-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2019-09-09 9:45 AM, Simon Gaiser wrote:
> [Now with Inline-PGP such that google group doesn't break the signature]
>
>
sergei....@gmail.com:
>> Is Qubes affected by the SWAPGS attack?
>
> From the Bitdefender "white paper" [1] (They reported this vuln.):
>
> "A quick analysis of the Hyper-V kernel and of the Xen hypervisor kernel
> revealed that the SWAPGS instruction is not used, so exploitation is
> impossible."
>
> [1]:
https://businessresources.bitdefender.com/hubfs/noindex/Bitdefender-WhitePaper-SWAPGS.pdf
>
>> I haven’t found a statement or Security Advisory from Xen. But it
>> seems Xen still hasn’t even fixed the original Spectre v1 yet:
>>
https://xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/
>> At the time of original Spectre, v1 was deemed very hard to exploit on
>> Xen, but new variants of v1 like v1.1 and SWAPGS may invalidate that
>> hypothesis.
>
> For Spectre variant 1 my understanding is that they are not aware of a
> exploitable code path in Xen. But they are working on hardening. For
> example grep the commit log for array_index_nospec or see [2] for an
> arbitrary example where they discuss this during review.
>
> In the long run I hope there will be some compiler assisted technique
> instead of manual review, which likely misses cases. But something like
> this is not in place currently. See [3] for a description of the
> non-public gcc plugin from grsecurity which implements this approach.
>
> [2]:
https://lists.xenproject.org/archives/html/xen-devel/2018-07/msg00982.html
> [3]:
https://grsecurity.net/respectre_announce.php
>
> Simon
>
Thanks for the informative reply, Simon!
iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl13IJgACgkQ203TvDlQ
MDDHYw/+KbvGX2gn65Nx331LlnJmc2CgSFXA3t6B53tqomDtGsXY+YK6jRqMXYgW
J1END4kYleHw4zF/Qs2VhGmO0JvRFoASpMFGHJWyavMFzWz0PbStvnYAkJrjm9ay
eZC91/jdbGgw/5ssyS1wtyD74YAc3vKMwTtmLLztrXfDv8v1V48vCKOcH44K2z/h
MzcV1yoqw5zPus4ycDwdudBIwjaNT4+fnMymSJ6+wDjCAkRWi+7eWqVE8WHzIXMu
tR3hC+mXWU2Qzmq77PbhTXpq1lp275i4tABEOcXM4lhtopl5HP6B6YLkkIjWqYNv
sJsTDFgM7S1IqwFp1ypL9xzGHkqEns5zYmaNklGxJ8Oh6QJlZYbrZ6Zjciq3w+s8
DDipLpmXgT8TFKGN4mmW7U0UjK3a9jeBBxFYRZxRJNFd6h1WkVTm4V/MBKzW7yp+
yUooSSprIxv6mEMS3WVV7l9bQbPLdbqmbel9GLqyali+0t4yEftQME7tk9OWvbuP
caUop7Ock1rDtnnlasTYkNWX9hH0sXHAdjcfQlcKi96+w6eg4R9kvrOyLU3rxWHF
EmWQv+rLNSd9MKyL8aCb2dIVV6nk/n6yqlQ0AeiUhNrjIbnkja7E0lPZAWdAwWgY
OCCHMZmjebseram7hcElk6CJtO6I5yPz5uNbKterNFOX5eGf2X4=
=WvGu
-----END PGP SIGNATURE-----