[webkit-dev] Meltdown and Spectre attacks

Fujii Hironori fujii.hironori at gmail.com
Thu Jan 11 14:08:50 PST 2018


Hi Filip,

Thank you for writing the nice article.
https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/

I have a question. What's the reason why the patch (5) isn't shipped yet?

On Sat, Jan 6, 2018 at 4:37 AM, Filip Pizlo <fpizlo at apple.com> wrote:
> Here is what else is in trunk:
>
> - index masking
> - pointer poisoning
>
> I’m going to write up what our thoughts are shortly. :-)  For now feel free
> to browse the code with those two hints.
>
> -Filip
>
>
> On Jan 5, 2018, at 8:31 AM, Konstantin Tokarev <annulen at yandex.ru> wrote:
>
>
>
> Hi,
>
> Here's a collection of blog posts from other major browser vendors
> regarding the Meltdown and Spectre attacks:
>
> https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/
>
> https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
>
> https://sites.google.com/a/chromium.org/dev/Home/chromium-security/ssca
>
> Notably, Edge and Firefox are reducing the resolution of
> performance.now(), and all three are disabling SharedArrayBuffer.
>
> This is just a heads-up.
>
>
> Seems like both mitigations are already present in trunk
>
>
> Michael
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
>
> --
> Regards,
> Konstantin
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
>
>
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
>


More information about the webkit-dev mailing list