On 01/03/2018 09:34 PM, Adam Carter wrote: > > Project Zero (Google) found it; > > https://googleprojectzero.blogspot.com.au/2018/01/reading-privileged-memory-with-side.html > > <https://googleprojectzero.blogspot.com.au/2018/01/reading-privileged-memory-with-side.html> > > > Phoronix has done some benchmarks on the impact of the kernel > based workaround ([Kernel] Page Table Isolation (PSI) nee Kaiser) > > https://www.phoronix.com/scan.php?page=article&item=linux-more-x86pti&num=1 > > <https://www.phoronix.com/scan.php?page=article&item=linux-more-x86pti&num=1> > > > * > * > Re:AMD - Looks like Linus agrees that PTI is not required for AMD > CPUs. Note that the project zero blog mentions that some AMD chips are > subject to some issues*. *There's three CVEs*. > * > * > * > From: > https://www.phoronix.com/scan.php?page=news_item&px=Linux-Tip-Git-Disable-x86-PTI* > * > *"Update:* Linus Torvalds has now ended up pulling > <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=00a5ae218d57741088068799b810416ac249a9ce&utm_source=anz> > the latest PTI fixes that also include the change to disable page > table isolation for now on all AMD CPUs. The commit is in mainline for > Linux 4.15 along with a few basic fixes and ensuring > PAGE_TABLE_ISOLATION is enabled by default. "
According to the Project Zero documentation .... having BPF JIT enabled is the key to the exploit. The way the docs read ... can it be assumed that by having BPF JIT disabled on an AMD, that blocks this exploit? Corbin
