Re: [qubes-users] SWAPGS Side Channel Attack
Thank you Simon for the informative reply. Good to hear there is some progress on Spectre variant 1. I hope something similar to Respectre will be available in the future. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a3a216a4-3b3a-432a-9427-7c00912d0d63%40googlegroups.com.
Re: [qubes-users] SWAPGS Side Channel Attack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2019-09-09 9:45 AM, Simon Gaiser wrote: > [Now with Inline-PGP such that google group doesn't break the signature] > > sergei.puti...@gmail.com: >> Is Qubes affected by the SWAPGS attack? > > From the Bitdefender "white paper" [1] (They reported this vuln.): > > "A quick analysis of the Hyper-V kernel and of the Xen hypervisor kernel > revealed that the SWAPGS instruction is not used, so exploitation is > impossible." > > [1]: > https://businessresources.bitdefender.com/hubfs/noindex/Bitdefender-WhitePaper-SWAPGS.pdf > >> I haven’t found a statement or Security Advisory from Xen. But it >> seems Xen still hasn’t even fixed the original Spectre v1 yet: >> https://xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/ >> At the time of original Spectre, v1 was deemed very hard to exploit on >> Xen, but new variants of v1 like v1.1 and SWAPGS may invalidate that >> hypothesis. > > For Spectre variant 1 my understanding is that they are not aware of a > exploitable code path in Xen. But they are working on hardening. For > example grep the commit log for array_index_nospec or see [2] for an > arbitrary example where they discuss this during review. > > In the long run I hope there will be some compiler assisted technique > instead of manual review, which likely misses cases. But something like > this is not in place currently. See [3] for a description of the > non-public gcc plugin from grsecurity which implements this approach. > > [2]: > https://lists.xenproject.org/archives/html/xen-devel/2018-07/msg00982.html > [3]: https://grsecurity.net/respectre_announce.php > > Simon > Thanks for the informative reply, Simon! - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl13IJgACgkQ203TvDlQ MDDHYw/+KbvGX2gn65Nx331LlnJmc2CgSFXA3t6B53tqomDtGsXY+YK6jRqMXYgW J1END4kYleHw4zF/Qs2VhGmO0JvRFoASpMFGHJWyavMFzWz0PbStvnYAkJrjm9ay eZC91/jdbGgw/5ssyS1wtyD74YAc3vKMwTtmLLztrXfDv8v1V48vCKOcH44K2z/h MzcV1yoqw5zPus4ycDwdudBIwjaNT4+fnMymSJ6+wDjCAkRWi+7eWqVE8WHzIXMu tR3hC+mXWU2Qzmq77PbhTXpq1lp275i4tABEOcXM4lhtopl5HP6B6YLkkIjWqYNv sJsTDFgM7S1IqwFp1ypL9xzGHkqEns5zYmaNklGxJ8Oh6QJlZYbrZ6Zjciq3w+s8 DDipLpmXgT8TFKGN4mmW7U0UjK3a9jeBBxFYRZxRJNFd6h1WkVTm4V/MBKzW7yp+ yUooSSprIxv6mEMS3WVV7l9bQbPLdbqmbel9GLqyali+0t4yEftQME7tk9OWvbuP caUop7Ock1rDtnnlasTYkNWX9hH0sXHAdjcfQlcKi96+w6eg4R9kvrOyLU3rxWHF EmWQv+rLNSd9MKyL8aCb2dIVV6nk/n6yqlQ0AeiUhNrjIbnkja7E0lPZAWdAwWgY OCCHMZmjebseram7hcElk6CJtO6I5yPz5uNbKterNFOX5eGf2X4= =WvGu -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/87020902-5091-40c7-41a4-8ba7633a44c2%40qubes-os.org.
