Jailer
Not strong, but bad
- Joined
- Sep 12, 2014
- Messages
- 4,977
Of course they did, their stock is taking a hit.....
Last edited by a moderator:
-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Meltdown / Spectre Discussion
- Thread starter jgreco
- Start date
- Status
cobrakiller58
Guru
- Joined
- Jan 18, 2017
- Messages
- 525
won't kernel rebuilds still affect AMD hardware even though they are not actually vulnerable to this flaw?
Edit:apparently people are looking to address that as well https://lkml.org/lkml/2017/12/27/2
Edit:apparently people are looking to address that as well https://lkml.org/lkml/2017/12/27/2
Last edited:
Nick2253
Wizard
- Joined
- Apr 21, 2014
- Messages
- 1,633
AMD responded to Intel's not-so-subtle nudge that AMD's processors were also susceptible: https://www.barrons.com/articles/amd-says-near-zero-risk-to-its-chips-1515016135
Nick2253
Wizard
- Joined
- Apr 21, 2014
- Messages
- 1,633
And now the cat is out of the bag:
http://www.zdnet.com/article/securi...el-chip-since-1995-arm-processors-vulnerable/
https://spectreattack.com/
http://www.zdnet.com/article/securi...el-chip-since-1995-arm-processors-vulnerable/
https://spectreattack.com/
jgreco
Resident Grinch
- Joined
- May 29, 2011
- Messages
- 18,680
Yeah, well, there's just other undiscovered bugs hanging around out there in the silicon. This effing thing has apparently been around since the days of the Pentium Pro, or 'round about two damn decades, and we're just finding out about it now. Betcha other silicon has similar undiscovered issues.
jgreco
Resident Grinch
- Joined
- May 29, 2011
- Messages
- 18,680
Well spin my nipple nuts and send me to Alaska.
nightshade00013
Wizard
- Joined
- Apr 9, 2015
- Messages
- 1,258
Looks like everyone is affected in some way. But Intel trying to pass everything off is bad juju.
Nick2253
Wizard
- Joined
- Apr 21, 2014
- Messages
- 1,633
Detailed POCs for both exploits... beware, this is NOT light reading:
https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
jgreco
Resident Grinch
- Joined
- May 29, 2011
- Messages
- 18,680
"compromise"? Well that's kind of playing with words.
https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
- Joined
- Feb 15, 2014
- Messages
- 20,194
It is a small sigh. "The boss can't make hide nor hair of these metric booby traps" small.
My read of the Xen advisory says Meltdown does compromise the memory of the hypervisor and other guests without their patch. They were mapping the entire physical memory into the VM(under 5TiB), and relying on the paging protections.
Good news: the Windows patch hasn't turned my desktop to molasses.
Good news: the Windows patch hasn't turned my desktop to molasses.
- Joined
- Aug 19, 2017
- Messages
- 1,556
- Joined
- Feb 15, 2014
- Messages
- 20,194
Apparently, Intel can patch the hard part - Spectre - in microcode, to some extent*. Which makes it that much more confusing that they're not capable of issuing patches for Meltdown.
*Well, they're not fixing it. They're setting things up so that software can avoid some of the behavior, almost certainly with performance costs.
*Well, they're not fixing it. They're setting things up so that software can avoid some of the behavior, almost certainly with performance costs.
It sounds like Meltdown is OS-patch only(or new chips), while Spectre has partial microcode fix and some recompiling to use special instructions to protect areas of code vulnerable to branch prediction analysis.
I think the difference between the two is that meltdown is stealing data at rest, while Spectre is analyzing the more fluid behavior of instructions in another process. So, change the instructions.
I think the difference between the two is that meltdown is stealing data at rest, while Spectre is analyzing the more fluid behavior of instructions in another process. So, change the instructions.
JoshDW19
Community Hall of Fame
- Joined
- May 16, 2016
- Messages
- 1,077
For anyone that's interested, Kris posted a comment on the FreeNAS subreddit in regards to these exploits.
"Rest assured we are all just as eager for a fix as you. We are working with our FreeBSD folks now and will hopefully have a release with the fixes in the near future. One of the bugs in particular is a particularly non-trivial problem and we want to avoid any major performance penalty, so we are trying to make sure it is fixed "right". We'll post more updated information as we have it. Thanks!"
https://www.reddit.com/r/freenas/comments/7o21us/meltdown_and_spectre_concerns/ds7bwui/
"Rest assured we are all just as eager for a fix as you. We are working with our FreeBSD folks now and will hopefully have a release with the fixes in the near future. One of the bugs in particular is a particularly non-trivial problem and we want to avoid any major performance penalty, so we are trying to make sure it is fixed "right". We'll post more updated information as we have it. Thanks!"
https://www.reddit.com/r/freenas/comments/7o21us/meltdown_and_spectre_concerns/ds7bwui/
jgreco
Resident Grinch
- Joined
- May 29, 2011
- Messages
- 18,680
Well it isn't really relevant to FreeNAS, except insofar as people will end up paying a performance penalty. FreeNAS systems generally don't have random untrusted code running on them, except perhaps in jails. Unfortunately, the problem still needs to be fixed upstream, where that isn't true, and the upstream fixes will impact FreeNAS downstream.
- Joined
- Feb 15, 2014
- Messages
- 20,194
One interesting possibility is to effectively trust non-jailed processes while treating jailed processes to their own, sanitized page tables.
Spectre seems to mostly focus (for now) on branch prediction, poisoning the branch predictor to take (or not) branches into regions that are to be leaked, causing interesting regions of memory to be loaded into cache - but with some elbow grease, this can be done by a process that does have the right to read said region. Again, the leak then happens through a cache timing attack.
Now that I think about it, the reason Meltdown probably doesn't get a microcode patch is likely to be a lack of internal registers to keep track of prefetches that haven't been validated yet. Lacking that information, large sections of the cache would probably need to be invalidated, causing significant slowdown in memory accesses.
Well, Meltdown is a straightforward "hey, load the address given by whatever's at this other address" scheme that results in many non-AMD CPUs actually going far enough to load it into cache, regardless of whether it's meant to be accessible. It's then leaked from the cache by a timing attack.
Spectre seems to mostly focus (for now) on branch prediction, poisoning the branch predictor to take (or not) branches into regions that are to be leaked, causing interesting regions of memory to be loaded into cache - but with some elbow grease, this can be done by a process that does have the right to read said region. Again, the leak then happens through a cache timing attack.
Now that I think about it, the reason Meltdown probably doesn't get a microcode patch is likely to be a lack of internal registers to keep track of prefetches that haven't been validated yet. Lacking that information, large sections of the cache would probably need to be invalidated, causing significant slowdown in memory accesses.
- Status
Related topics on forums.truenas.com for thread: "Meltdown / Spectre Discussion"
Similar threads
- Locked
