From owner-freebsd-security@freebsd.org Sun Mar 18 17:59:22 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 88780F67C6D for ; Sun, 18 Mar 2018 17:59:22 +0000 (UTC) (envelope-from jan-mailinglists@demter.de) Received: from mout.kundenserver.de (mout.kundenserver.de [217.72.192.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E37607E7B6 for ; Sun, 18 Mar 2018 17:59:21 +0000 (UTC) (envelope-from jan-mailinglists@demter.de) Received: from wombat.fritz.box ([62.216.207.248]) by mrelayeu.kundenserver.de (mreue101 [212.227.15.183]) with ESMTPSA (Nemesis) id 0Lx70L-1eZcM53Aan-016jA1; Sun, 18 Mar 2018 18:54:08 +0100 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution To: Andrea Venturoli , freebsd-security@freebsd.org References: <20180314042924.E880D1128@freefall.freebsd.org> <337d9fd4-2aa4-609a-6a00-e9ce2be599cc@netfence.it> From: Jan Demter Message-ID: <8deba9d2-17b5-9088-1766-42f9e334df89@demter.de> Date: Sun, 18 Mar 2018 18:54:08 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <337d9fd4-2aa4-609a-6a00-e9ce2be599cc@netfence.it> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:gI3AAESZJadswLLtY/+dAPioxwpWL0i0Ak5YEl3squd86dy2kjB ItheC7Z7N8LcGc7e8ROQaUlhsjaBuGSOEyVHmozuQmeAyFjSYTGIpKt4jGPCU935vdq/R4Y tF1TOtaIPsQ6rnYRrVimCmfVKpkd/K5X+rIm3QhBPST1i8w1xilBRJJUzI44JtnFEOt7mf/ 2aq5w6I2+NJVw1vpkC3wA== X-UI-Out-Filterresults: notjunk:1;V01:K0:aE/+wCqgSeo=:2WEnuoSK5LQIUlBQTiuY4Q N7v8SL46ehOv7UGMpbVWLuhnqqg2MqXlGZNNQRQZAM1LiZojF0mv6LmpMVghJWA3soV6eX/m2 siEiztgkUiXfKe858rvSoRRHHBvx1DYF70vcqiK81kfT35k2fB7hBUyDJDXP+nGVdh51c/hZ/ l8fkEs2CCwCd4QH1/3qe77yvKr3zcj4t/3DEWJSQ0b3NMzra2SkIH+glOG6xunHrRlm4jyTzl 0Sk868kvF6v0ZiYb6eDmdgmsRXNE/Z4OhSneeb1Wy2s1eKeUEofnqM+W3qLACkbTZ2foYett/ WRbVpzC+H2oxceJ+n/LWyfkb4kLl9E9LLn/M80h5yYBDHlhqL8Y2nafapG+MP/tEtveUb9Tzq myqbR77vO0bM8Q+f9oPHb2WwV8Qswsyr8VeEHY7wCjawNr6opysYMjAJKqgZe5PvGOyxiJPFU G4q7UxDPgUIc0H6g+Bo4EIpUuzGrSwCUcwVetCq8e9nIUOs7HtE6LgwIPLNx153DZmXGaLdtu UqWdrPFzJaP+xd0KJJFyZ+EwOtEQRVIfIqqblX+efYwi5XPNC8GTsGviKrxCuRrQ3P6XJibsJ 70DhWwN1t7chlCg2cgDG1un5CjSfc+A0mhEtSCcWW722fNFj9SoPWOve/qP7+VRAQtJHBIjGc sAnzc08GW8XJUVv5Q90jna+51yekC4CNv+vvoFE6YTJAPkKqwmG77GQwE79OtZXG+xaPk2Ix8 IUag8BWawiBgATSyIC+NVGjNFUO/6+n1ERcW5cw0i6xC/xzVS/G7zeFo0YI= X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Mar 2018 17:59:22 -0000 Hi Andrea! Am 16.03.18 um 17:11 schrieb Andrea Venturoli via freebsd-security: > On 03/14/18 05:29, FreeBSD Security Advisories wrote: >> # sysctl vm.pmap.pti >> vm.pmap.pti: 1 > > Of course I find this enabled on the Intel box and not on the AMD one, > but... is PTI in any way affected by a microcode update from Intel? From what I have read so far, I'm pretty certain it isn't planned or even possible to patch this via a microcode update. >> IBRS can be disabled via the hw.ibrs_disable sysctl (and tunable), and >> the >> status can be checked via the hw.ibrs_active sysctl.  IBRS may be >> enabled or >> disabled at runtime.  