1. PTT
  2. PC_Shopping

Re: [情报] Intel严重漏洞 OS更新将会降低效能

楼主: jeff40108 (死得腥羶艳油剂是他)   2018-01-04 21:58:52
※ 引述《bf000777966 (joe)》之铭言:
: LINUS 本人证实苏妈的说法,在新的核心补丁里面排除了AMD的CPU
: "Exclude AMD from the PTI enforcement. Not necessarily a fix, but if AMD is so c
: onfident that they are not affected, then we should not burden users with the ov
: erhead - x86/cpu, x86/pti: Do not enable PTI on AMD processors"
: "AMD processors are not subject to the types of attacks that the kernel page tab
: le isolation feature protects against. The AMD microarchitecture does not allow
: memory references, including speculative references, that access higher privileg
: ed data when running in a lesser privileged mode when that access would result i
: n a page fault."
: Linus Torvalds Trusts Lisa Su's Commitment to AMD CPU Security
: http://go.newsfusion.com/security/item/1108590
Meltdown的原文(PDF论文): https://meltdownattack.com/meltdown.pdf
原理就是利用speculative execution跟out-of-order execution的特性
在产生exception之前赶快把资料读走
论文里还有用intel的TSX隐藏住exception,不让系统发现
6.4 Limitations on ARM and AMD
论文说在AMD跟ARM上虽然也能跑,但是读不出结果
苏妈的说法是他家的CPU禁止任何违法的reference
可信度其实很高(跟论文说的一致)
另一个漏洞叫 Spectre
比meltdown更不直观,也很难patch掉
不过攻击原理很类似(改用机率统计判读)
目前任何有speculative execution的CPU都会中奖
而且要patch的也许不仅是OS而已
一般软件有资安顾虑的都要修改
结论:
Meltdown是重大的漏洞一定要修(至少从第一代的core i就有的)
Spectre也是很大的洞,连手机都会中,不过比较难利用,也很难Patch掉QQ
继续阅读
[菜单] 25K文书机,含萤幕、作业系统、officebat0601Re: [情报] Intel严重漏洞 OS更新将会降低效能kira925[菜单] 20K内含萤幕,电影、文书、LOL/ROTurnelife[菜单] 帮朋友组约50K含萤幕+OS 吃鸡电脑wingogo80428[请益] VEGA56/64 如果有货的话,该选哪一张?smkingpkRe: [菜单] 10k文书办公机(已买lipi[菜单] 60k吃鸡游戏机 菜单line121212[菜单] 20k以内文书工作机jimmylee816[菜单] 30k游戏机 请益wwrayRe: [请益] gtx1060 问题请益tyler930030

Links booklink

Contact Us: admin [ a t ] ucptt.com