Mitigation against side-channel attacks

Discussion about U-Boot and the kernel.

Mitigation against side-channel attacks

Postby mcloaked » Thu Jan 04, 2018 10:18 am

Is it going to be soon that the kernels for all versions of affected arm hardware vulnerable to the Meltdown (KAISER) and Spectre (KPTI) side-channel attacks detailed in https://www.kb.cert.org/vuls/id/584653 will be patched?

Clearly this is now an urgent development since the issues are fully public and the details of the vulnerabilities will become known before too long as well.
mcloaked
 
Posts: 83
Joined: Thu Oct 16, 2014 4:16 pm

Re: Mitigation against side-channel attacks

Postby summers » Thu Jan 04, 2018 12:49 pm

Well sounds like its only the A57/72/73/75 arm processor that is vulnerable to meltdown, so most arm platforms are already OK.

More generally, work arounds to these issues is happening in the mainline kernel development, and I feel sure it is taken as a priority. After all Linus has spoken: https://lkml.org/lkml/2018/1/3/797, so its on his radar.

Arch will then just roll out the kernel update, which in turn will flow down to ArmArch ...

And looks like at least some of this patch set https://lkml.org/lkml/2017/12/4/709 will hit in 4.15 - so not long to wait, probably back ported to 4.14.11 so may already be out in the wild ...

Edit: Looks at least some of the fix will come out in 4.16 kernel: https://lwn.net/Articles/741878/
Last edited by summers on Thu Jan 11, 2018 12:42 pm, edited 4 times in total.
summers
 
Posts: 984
Joined: Sat Sep 06, 2014 12:56 pm

Re: Mitigation against side-channel attacks

Postby WarheadsSE » Thu Jan 04, 2018 4:43 pm

Our kernels do not necessarily align to Arch proper.

All devices capable of using mainline will get these updates as their package versions are rolled code releases that line up.
Core Developer
Remember: Arch Linux ARM is entirely community donation supported!
WarheadsSE
Developer
 
Posts: 6807
Joined: Mon Oct 18, 2010 2:12 pm

Re: Mitigation against side-channel attacks

Postby summers » Thu Jan 04, 2018 6:33 pm

$this->bbcode_second_pass_quote('', 'O')ur kernels do not necessarily align to Arch proper.


Interesting - I knew that some ArmArch platforms were on old kernels for various reasons (mainly because the kernel released by the platform manufacturer is only one known to work well).

But do any ArmArch kernels get updated ahead of Arch proper? I guess Arm patches are held locally (in the pkg build), and so that is independent between Arch and ArmArch, so could upgrade independent?
summers
 
Posts: 984
Joined: Sat Sep 06, 2014 12:56 pm

Re: Mitigation against side-channel attacks

Postby summers » Thu Feb 01, 2018 11:55 am

And interesting much of arm arch has moved to the 4.15 kernel ahead of mainline arch!

In mainline, 4.15 is still in testing.

In arm arch, 4.15 has been rolled out for aarch64 and armv5, but not yet for aam33x.

So arm is ahead, not sure though that either has moved to the new gcc, needed to compile to make use of the retpoline in the kernel.
summers
 
Posts: 984
Joined: Sat Sep 06, 2014 12:56 pm


Return to U-Boot/Kernel

Who is online

Users browsing this forum: No registered users and 7 guests