Additional detail on microcode updates will follow. > > None of the two box seems to have this enabled; on both I see: >> # sysctl -a|grep ibrs >> hw.ibrs_disable: 1 >> hw.ibrs_active: 0 > > Does this mean both machine don't have a good enough microcode or is > just IBRS not enabled by default? IBRS does not seem to be enabled by default: https://reviews.freebsd.org/rS328625 "For existing processors, you need a microcode update which adds IBRS CPU features, and to manually enable it by setting the tunable/sysctl hw.ibrs_disable to 0." > In the first case, I tried finding some information on what microcode is > available for what CPU (I'm interested in several other ones, not only > these two), but failed. Has anyone a pointer? For Intel CPUs, there's this list: https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf > Last question: am I right that devcpu-data is nowaday useless (read no > microcode update anyway) unless this update to base is also installed? The microcode update itself will work, if that is what you meant, but just updating the microcode and not FreeBSD is useless to mitigate Spectre V2. Hope this helps, Jan From owner-freebsd-security@freebsd.org Mon Mar 19 02:48:11 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0827EF69B0F for ; Mon, 19 Mar 2018 02:48:11 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-it0-x234.google.com (mail-it0-x234.google.com [IPv6:2607:f8b0:4001:c0b::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8983B74020 for ; Mon, 19 Mar 2018 02:48:10 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: by mail-it0-x234.google.com with SMTP id u5-v6so8454539itc.1 for ; Sun, 18 Mar 2018 19:48:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=H4G0UxsiZza96nD17gzP6kisnAeUoCF6Vv+lUHL7vfg=; b=YOgDWDSYjcwZTyTAtHd4UsQeX+D4G2hhXI+cI198dEpdAALdI00rzuHdrxr9uwjN6g r08zbJRYpw1iIW+aGIp3SXd5OfXBLx2lPehhTviAOV4i/jUxrhTaWwT60iXYd/tvTkCQ hK67TR1869KOEuuHENqPh7QpoJbXYANI02Is1u0rB+J2k1tbkc9i6MbrZE2OFJFHe7iS PcCmbLtKsurPQWEcNGUEuZeUvW60kqYggCHjsuV9G94Zbyjn5bMlcttywa4ktoRAJoDr KNoYEcjj0D1jxwnqE2U/PSR3cb8m56fFkMHK3hWWoVJGxEillnFHtKs4TNujqI2dKvEH e0JQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=H4G0UxsiZza96nD17gzP6kisnAeUoCF6Vv+lUHL7vfg=; b=HW5K3OAD0g4pRkj0jbO1/l3sJFg0FaTmgjdKaCGNAeJLhKqcPwUsPfrKxIHTu7ZSXg TYMh6lTu9lFL2rJHw+RsBFoCSfe9mUuqdzKwpR9oxJ5VtT18k72He7kC7027LO6LG/3g Npnc5oq7XAzUDhxc3pSenDGqAdLa79umY4wvp98egUsLZgpcGO5JIuJ1v9CtrekBWq6R Fi2qNeKip8JKc7u514V65v+XXie96nU0U/Q1Mj4+TPF8vr1D+9T1tuy1939NCGGy+bbI dODofS36xS9LRjHPsV8y4/cBWaJlWUcT2FbWtotneQMq7cH5iTer5Iqq4foFejhRHJQC 6RJA== X-Gm-Message-State: AElRT7ELZOqaqu1lmPyikAwNh6g5B+egah+sqeZY+R33jYsUIf5A04Qs 8BmAPEf/2KVsLAWgeSBcCAkQ3SjgYv55+jxJ7xmAdw== X-Google-Smtp-Source: AG47ELsNHZ08NSMyB9dHexUDXUZw1KAAeTkhbwHey2z0Fv9P6hnySCbholG46OzAqjKzyhDurM3ltDCgQSNpVcRTu4M= X-Received: by 2002:a24:d241:: with SMTP id z62-v6mr10102508itf.49.1521427689886; Sun, 18 Mar 2018 19:48:09 -0700 (PDT) MIME-Version: 1.0 Sender: carpeddiem@gmail.com Received: by 10.107.163.13 with HTTP; Sun, 18 Mar 2018 19:47:49 -0700 (PDT) In-Reply-To: <8deba9d2-17b5-9088-1766-42f9e334df89@demter.de> References: <20180314042924.E880D1128@freefall.freebsd.org> <337d9fd4-2aa4-609a-6a00-e9ce2be599cc@netfence.it> <8deba9d2-17b5-9088-1766-42f9e334df89@demter.de> From: