search for: mitig

I'm also a bit unclear on that point. I think one input here has to be: what are some example, existing codebases we want to mitigate, and what should the user experience be to mitigate them? I don't think we can make good engineering tradeoffs without having concrete use cases to evaluate. Another point: it seems some mitigation options have already been added to the GNU toolchain <https://www.phoronix.com/scan.php?pa...

Hi everyone! I want to clarify the purpose and design of SESES. Thus far, I've characterized it as an LVI mitigation which is somewhat incorrect. SESES was built as a "big hammer." It is intended to protect against many side channel vulnerabilities (Spectre v1, Spectre v4, LVI, etc, etc) even though it was built in response to LVI. For folks protecting against LVI, this is an option for mitigatio...

...lative cache side-channel vulnerability has been published at https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation, named "straight-line speculation”, CVE-2020-13844. In this email, I'd like to explain the toolchain mitigation we've prepared to mitigate against this vulnerability for AArch64. For the full details of the vulnerability, please follow the above link. The part of the vulnerability that is relevant to the toolchain mitigations is as follows. Some processors may speculatively execute the instructions...

...e Injection: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection Deep dive on Load Value Injection: https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection I wrote this compiler pass that can be used as a last resort mitigation. This pass is based on ideas from Chandler Carruth and Intel. This pass is primarily intended to share with the community as a basis for experimentation and may not be production ready. We are open to upstreaming this pass if there is interest from the community. It can be removed if it become...

Hi folks, Firstly; apologies in advance for what is a head wrecker of keeping on top of the speculative mitigations and also if this is a duplicate email; my first copy didn't seem to make it into the archive. Also a disclaimer that I may have misunderstood elements of the below but please bear with me. I write this hoping to find out a bit more about the state of the relevant kernel patches for the...

...I'm running an up-to-date Centos-7 on an AMD Vishera 6300, 6 core CPU. I note that when I run the redhat script to test for spectre & meltdown I get this result for variant 2: Variant #2 (Spectre): Vulnerable CVE-2017-5715 - speculative execution branch target injection - Kernel with mitigation patches: OK - HW support / updated microcode: NO - IBRS: Not disabled on kernel commandline - IBPB: Not disabled on kernel commandline and when I run the one from github I get this: CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' * Mitigated according to the...

On 6 February 2018 at 20:09, David Newall <openssh at davidnewall.com> wrote: > Do we need to do anything? It's not clear to me how SSH is vulnerable to > Spectre -- that is, how SSH can be used to execute a Spectre attack? I am more concerned with it being the target of a Spectre style attack. There's some long lived private data (host keys in the case of sshd, session keys

Thanks for the notification, Chandler. I also wanted to note that I’ve just posted another component for Spectre mitigation (variant 1), see https://reviews.llvm.org/D41760 and https://reviews.llvm.org/D41761. I believe this is completely complementary to the retpoline mitigation you pointed to at https://reviews.llvm.org/D41723#, which is targeted at mitigating variant 2. Thanks, Kristof On 4 Jan 2018, at 11:23...

Hello all, I've been working for the last month or so on a comprehensive mitigation approach to variant #1 of Spectre. There are a bunch of reasons why this is desirable: - Critical software that is unlikely to be easily hand-mitigated (or where the performance tradeoff isn't worth it) will have a compelling option. - It gives us a baseline on performance for hand-mitigat...

...reasonably large body of code. Hopefully more details soon as folks have time. On Fri, Jan 5, 2018 at 6:15 AM Kristof Beyls <Kristof.Beyls at arm.com> wrote: > Thanks for the notification, Chandler. > > I also wanted to note that I’ve just posted another component for Spectre > mitigation (variant 1), see https://reviews.llvm.org/D41760 and > https://reviews.llvm.org/D41761. > I believe this is completely complementary to the retpoline mitigation you > pointed to at https://reviews.llvm.org/D41723#, which is targeted at > mitigating variant 2. > > Thanks, >...

FYI to all: I've updated the design document to include the newly disclosed variants 1.1 and 1.2 (collectively called Bounds Check Bypass Store or BCBS). There is no change to the proposed implementation which can already robustly mitigate these variants. I've also updated my patch as we have very significant interest in getting at least an early "beta" version of this into the tree and available for experiments right away. Would really appreciate folks making review comments ASAP and bearing with us and tolerating...

