Russell On Wed, Jan 3, 2018 at 11:59 PM Russell Reiter <[email protected]> wrote:
> > > On January 3, 2018 10:56:30 PM EST, Dhaval Giani <[email protected]> > wrote: > > > https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html > >gives the gory details > > > >At this point, I cannot stress on how important it is to update your > >systems as soon as your distribution ships them. I am hoping this > >remains to be a once in a lifetime event. > > I admire your optimism. To me it looks like this is a kind of example of > feeping creaturisim in hypervisor's; not necessarily an easy patch. > I am unsure what you are implying. This is a hardware issue which has been fixed in software. There are exploits out already that I am seeing able to run through your web browser. This is serious stuff. Also unsure what this has to do with hypervisors apart from them also needing to mitigate this exploit. > > The idea of the necessity of some sort of kernel isolation has been around > for quite a while. In part as a response to the ease with which userland > interpreters can polute kernelspace. > > https://lwn.net/Articles/39283/ > > I've read that some of the proposed solutions could add as much as a 30% > operational overhead. Not much of an issue for average home users but for > enterprise this could be a real game changer. > The 30% overhead is for a pathological case. A 5-10% overhead is more likely. And do you honestly think that upstream is not going to work on getting that overhead down? Dhaval
--- Talk Mailing List [email protected] https://gtalug.org/mailman/listinfo/talk