Ed Maste Date: Sun, 18 Mar 2018 22:47:49 -0400 X-Google-Sender-Auth: ALYnSkuEuSRLb43b1khjnHSFlZM Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution To: Jan Demter Cc: Andrea Venturoli , freebsd-security@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Mar 2018 02:48:11 -0000 On 18 March 2018 at 13:54, Jan Demter wrote: > Hi Andrea! > > Am 16.03.18 um 17:11 schrieb Andrea Venturoli via freebsd-security: >> >> On 03/14/18 05:29, FreeBSD Security Advisories wrote: >>> >>> # sysctl vm.pmap.pti >>> vm.pmap.pti: 1 >> >> Of course I find this enabled on the Intel box and not on the AMD one, >> but... is PTI in any way affected by a microcode update from Intel? > > From what I have read so far, I'm pretty certain it isn't planned or even > possible to patch this via a microcode update. That is correct. Meltdown won't ever be fixed with a microcode update as far as we know, and no microcode update is required for the PTI mitigation. There's one small wrinkle: there are some recent lower-end processors (at least some recent Celerons) which it seems are not susceptible to Meltdown, and after a microcode update will set a bit to indicate this. In that case a microcode update will cause FreeBSD to switch from enabling PTI to disabling it by default -- but that CPU is not affected by Meltdown, with or without the update. > IBRS does not seem to be enabled by default: > https://reviews.freebsd.org/rS328625 > "For existing processors, you need a microcode update which adds IBRS > CPU features, and to manually enable it by setting the tunable/sysctl > hw.ibrs_disable to 0." That is true. Further, we expect the compiler-based retpoline to be the usual mitigation used for Spectre V2, for CPUs before Skylake. Development work for this is still ongoing in -CURRENT. From owner-freebsd-security@freebsd.org Mon Mar 19 10:29:10 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AA44BF634C5 for ; Mon, 19 Mar 2018 10:29:10 +0000 (UTC) (envelope-from ml@netfence.it) Received: from smtp207.alice.it (smtp207.alice.it [82.57.200.103]) by mx1.freebsd.org (Postfix) with ESMTP id 24EE168380 for ; Mon, 19 Mar 2018 10:29:09 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.ventu (79.25.193.209) by smtp207.alice.it (8.6.060.28) id 5AADAC0300A18024; Mon, 19 Mar 2018 11:29:02 +0100 Received: from guardian.ventu (2-234-63-131.ip221.fastwebnet.it [2.234.63.131]) (authenticated bits=0) by soth.ventu (8.15.2/8.15.2) with ESMTPSA id w2JASqd4090853 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 19 Mar 2018 11:28:54 +0100 (CET) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.ventu: Host 2-234-63-131.ip221.fastwebnet.it [2.234.63.131] claimed to be guardian.ventu Subject: Re: FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution To: Jan Demter , freebsd-security@freebsd.org References: <20180314042924.E880D1128@freefall.freebsd.org> <337d9fd4-2aa4-609a-6a00-e9ce2be599cc@netfence.it> <8deba9d2-17b5-9088-1766-42f9e334df89@demter.de> From: Andrea Venturoli Message-ID: <7599974f-d31e-4df1-0b82-6b401461dcca@netfence.it> Date: Mon, 19 Mar 2018 11:28:46 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <8deba9d2-17b5-9088-1766-42f9e334df89@demter.