subject:"\[webkit\-dev\] Meltdown and Spectre attacks"

Re: [webkit-dev] Meltdown and Spectre attacks

2018-01-11 Thread Fujii Hironori

Hi Filip,

Thank you for writing the nice article.
https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/

I have a question. What's the reason why the patch (5) isn't shipped yet?

On Sat, Jan 6, 2018 at 4:37 AM, Filip Pizlo  wrote:
> Here is what else is in trunk:
>
> - index masking
> - pointer poisoning
>
> I’m going to write up what our thoughts are shortly. :-)  For now feel free
> to browse the code with those two hints.
>
> -Filip
>
>
> On Jan 5, 2018, at 8:31 AM, Konstantin Tokarev  wrote:
>
>
>
> Hi,
>
> Here's a collection of blog posts from other major browser vendors
> regarding the Meltdown and Spectre attacks:
>
> https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/
>
> https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
>
> https://sites.google.com/a/chromium.org/dev/Home/chromium-security/ssca
>
> Notably, Edge and Firefox are reducing the resolution of
> performance.now(), and all three are disabling SharedArrayBuffer.
>
> This is just a heads-up.
>
>
> Seems like both mitigations are already present in trunk
>
>
> Michael
>
> ___
> webkit-dev mailing list
> webkit-dev@lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
>
> --
> Regards,
> Konstantin
> ___
> webkit-dev mailing list
> webkit-dev@lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
>
>
>
> ___
> webkit-dev mailing list
> webkit-dev@lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
>
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

Re: [webkit-dev] Meltdown and Spectre attacks

2018-01-05 Thread Filip Pizlo

Here is what else is in trunk:

- index masking
- pointer poisoning

I’m going to write up what our thoughts are shortly. :-)  For now feel free to 
browse the code with those two hints.

-Filip


> On Jan 5, 2018, at 8:31 AM, Konstantin Tokarev  wrote:
> 
> 
> 
>> Hi,
>> 
>> Here's a collection of blog posts from other major browser vendors
>> regarding the Meltdown and Spectre attacks:
>> 
>> https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/
>> 
>> https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
>> 
>> https://sites.google.com/a/chromium.org/dev/Home/chromium-security/ssca
>> 
>> Notably, Edge and Firefox are reducing the resolution of
>> performance.now(), and all three are disabling SharedArrayBuffer.
>> 
>> This is just a heads-up.
> 
> Seems like both mitigations are already present in trunk
> 
>> 
>> Michael
>> 
>> ___
>> webkit-dev mailing list
>> webkit-dev@lists.webkit.org 
>> https://lists.webkit.org/mailman/listinfo/webkit-dev 
>> 
> -- 
> Regards,
> Konstantin
> ___
> webkit-dev mailing list
> webkit-dev@lists.webkit.org 
> https://lists.webkit.org/mailman/listinfo/webkit-dev 
> 
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

Re: [webkit-dev] Meltdown and Spectre attacks

2018-01-05 Thread Michael Catanzaro



On Fri, Jan 5, 2018 at 11:32 AM, Konstantin Tokarev  
wrote:

https://bugs.webkit.org/show_bug.cgi?id=181266
https://bugs.webkit.org/show_bug.cgi?id=165503 (prophecy?)


Thanks!

Michael

___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

Re: [webkit-dev] Meltdown and Spectre attacks

2018-01-05 Thread Konstantin Tokarev



05.01.2018, 20:28, "Michael Catanzaro" :
> On Fri, Jan 5, 2018 at 10:31 AM, Konstantin Tokarev 
> wrote:
>>  Seems like both mitigations are already present in trunk
>
> Are there recent commits you can link to? I must have missed them fly
> by.

https://bugs.webkit.org/show_bug.cgi?id=181266
https://bugs.webkit.org/show_bug.cgi?id=165503 (prophecy?)

>
> Michael

-- 
Regards,
Konstantin
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

Re: [webkit-dev] Meltdown and Spectre attacks

2018-01-05 Thread Konstantin Tokarev



> Hi,
> 
> Here's a collection of blog posts from other major browser vendors
> regarding the Meltdown and Spectre attacks:
> 
> https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/
> 
> https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
> 
> https://sites.google.com/a/chromium.org/dev/Home/chromium-security/ssca
> 
> Notably, Edge and Firefox are reducing the resolution of
> performance.now(), and all three are disabling SharedArrayBuffer.
> 
> This is just a heads-up.

Seems like both mitigations are already present in trunk

> 
> Michael
> 
> ___
> webkit-dev mailing list
> webkit-dev@lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
-- 
Regards,
Konstantin
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

Re: [webkit-dev] Meltdown and Spectre attacks

2018-01-05 Thread Yusuke SUZUKI

FYI, Apple also published the statement.

https://support.apple.com/en-us/HT208394

On Sat, Jan 6, 2018 at 1:08 Michael Catanzaro  wrote:

> Hi,
>
> Here's a collection of blog posts from other major browser vendors
> regarding the Meltdown and Spectre attacks:
>
>
> https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/
>
>
> https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
>
> https://sites.google.com/a/chromium.org/dev/Home/chromium-security/ssca
>
> Notably, Edge and Firefox are reducing the resolution of
> performance.now(), and all three are disabling SharedArrayBuffer.
>
> This is just a heads-up.
>
> Michael
>
> ___
> webkit-dev mailing list
> webkit-dev@lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
>
-- 
Regards,
Yusuke Suzuki
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

[webkit-dev] Meltdown and Spectre attacks

2018-01-05 Thread Michael Catanzaro


Hi,

Here's a collection of blog posts from other major browser vendors 
regarding the Meltdown and Spectre attacks:


https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

https://sites.google.com/a/chromium.org/dev/Home/chromium-security/ssca

Notably, Edge and Firefox are reducing the resolution of 
performance.now(), and all three are disabling SharedArrayBuffer.


This is just a heads-up.

Michael

___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

Re: [webkit-dev] Meltdown and Spectre attacks

Re: [webkit-dev] Meltdown and Spectre attacks

Re: [webkit-dev] Meltdown and Spectre attacks

Re: [webkit-dev] Meltdown and Spectre attacks

Re: [webkit-dev] Meltdown and Spectre attacks

Re: [webkit-dev] Meltdown and Spectre attacks

[webkit-dev] Meltdown and Spectre attacks

7 matches

Site Navigation

Mail list logo

Footer information