On Wed, 03 Jan 2018 17:59:11 -0800 Adam Williamson <adamwill@xxxxxxxxxxxxxxxxx> wrote: > On Wed, 2018-01-03 at 17:48 -0800, Adam Williamson wrote: > > The initial reporting that only Intel CPUs were affected was > > entirely wrong. I think you are conflating exploits. The original exploit, called meltdown or kaiser or kopti, was only against intel CPUs and exploited security escalation in speculative execution. I've just been reading about SPECTRE from the link that Ed Greshko supplied, and all modern CPUs are subject to that because it is a cache exploit via sidechannel attack, not a security escalation exploit, and all modern CPUs use cache, and apparently use it in the same vulnerable way. :-) Is the linux kernel fix for both of these in one, or are they separate? That is, is kopti a fix for meltdown only, or does it mitigate against SPECTRE also? I would expect they would be separate, since they are different exploits. > Just to reinforce this, Google's researcher's report: > > "A PoC that demonstrates the basic principles behind variant 1 in > userspace on the tested Intel Haswell Xeon CPU, the AMD FX CPU, the > AMD PRO CPU and an ARM Cortex A57 [2]. This PoC only tests for the > ability to read data inside mis-speculated execution within the same > process, without crossing any privilege boundaries. This is SPECTRE, not meltdown. > By my reading, the basic problematic behaviour here is something > virtually all modern CPUs do. Researchers have so far got furthest > along in developing practical exploits against Intel CPUs, but it > seems extremely unlikely to me that this means AMD CPUs are somehow > immune to the problem just because researchers haven't yet managed to > get an exploit that crosses a process boundary working on AMD *yet*. > Indeed, Google's research demonstrates they certainly *aren't* immune > to the basic problem. Yes, for SPECTRE. No, for meltdown, (formerly called KAISER). _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