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.83 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Mar 2018 10:29:10 -0000 On 03/18/18 18:54, Jan Demter wrote: >> Of course I find this enabled on the Intel box and not on the AMD one, >> but... is PTI in any way affected by a microcode update from Intel? > > From what I have read so far, I'm pretty certain it isn't planned or > even possible to patch this via a microcode update. Ok, I'm wrong then: I understood Spectre was unfixable, while Intel had provided (or was going to provide) a microcode update to patch (not mitigate) MeltDown. Of course PTI might be a good idea in any case. > For Intel CPUs, there's this list: > https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf Thanks. Altough I was looking for AMD mostly :) > The microcode update itself will work, if that is what you meant, but > just updating the microcode and not FreeBSD is useless to mitigate > Spectre V2. Again, my fault: the "Please update your system in order to update CPU microcode." message led me to a wrong conclusion. bye & Thanks av. From owner-freebsd-security@freebsd.org Tue Mar 20 21:00:08 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E95DDF46784 for ; Tue, 20 Mar 2018 21:00:07 +0000 (UTC) (envelope-from news@mips.inka.de) Received: from mail.inka.de (quechua.inka.de [IPv6:2a04:c9c7:0:1073:217:a4ff:fe3b:e77c]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 870A48751E for ; Tue, 20 Mar 2018 21:00:07 +0000 (UTC) (envelope-from news@mips.inka.de) Received: from localhost by mail.inka.de with local-rmail id 1eyOMX-00065l-Ij; Tue, 20 Mar 2018 22:00:05 +0100 Received: from lorvorc.mips.inka.de (localhost [127.0.0.1]) by lorvorc.mips.inka.de (8.15.2/8.15.2) with ESMTP id w2KKuhwZ086186 for ; Tue, 20 Mar 2018 21:56:43 +0100 (CET) (envelope-from news@lorvorc.mips.inka.de) Received: (from news@localhost) by lorvorc.mips.inka.de (8.15.2/8.15.2/Submit) id w2KKuhOj086185 for freebsd-security@freebsd.org; Tue, 20 Mar 2018 21:56:43 +0100 (CET) (envelope-from news) To: freebsd-security@freebsd.org From: Christian Weisgerber Newsgroups: list.freebsd.security Subject: Re: FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution Date: Tue, 20 Mar 2018 20:56:43 -0000 (UTC) Message-ID: References: <20180314042924.E880D1128@freefall.freebsd.org> <337d9fd4-2aa4-609a-6a00-e9ce2be599cc@netfence.it> <8deba9d2-17b5-9088-1766-42f9e334df89@demter.de> User-Agent: slrn/1.0.3 (FreeBSD) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Mar 2018 21:00:08 -0000 On 2018-03-19, Ed Maste wrote: > There's one small wrinkle: there are some recent lower-end processors > (at least some recent Celerons) which it seems are not susceptible to > Meltdown, and after a microcode update will set a bit to indicate > this. Specifically, Goldmont cores (Apollo Lake, Denverton). -- Christian "naddy" Weisgerber naddy@mips.inka.de