Meltdown is very easy to exploit, and doesn't need heavy CPU usage (well, the
obvious exploit is dumping all of kernel data space, which might be somewhat
slower than a memcpy() of that data. :-)
Essentially, you run a loop that uses speculative memory tests to load a unique
userspace cache line for each bit of kernel memory, and after loading some
cache lines, you check to see if those userspace locations are in the cache. If
you stick lo L1 cache, you can do this concurrently on multiple cores. But you
don't need multiple cores, one will do.
That assumes that you are running a program that wants to read your kernel data
looking for passwords in the clear, etc.
Sceptre may require heavy CPU usage, but Meltdown doesn't.
Depending on how you set up your "home router", you might allow "infected" or
"trojan" programs to run in userspace there. I wouldn't do that, because
hardware is cheap. But some people like to throw all kinds of server code into
their router setups - even stuff like node.js servers.
The really core issue with Meltdown at the highest level is that the kernel is
addressable from userspace, except for the "privilege level" in the page table
entries. That's a couple of bits between userspace and data that userspace
isn't supposed to ever see. And those bits are ignored during specutlative
execution's memory accesses.
-----Original Message-----
From: "Dave Taht" <dave.t...@gmail.com>
Sent: Thursday, January 4, 2018 9:53am
To: "Jonathan Morton" <chromati...@gmail.com>
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] KASLR: Do we have to worry about other arches than
x86?
On Thu, Jan 4, 2018 at 6:49 AM, Jonathan Morton <chromati...@gmail.com> wrote:
>> On 4 Jan, 2018, at 3:59 pm, Dave Taht <dave.t...@gmail.com> wrote:
>>
>> Alan cox has been doing a good job of finding the good stuff. Power
>> and the IBM z-series are also affected.
>
> Conversely, the ARM-1176, Cortex-A7 and Cortex-A53 cores used by various
> iterations of the Raspberry Pi are not affected. These are all in-order
> execution CPUs with short pipelines, and I think they're representative of
> what you'd want in CPE.
Well, I'd hope that this string of bugs stalls deployment of more
advanced arches in this space until the speculative execution bugs are
fully resolved.
(and I *vastly* prefer short pipelines)
> - Jonathan Morton
>
--
Dave Täht
CEO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-669-226-2619
_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel
_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel
