※ 引述《bf000777966 (joe)》之銘言:
: LINUS 本人證實蘇媽的說法,在新的核心補丁裡面排除了AMD的CPU
: "Exclude AMD from the PTI enforcement. Not necessarily a fix, but if AMD is so c
: onfident that they are not affected, then we should not burden users with the ov
: erhead - x86/cpu, x86/pti: Do not enable PTI on AMD processors"
: "AMD processors are not subject to the types of attacks that the kernel page tab
: le isolation feature protects against. The AMD microarchitecture does not allow
: memory references, including speculative references, that access higher privileg
: ed data when running in a lesser privileged mode when that access would result i
: n a page fault."
: Linus Torvalds Trusts Lisa Su's Commitment to AMD CPU Security
: http://go.newsfusion.com/security/item/1108590
Meltdown的原文(PDF論文): https://meltdownattack.com/meltdown.pdf
原理就是利用speculative execution跟out-of-order execution的特性
在產生exception之前趕快把資料讀走
論文裡還有用intel的TSX隱藏住exception,不讓系統發現
6.4 Limitations on ARM and AMD
論文說在AMD跟ARM上雖然也能跑,但是讀不出結果
蘇媽的說法是他家的CPU禁止任何違法的reference
可信度其實很高(跟論文說的一致)
另一個漏洞叫 Spectre
比meltdown更不直觀,也很難patch掉
不過攻擊原理很類似(改用機率統計判讀)
目前任何有speculative execution的CPU都會中獎
而且要patch的也許不僅是OS而已
一般軟體有資安顧慮的都要修改
結論:
Meltdown是重大的漏洞一定要修(至少從第一代的core i就有的)
Spectre也是很大的洞,連手機都會中,不過比較難利用,也很難Patch掉QQ
--
: LINUS 本人證實蘇媽的說法,在新的核心補丁裡面排除了AMD的CPU
: "Exclude AMD from the PTI enforcement. Not necessarily a fix, but if AMD is so c
: onfident that they are not affected, then we should not burden users with the ov
: erhead - x86/cpu, x86/pti: Do not enable PTI on AMD processors"
: "AMD processors are not subject to the types of attacks that the kernel page tab
: le isolation feature protects against. The AMD microarchitecture does not allow
: memory references, including speculative references, that access higher privileg
: ed data when running in a lesser privileged mode when that access would result i
: n a page fault."
: Linus Torvalds Trusts Lisa Su's Commitment to AMD CPU Security
: http://go.newsfusion.com/security/item/1108590
Meltdown的原文(PDF論文): https://meltdownattack.com/meltdown.pdf
原理就是利用speculative execution跟out-of-order execution的特性
在產生exception之前趕快把資料讀走
論文裡還有用intel的TSX隱藏住exception,不讓系統發現
6.4 Limitations on ARM and AMD
論文說在AMD跟ARM上雖然也能跑,但是讀不出結果
蘇媽的說法是他家的CPU禁止任何違法的reference
可信度其實很高(跟論文說的一致)
另一個漏洞叫 Spectre
比meltdown更不直觀,也很難patch掉
不過攻擊原理很類似(改用機率統計判讀)
目前任何有speculative execution的CPU都會中獎
而且要patch的也許不僅是OS而已
一般軟體有資安顧慮的都要修改
結論:
Meltdown是重大的漏洞一定要修(至少從第一代的core i就有的)
Spectre也是很大的洞,連手機都會中,不過比較難利用,也很難Patch掉QQ
--
All Comments