Opened 6 years ago
Last modified 6 years ago
#718 new enhancement
Implement mitigations for Meltdown and Spectre
| Reported by: | Jiří Zárevúcky | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | helenos/kernel/amd64 | Version: | mainline |
| Keywords: | Cc: | ||
| Blocker for: | Depends on: | ||
| See also: |
Description
Note: To my knowledge, HelenOS is not used as part of any important infrastructure, so this has low priority.
https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html
Change History (5)
comment:1 by , 6 years ago
| Component: | helenos/unspecified → helenos/kernel/amd64 |
|---|---|
| Owner: | set to |
comment:2 by , 6 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 6 years ago
| Owner: | removed |
|---|---|
| Status: | assigned → new |
comment:4 by , 6 years ago
comment:5 by , 6 years ago
Yeah. One of the mitigation is simply using a newer (as of now unreleased?) version of GCC, and adding a compiler switch. I agree it's best for us to wait and see what action is still necessary when all the CPU and compiler updates are done.
Note:
See TracTickets
for help on using tickets.
I suggest we first collect and analyze information regarding which architectures / vendor combinations are exactly affected by each of the two / three attacks. We also need to understand what kind of information can leak for each of these cases (e.g. the entire memory vs. limited portions of user memory temporarily mapped / copied into the kernel, such as contents of IPC buffers before the other side manages to answer the call or the contents of pages during page fault handling, etc.).
One option to consider, especially wrt. your note above, is to treat this merely as a bug in the "simulator" (a.k.a. the CPU) and wait for a fixed version (microcode updates already started appearing) instead of providing a short-term, possibly incomplete mitigations that have negative impact on performance.