Hi all, I saw the retpoline mitigation landed in r323155. Are we ready to merge this to 6.0, or are there any open issues that we're waiting for? Also, were there any followups I should know about? Also, release notes please :-) Thanks, Hans -------------- next part -------------- An HTML attachment was scrubbed... URL: <ht...

...ity – and might potentially ease the requirements on the OS? Thanks! Kristof On 23 Mar 2018, at 11:56, Chandler Carruth via llvm-dev <llvm-dev at lists.llvm.org<mailto:llvm-dev at lists.llvm.org>> wrote: Hello all, I've been working for the last month or so on a comprehensive mitigation approach to variant #1 of Spectre. There are a bunch of reasons why this is desirable: - Critical software that is unlikely to be easily hand-mitigated (or where the performance tradeoff isn't worth it) will have a compelling option. - It gives us a baseline on performance for hand-mitigat...

...> Greetings, > Daniel Migowski > > -----Ursprüngliche Nachricht----- > Von: L.P.H. van Belle [mailto:belle at bazuin.nl] > Gesendet: Dienstag, 6. März 2018 11:49 > An: Daniel Migowski <dmigowski at ikoffice.de> > Betreff: RE: [Samba] Autoaccept all authentications to mitigate disabled guest logins in Windows 10 build 1709 > > Hai, > > Best is to keep this on the list. > But try as Rowland suggest also the option map to guest = Bad User > > > Greetz, > > Louis > > > -----Oorspronkelijk bericht----- > > Van: Daniel...

...tter how dirty is greatly appreciated. Greetings, Daniel Migowski -----Ursprüngliche Nachricht----- Von: L.P.H. van Belle [mailto:belle at bazuin.nl] Gesendet: Dienstag, 6. März 2018 11:49 An: Daniel Migowski <dmigowski at ikoffice.de> Betreff: RE: [Samba] Autoaccept all authentications to mitigate disabled guest logins in Windows 10 build 1709 Hai, Best is to keep this on the list. But try as Rowland suggest also the option map to guest = Bad User Greetz, Louis > -----Oorspronkelijk bericht----- > Van: Daniel Migowski [mailto:dmigowski at ikoffice.de] > Verzonden: dinsd...

...it would be able to read or write any part of /dev/sda including other partitions and the boot sector. Exploits through LVs passed to the guest are also possible, with some limitations. File-backed virtual block devices are not vulnerable. Non-virtio block devices are not vulnerable. This patch mitigates the problem by disabling the SG_IO ioctl passthrough in qemu. Thus if libguestfs is examining an untrusted guest and the libguestfs appliance/daemon is compromised (eg. by executing guest commands, or through some other compromise), then the compromised appliance will not be able to issue the...

...number 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4 (Embedded image moved to file: pic57151.gif) From: "Kelvin Yip" <kelvin at icshk.com> To: <samba at lists.samba.org> Date: 08/07/2015 10:12 Subject: Re: [Samba] Samba 4 - disabling SSLv3 to mitigate POODLE effects Sent by: samba-bounces at lists.samba.org I have file a bug and modified the source code to make samba4 do not use SSLV3, but I am not able to make a patch to this. https://bugzilla.samba.org/show_bug.cgi?id=11076 -----Original Message----- From: samba-bounces at l...

Hi. Both GCC and clang are adding mitigations for Spectre variant 2 although neither have yet made a release and neither are on by default. After trolling through and building release candidate branches for both I believe this is what is required for the ssh programs (although all the dependent libraries will also need to be built with...

I've built & tagged packages for CentOS 6 and 7 4.6.6-9, with XPTI "stage 1" Meltdown mitigation. This will allow 64-bit PV guests to run safely (with a few caveats), but incurs a fairly significant slowdown for 64-bit PV guests on Intel boxes (including domain 0). If you prefer using Vixen / Comet, you can turn it off by adding 'xpti=0' to your Xen command-line. Detailed infor...

...imple, just run pktgen (pktgen_sample01_simple.sh) in >>>> guest and measure PPS on tap on host. >>>> >>>> Thanks >>> >>> Could you supply host configuration involved please? >> >> I wonder how much of that could be caused by Spectre mitigations >> blowing up indirect function calls... >> >> Cheers, >> Ben. > > I won't be surprised. If yes I suggested a way to mitigate the overhead. Did we get better results (lower regression due to indirect calls) with the suggested mitigation ? Just curious.