Re: [qubes-users] SWAPGS Side Channel Attack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 [Now with Inline-PGP such that google group doesn't break the signature] sergei.puti...@gmail.com: > Is Qubes affected by the SWAPGS attack? - From the Bitdefender "white paper" [1] (They reported this vuln.): "A quick analysis of the Hyper-V kernel and of the Xen hypervisor kernel revealed that the SWAPGS instruction is not used, so exploitation is impossible." [1]: https://businessresources.bitdefender.com/hubfs/noindex/Bitdefender-WhitePaper-SWAPGS.pdf > I haven’t found a statement or Security Advisory from Xen. But it > seems Xen still hasn’t even fixed the original Spectre v1 yet: > https://xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/ > At the time of original Spectre, v1 was deemed very hard to exploit on > Xen, but new variants of v1 like v1.1 and SWAPGS may invalidate that > hypothesis. For Spectre variant 1 my understanding is that they are not aware of a exploitable code path in Xen. But they are working on hardening. For example grep the commit log for array_index_nospec or see [2] for an arbitrary example where they discuss this during review. In the long run I hope there will be some compiler assisted technique instead of manual review, which likely misses cases. But something like this is not in place currently. See [3] for a description of the non-public gcc plugin from grsecurity which implements this approach. [2]: https://lists.xenproject.org/archives/html/xen-devel/2018-07/msg00982.html [3]: https://grsecurity.net/respectre_announce.php Simon -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE3E8ezGzG3N1CTQ//kO9xfO/xly8FAl12ZYgACgkQkO9xfO/x ly8fVhAAytcPEKgHfchZFSx8b4q0yGijnM2PVS5z7zbYchQtZ3xkgf+6ZxGwauay buD22CE2B+ZMWhgnS3VW5fB28dHQAQeU2BO51zcP8EatlvkVVC8lRa1jzuPKsON5 q2YGarwUott3/tcjL8iOsU9FPfmHbV2mu/hFzt2ZpgqWBGghmtvjpeNzXb+XM1LV ohQoMIS+bRr4IjXpOUlsWCyLF1grpKEB6EfMSCC/o14A8iZqvSMo23nhF0adQwcp 5qZn7Lg572YcSJI7YxjT5D+6f4tIRS3V4yjYbIw2catOz6CozGQfYnX766jPKFFp CnESPKs5EMk7+ayDaOjAvx79/jNjR3aBlajbyg5gkXc5qTj8Zm7MeTy8qnJ4zv4I FrnBcFu1l1/wPWzYvk53ES90XnuRixE2MMHQf/NW5HId6Gn4pWUBkmL5pivoEG5L 1tWT/bAHpnQ50m3UsmP+SJ0K3+mqqoCJgsRh/zcwhtlgABCJl7sst8uCRNsgU9rX YGMVR1kjS2EI8BWwGwGK0wEkKVkmUmNGwRJUTgwA7dgpBEE/tZ6letKM0mF8F40b U3SGdYPrM/OAHlMJijq5MpKXMiKOFemRg4RVDEV3fK8FEEhzN10K3l2TP6PjxaW+ pA/Du6CKFOvXG2pyPrzUwjhdrp4RuQKwdvtHdkdi0UHQEs1mekY= =7n0V -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e4c345f9-7645-2853-5e12-2b70d8f823f9%40invisiblethingslab.com.
Re: [qubes-users] SWAPGS Side Channel Attack
sergei.puti...@gmail.com: > Is Qubes affected by the SWAPGS attack? >From the Bitdefender "white paper" [1] (They reported this vuln.): "A quick analysis of the Hyper-V kernel and of the Xen hypervisor kernel revealed that the SWAPGS instruction is not used, so exploitation is impossible." [1]: https://businessresources.bitdefender.com/hubfs/noindex/Bitdefender-WhitePaper-SWAPGS.pdf > I haven’t found a statement or Security Advisory from Xen. But it > seems Xen still hasn’t even fixed the original Spectre v1 yet: > https://xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/ > At the time of original Spectre, v1 was deemed very hard to exploit on > Xen, but new variants of v1 like v1.1 and SWAPGS may invalidate that > hypothesis. For Spectre variant 1 my understanding is that they are not aware of a exploitable code path in Xen. But they are working on hardening. For example grep the commit log for array_index_nospec or see [2] for an arbitrary example where they discuss this during review. In the long run I hope there will be some compiler assisted technique instead of manual review, which likely misses cases. But something like this is not in place currently. See [3] for a description of the non-public gcc plugin from grsecurity which implements this approach. [2]: https://lists.xenproject.org/archives/html/xen-devel/2018-07/msg00982.html [3]: https://grsecurity.net/respectre_announce.php Simon -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/06688f5c-e93d-3089-bbd5-33f9f8d7c336%40invisiblethingslab.com. signature.asc Description: OpenPGP digital signature
[qubes-users] SWAPGS Side Channel Attack
Is Qubes affected by the SWAPGS attack? I haven’t found a statement or Security Advisory from Xen. But it seems Xen still hasn’t even fixed the original Spectre v1 yet: https://xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/ At the time of original Spectre, v1 was deemed very hard to exploit on Xen, but new variants of v1 like v1.1 and SWAPGS may invalidate that hypothesis. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4c817f24-7431-4451-afb1-9f632c8565d8%40googlegroups.com.