clang way to patch for Spectre?

Karsten König mail at kkoenig.net
Thu Jan 4 18:24:50 UTC 2018


Hi,

On 01/04/2018 18:49, Julian Elischer wrote:
> On 5/1/18 12:02 am, Lev Serebryakov wrote:
>> Hello Freebsd-security,
>>
>> https://reviews.llvm.org/D41723
>>
>>
> not really..
> 
> What's to stop an unprivileged used bringing his own compiler? or a
> precompiled binary?
>

>From my understanding: The patch is only for variant 2 of the Google P0
blog post[0]. Variant 2 describes how to access memory of a VM host from
a guest by tricking kernel modules into caching arbitary inside the CPU
cache. But if these are compiled with the patch[1] an attacker can't
trick the kernel modules or other applications compiled with it.

Best,

Karsten

[0]
https://googleprojectzero.blogspot.de/2018/01/reading-privileged-memory-with-side.html
[1] Which I assume to be correct, I haven't looked into it


More information about the freebsd-security mailing list