Re: Spectre

To: coypu%sdf.org@localhost
Subject: Re: Spectre
From: maya%netbsd.org@localhost
Date: Thu, 18 Jan 2018 02:19:28 +0000

On Thu, Jan 18, 2018 at 12:37:11AM +0000, coypu%sdf.org@localhost wrote:
> - Variant 1 seems possible to avoid with low cost. It will likely result
>   in an error somewhere along the line, which is detectable. Flushing
>   the entire cache on userret will make it hard to exploit. Do all
>   bound checks failing result in an easily noticed error?

On further thought, this won't be sufficient protection.
It only protects assuming we:
- Cache memory
- Time access to memory
- Flush cache
- Time access to now cached memory

Flushing on userret/kernel entry is not sufficient because I am assuming
it will need a second trip to userland. it does not, assuming we can
construct our own perfect gadget.

References:
- Spectre
  - From: coypu

Prev by Date: Re: /dev/ksyms permissions
Next by Date: Re: Spectre
Previous by Thread: Re: Spectre
Next by Thread: Re: Spectre
Indexes:

Home | Main Index | Thread Index | Old Index