search for: mitigations

...Knight <jyknight at google.com> wrote: > One question I have is regarding the mitigation for inline or standalone > assembly files. Generally, I dislike having the assembler mangle code -- it > should just emit exactly what you ask it to, and not be "smart", and such > mitigations are really best done in the compiler. > > But, if there is going to be an implementation of these mitigations added > to assembly (which there's some movement towards doing, although I'm not > clear as to the outcome) it's not clear to me that doing it in *both* places >...

...937 > - http://lists.llvm.org/pipermail/llvm-dev/2020-March/139842.html > - Are there reasons to upstream both approaches? > - Are there reasons against upstreaming both approaches? > > I'm particularly interested in hearing from folks who may use one of these > mitigations. > > For example, Jethro from Fortanix provided feedback (in the #backends > Discord channel) that he would be most interested in seeing Scott approach > upstreamed due to the performance advantage. > > Thanks! > > Zola Bridges > > > On Tue, Mar 10, 2020 at 10:23 AM...

...ulation”, CVE-2020-13844. In this email, I'd like to explain the toolchain mitigation we've prepared to mitigate against this vulnerability for AArch64. For the full details of the vulnerability, please follow the above link. The part of the vulnerability that is relevant to the toolchain mitigations is as follows. Some processors may speculatively execute the instructions immediately following what should be a change in control flow, including RET (returns), BR (indirect jumps) and BLR (indirect function calls). If the speculative execution path contains a suitable code sequence, often describ...

Hi everyone, Some Intel processors have a newly disclosed vulnerability named Load Value Injection. One pager on Load Value Injection: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection Deep dive on Load Value Injection: https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection I wrote this compiler pass that can

Hi folks, Firstly; apologies in advance for what is a head wrecker of keeping on top of the speculative mitigations and also if this is a duplicate email; my first copy didn't seem to make it into the archive. Also a disclaimer that I may have misunderstood elements of the below but please bear with me. I write this hoping to find out a bit more about the state of the relevant kernel patches for the vario...

...RS enabled for User space: NO * IBPB enabled: NO * Mitigation 2 * Kernel compiled with retpoline option: YES * Kernel compiled with a retpoline-aware compiler: UNKNOWN > STATUS: VULNERABLE (Vulnerable: Retpoline without IBPB) So, I"m wondering: 1. has RH in fact released mitigations for this issue for AMD processors, and 2. has AMD released microcode updates for this? I have no idea how to query AMD with such a question, anybody here know? Thanks in advance! -- ---- Fred Smith -- fredex at fcshome.stoneham.ma.us ----------------------------- The eyes...

On 6 February 2018 at 20:09, David Newall <openssh at davidnewall.com> wrote: > Do we need to do anything? It's not clear to me how SSH is vulnerable to > Spectre -- that is, how SSH can be used to execute a Spectre attack? I am more concerned with it being the target of a Spectre style attack. There's some long lived private data (host keys in the case of sshd, session keys

Thanks for the notification, Chandler. I also wanted to note that I’ve just posted another component for Spectre mitigation (variant 1), see https://reviews.llvm.org/D41760 and https://reviews.llvm.org/D41761. I believe this is completely complementary to the retpoline mitigation you pointed to at https://reviews.llvm.org/D41723#, which is targeted at mitigating variant 2. Thanks, Kristof On 4

...y for software systems which receive less detailed scrutiny but remain sensitive to these attacks, this seems like an impractical security model. We need an automatic and systematic mitigation strategy. ### Automatic `lfence` on Conditional Edges A natural way to scale up the existing hand-coded mitigations is simply to inject an `lfence` instruction into both the target and fallthrough destinations of every conditional branch. This ensures that no predicate or bounds check can be bypassed speculatively. However, the performance overhead of this approach is, simply put, catastrophic. Yet it remains th...

Awesome, replied. We've been working on similar things, but didn't have them ready-to-publish due to slightly lower urgency (there are reasonable ways to locally mimic these kinds of things in sensitive areas like the Linux kernel, and even finding code patterns for variant #1 is substantially harder). We have some significantly different APIs we'd like to discuss here based on

FYI to all: I've updated the design document to include the newly disclosed variants 1.1 and 1.2 (collectively called Bounds Check Bypass Store or BCBS). There is no change to the proposed implementation which can already robustly mitigate these variants. I've also updated my patch as we have very significant interest in getting at least an early "beta" version of this into the

Hi all, I saw the retpoline mitigation landed in r323155. Are we ready to merge this to 6.0, or are there any open issues that we're waiting for? Also, were there any followups I should know about? Also, release notes please :-) Thanks, Hans -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hi Chandler, Thank you very much for sharing this! The RFC is pretty lengthy but the far majority of it makes sense to me. I’m sure I’m forgetting to react to some aspects below, but I thought I’d summarize some initial thoughts and questions I had after reading the RFC end-to-end. * I believe the same high-level principles you outline can also be used to implement the same protection on the

On Wed, 2018-03-07 at 02:33 +0000, Daniel Migowski via samba wrote: > Hai, > > Already tried the bad user option. Samba still answers the client > that guest mode is to be used, but here is the problem. Windows 10 > forbids guest mode now because of Security concerns! I need a way for > Samba to accept the challenge response answer regardless of the user > so Windows believes

Hai, Already tried the bad user option. Samba still answers the client that guest mode is to be used, but here is the problem. Windows 10 forbids guest mode now because of Security concerns! I need a way for Samba to accept the challenge response answer regardless of the user so Windows believes it was authenticated. Any hack no matter how dirty is greatly appreciated. Greetings, Daniel Migowski

From: "Richard W.M. Jones" <rjones at redhat.com> CVE-2011-4127 is a serious qemu & kernel privilege escalation bug found by Paolo Bonzini. http://seclists.org/oss-sec/2011/q4/536 An untrusted guest kernel is able to issue special SG_IO ioctls on virtio devices which qemu passes through to the host kernel without filtering or sanitizing. These ioctls allow raw sectors from

Thanks Kelvin I'm a bit confised tho, is this patch already avaiable? if yes, what is the parameter that disable ssl into the smb.conf? Maybe the guys from Enterprise samba have already included the patch into their releases so it's just a maatter of enabling the flag. I'm using sernet-samba-4.2.2 Thanks!

Hi. Both GCC and clang are adding mitigations for Spectre variant 2 although neither have yet made a release and neither are on by default. After trolling through and building release candidate branches for both I believe this is what is required for the ssh programs (although all the dependent libraries will also need to be built with mitiga...

I've built & tagged packages for CentOS 6 and 7 4.6.6-9, with XPTI "stage 1" Meltdown mitigation. This will allow 64-bit PV guests to run safely (with a few caveats), but incurs a fairly significant slowdown for 64-bit PV guests on Intel boxes (including domain 0). If you prefer using Vixen / Comet, you can turn it off by adding 'xpti=0' to your Xen command-line.

...imple, just run pktgen (pktgen_sample01_simple.sh) in >>>> guest and measure PPS on tap on host. >>>> >>>> Thanks >>> >>> Could you supply host configuration involved please? >> >> I wonder how much of that could be caused by Spectre mitigations >> blowing up indirect function calls... >> >> Cheers, >> Ben. > > I won't be surprised. If yes I suggested a way to mitigate the overhead. Did we get better results (lower regression due to indirect calls) with the suggested mitigation ? Just curious.