Opened 6 years ago

Last modified 6 years ago

#718 new enhancement

Implement mitigations for Meltdown and Spectre

Reported by: Jiří Zárevúcky Owned by:
Priority: minor Milestone:
Component: helenos/kernel/amd64 Version: mainline
Keywords: Cc:
Blocker for: Depends on:
See also:


Note: To my knowledge, HelenOS is not used as part of any important infrastructure, so this has low priority.

Change History (5)

comment:1 by Jiří Zárevúcky, 6 years ago

Component: helenos/unspecifiedhelenos/kernel/amd64
Owner: set to Jakub Jermář

comment:2 by Jiří Zárevúcky, 6 years ago

Owner: changed from Jakub Jermář to Jiří Zárevúcky
Status: newassigned

comment:3 by Jiří Zárevúcky, 6 years ago

Owner: Jiří Zárevúcky removed
Status: assignednew

comment:4 by Jakub Jermář, 6 years ago

I suggest we first collect and analyze information regarding which architectures / vendor combinations are exactly affected by each of the two / three attacks. We also need to understand what kind of information can leak for each of these cases (e.g. the entire memory vs. limited portions of user memory temporarily mapped / copied into the kernel, such as contents of IPC buffers before the other side manages to answer the call or the contents of pages during page fault handling, etc.).

One option to consider, especially wrt. your note above, is to treat this merely as a bug in the "simulator" (a.k.a. the CPU) and wait for a fixed version (microcode updates already started appearing) instead of providing a short-term, possibly incomplete mitigations that have negative impact on performance.

comment:5 by Jiří Zárevúcky, 6 years ago

Yeah. One of the mitigation is simply using a newer (as of now unreleased?) version of GCC, and adding a compiler switch. I agree it's best for us to wait and see what action is still necessary when all the CPU and compiler updates are done.

Note: See TracTickets for help on using tickets.