Any words on Meltdown and Spectre flaw fixes for arm cores

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Author Message
labo
DD-WRT Guru


Joined: 30 Jan 2015
Posts: 676
Location: Texas, USA

PostPosted: Fri Jan 05, 2018 2:23    Post subject: Any words on Meltdown and Spectre flaw fixes for arm cores Reply with quote
Folks, Serious ARM cpu vulnerability: Spectre and Meltdown flaws?

It looks like Meltdown impacts ARM cores as well:
Cortex-A15, Cortex-A57 and Cortex-A72 cores suffer from a variant of Meltdown: protected system registers can be accessed, rather than kernel memory, by user processes. Arm has a detailed white paper and product table, here, describing all its vulnerable cores, the risks, and mitigations.

Spectre flaw:

Arm, Cortex-R7, Cortex-R8, Cortex-A8, Cortex-A9, Cortex-A15, Cortex-A17, Cortex-A57, Cortex-A72, Cortex-A73, and Cortex-A75 cores are affected by Spectre.

Further reads:
http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/

_________________
ASUS GT-BE98 PRO Main: Fiber 5gbps up/down
ASUS AXE16000: AI Mesh node
2 X ASUS RT-AX89X: AI Mesh nodes
QNAP QSW-1208-8C 12-Port 10GbE Switch
XS712T ProSafe 12-Port 10GbE Switch
3 X R9000 DD-WRT Mesh
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Fri Jan 05, 2018 11:21    Post subject: Reply with quote
they also mentioned that the patch/fix is very likely to decrease CPU performance... Sad
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
labo
DD-WRT Guru


Joined: 30 Jan 2015
Posts: 676
Location: Texas, USA

PostPosted: Fri Jan 05, 2018 17:26    Post subject: Reply with quote
Yes, it is expected to slow down from 5% to 25%. not sure how this would impact dd-wrt routers which are already having QOS issues.
_________________
ASUS GT-BE98 PRO Main: Fiber 5gbps up/down
ASUS AXE16000: AI Mesh node
2 X ASUS RT-AX89X: AI Mesh nodes
QNAP QSW-1208-8C 12-Port 10GbE Switch
XS712T ProSafe 12-Port 10GbE Switch
3 X R9000 DD-WRT Mesh
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Fri Jan 05, 2018 17:39    Post subject: Reply with quote
Well for routers this flaw is in most cases irrelevant, this is no multiuser os. in which some client software or another user exploits the system in order to steal your passwords from memory. Thus actually we could skip this patch. But it most likely comes in by regular kernel updates.

Regarding performance, I doubt this will have any influence on routing performance, it might have influence in openvpn performance, as this depends on userspace<->kernelspace data exchange.

Thus all in all no need to worry about anything.

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Prophet01
DD-WRT Novice


Joined: 06 Jan 2018
Posts: 1

PostPosted: Sat Jan 06, 2018 4:53    Post subject: Arm Security Update Reply with quote
There is an update, Kong is right too as they are kernel patches, but i'm not sure what Arm Trusted Firmware patches are and if we can apply them or not.

https://developer.arm.com/support/security-update
code65536
DD-WRT User


Joined: 28 Dec 2011
Posts: 100
Location: .us

PostPosted: Sun Jan 07, 2018 11:42    Post subject: Reply with quote
These vulnerabilities are irrelevant on consumer routers because they are Elevation of Privilege vulnerabilities.

I.e., they first require as a prerequisite that malicious code be executed on your router's system, which is not something that should be happening in the first place (and if it is, you are already screwed--EoP merely increases the potential damage if such a thing happens).

_________________
Buffalo WZR-1750DHP: 34311
TRENDnet TEW-673GRU: 34311
TRENDnet TEW-811DRU: 33986
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum