that yet anyway.


Yes, GPZ identified 3 different variants.  The details are here:

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

At the bottom of the page is a link to AMD's statement:

http://www.amd.com/en/corporate/speculative-execution
According to the above, of the 3 variants only one is 100% confirmed to not affect AMD chips. Since AMD's microarchitecture made it immune to one of the attacks mitigated by PTI, they posted a patch to turn PTI off for their processors, sparing their chips a performance hit: 

https://lkml.org/lkml/2017/12/27/2
This is probably where the "AMD is safe" rumor started, but that is only 1/3, maybe 2/3. Now that the context is public let's be clear: even AMD processors are vulnerable without the patched kernel Adam has asked for help testing.
If your processor does any form of speculative execution (EG, it has a branch predictor) there is a chance it is vulnerable to one or more of these attacks. The specifics vary by microarchitecture, so even if a successful attack hasn't been mounted yet, it could be next. The GPZ page includes an "Ideas for further research" research section saying as much.
So with that in mind, please do help test the new kernel. The sooner there is confidence in it the sooner it gets pushed out for everybody to use. And in testing the kernel you are (probably) immediately protecting yourself, so it's a win all around. 

--
Brendan Conoboy / RHEL Development Coordinator / Red Hat, Inc.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux