SLAP and FLOP mitigation

[dada_dave]

Hector is often fairly scathing towards security researchers, but in this case he seems to be saying that the two vulnerabilities discovered by researchers already have the appropriate mitigations in hardware, are part of the spec, and it’s effectively a software bug in the browsers not to use them rather than a hardware fault.

Hector Martin (@marcan@treehouse.systems)

HA, so here's why I couldn't reproduce SLAP. m1n1 accidentally turns off the SSBS bit in PSTATE on EL0 calls. It defaults to 1 on CPU startup. [SSBS: Speculative Store Bypass...

social.treehouse.systems

 

[Cmaier]

Hector is often fairly scathing towards security researchers, but in this case he seems to be saying that the two vulnerabilities discovered by researchers already have the appropriate mitigations in hardware, are part of the spec, and it’s effectively a software bug in the browsers not to use them rather than a hardware fault.

Hector Martin (@marcan@treehouse.systems)

HA, so here's why I couldn't reproduce SLAP. m1n1 accidentally turns off the SSBS bit in PSTATE on EL0 calls. It defaults to 1 on CPU startup. [SSBS: Speculative Store Bypass...

social.treehouse.systems

Yep. Just read the thread and looked at prior discussion of those bits. If you are running untrusted code in your own process, you should set the bits appropriately.

 

[Yoused]

Or, you know, you could do business stuff in a different browser, with only one tab open.

 

[dada_dave]

Potential complication with the M4?



Hector Martin surprised;

Hector Martin (@marcan@treehouse.systems)

@never_released@mastodon.social @genkin@infosec.exchange @YuvalYarom@infosec.exchange Isn't it mandatory?

social.treehouse.systems