[Users] X86_BUG_CPU_INSECURE
Scott Dowdle
dowdle at montanalinux.org
Thu Jan 4 06:30:02 MSK 2018
Greetings,
----- Original Message -----
> Virtuozzo will release the kernel with fix asap.
> We have it under testing right now
That's great... but... if I understood the LWN article that came out today entitled, "Notes from the Intelpocalypse" there are three issues:
https://lwn.net/Articles/742702/ (subscription only until freely available at the end of next week)
1) Getting around boundary checks
2) Messing with indirect jumps
3) Forcing direct cache loads
#3 is negated by the kernel page table isolation (PPTI) patches that first appeared in the 4.15 rc kernels... which is what everyone is backporting to the older kernels they support. There are various ways to fix #2 including potential CPU microcode patches from CPU makers and forthcoming a GCC flag... but at time of writing, the mainline kernel has no defense. For #1, no straightforward defense has appeared yet. LWN also predicts that additional exploits will appear in coming months that leverage one or more of these issues. Two of the three issues are present in most all CPUs made since 1995 that include speculative execution including Intel, AMD, ARM... and potentially others. Only one of the three seems to be Intel specific.
While #3 is fixed... I'm guessing it is like fixing only one of three holes in a submarine's hull.
Of course any efforts in fixing anything are greatly appreciated.
TYL,
--
Scott Dowdle
704 Church Street
Belgrade, MT 59714
(406)388-0827 [home]
(406)994-3931 [work]
More information about the Users
mailing list