Opened 6 years ago

Closed 4 days ago

#14673 closed bug (no change required)

Mitigate L1TF (Intel processor vulnerability)

Reported by: waddlesplash Owned by: nobody
Priority: normal Milestone: Unscheduled
Component: System/Kernel Version: R1/Development
Keywords: security Cc: axeld, korli
Blocked By: Blocking:
Platform: All

Description

This is actually both a worse vulnerability than Meltdown, and easier to mitigate, requiring only a change in how we set flags on page tables: https://blogs.technet.microsoft.com/srd/2018/08/14/analysis-and-mitigation-of-l1-terminal-fault-l1tf/

Actually it may already be "mitigated", I just don't know enough to investigate properly.

Change History (4)

comment:1 by waddlesplash, 6 years ago

Cc: axeld korli added

comment:2 by waddlesplash, 6 years ago

Keywords: security added
Summary: Mitigate LT1F (Intel processor vulnerability)Mitigate L1TF (Intel processor vulnerability)

comment:3 by waddlesplash, 6 days ago

The linked post indicates that L1TF can be mitigated by:

1) the physical page referred to by the page frame bits of not present page table entries always contain benign data and/or 2) a high order bit is set in the page frame bits that does not correspond to accessible physical memory.

It appears (1) isn't the case already because we just use ClearTableEntryFlags and not ClearTableEntry in Unmap() in the x86 translation maps.

comment:4 by waddlesplash, 4 days ago

Resolution: no change required
Status: newclosed

Adjustment made in hrev58662, but it only affected kernel maps anyway. I don't think there's anything else that need to be done here.

Note: See TracTickets for help on using tickets.