他這篇一看就有明顯錯誤
他說AMD在Linux核心開啟BPF JIT的情況下有Meltdown
引用:
(2018/01/04 更新)
目前已知 Meltdown 問題除了下列 Intel 處理器之外,ARM Cortex A75 也會受到影響
(ARM 官方表示 Cortex A72、Cortex A57、Cortex A15 也有使用類似的機制,
但由於可以從中獲取的資料並不會揭露禁止存取暫存器的結構,因此被認為不需要進行修正),
而 AMD 的部分則是只在 Linux 核心開啟 BPF JIT 的情況下才會受影響,
至於 Specture 問題則是近代處理器幾乎通通有獎。
|
GPZ官方的文件
引用:
A PoC for variant 1 that, when running with normal user privileges under a modern Linux kernel with a distro-standard config, can perform arbitrary reads in a 4GiB range [3] in kernel virtual memory on the Intel Haswell Xeon CPU. If the kernel's BPF JIT is enabled (non-default configuration), it also works on the AMD PRO CPU. On the Intel Haswell Xeon CPU, kernel virtual memory can be read at a rate of around 2000 bytes per second after around 4 seconds of startup time.
|
看GPZ官方的文件只是說他們驗證variant 1時,在Linux開啟eBPF JIT時可以執行出
用戶權限可任意讀取核心記憶體裡4GiB範圍的資料,這在Haswell Xeon跟AMD PRO
CPU都能成功
引用:
This section explains the common theory behind all three variants and the theory behind our PoC for variant 1 that, when running in userspace under a Debian distro kernel, can perform arbitrary reads in a 4GiB region of kernel memory in at least the following configurations:
Intel Haswell Xeon CPU, eBPF JIT is off (default state)
Intel Haswell Xeon CPU, eBPF JIT is on (non-default state)
AMD PRO CPU, eBPF JIT is on (non-default state)
|
這段是說他們驗證variant 1時最少需要以下配置
Intel Haswell Xeon CPU, eBPF JIT關閉 (預設)
Intel Haswell Xeon CPU, eBPF JIT開啟 (非預設)
AMD PRO CPU, eBPF JIT開啟 (非預設)
引用:
This section describes in more detail how variant 1 can be used to leak Linux kernel memory using the eBPF bytecode interpreter and JIT engine. While there are many interesting potential targets for variant 1 attacks, we chose to attack the Linux in-kernel eBPF JIT/interpreter because it provides more control to the attacker than most other JITs.
|
這段是說他們驗證variant 1是靠攻擊eBPF解譯器跟JIT引擎,為什麼選擇攻擊
eBPF解譯器跟JIT引擎,因為比其他JIT能提供更多控制
引用:
Whether the JIT engine is enabled depends on a run-time configuration setting - but at least on the tested Intel processor, the attack works independent of that setting.
|
所以重點是這段,不管開不開JIT,intel的CPU都可以成功被攻擊