From owner-freebsd-security@freebsd.org Fri Jan 5 02:41:21 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E715CEA8CBB for ; Fri, 5 Jan 2018 02:41:21 +0000 (UTC) (envelope-from freebsd.ed.lists@sumeritec.com) Received: from mx12-out5.antispamcloud.com (mx12-out5.antispamcloud.com [46.165.232.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 94CE16F2E6 for ; Fri, 5 Jan 2018 02:41:21 +0000 (UTC) (envelope-from freebsd.ed.lists@sumeritec.com) Received: from [153.92.8.106] (helo=srv31.niagahoster.com) by mx35.antispamcloud.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1eXHwV-00088k-Da for freebsd-security@freebsd.org; Fri, 05 Jan 2018 03:41:12 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sumeritec.com; s=default; h=Content-Transfer-Encoding:Content-Type: MIME-Version:References:In-Reply-To:Message-ID:Subject:To:From:Date:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=txK6Pz4Ps+ShP4pqMa1FlxcDeSvkSTtMAesEYThyyRQ=; b=ggBeHoRmfUx0W4kaJvp7X8vF9F FjQQuWNfV4SbTG+lZ73xcLEKrVz51P3CtqKc/cvHUf5u8yq4iQ4mSddLyHc9SVSiWyQFCMgXZpv4T 0B/D17mhJyCGJS9Ni46uB494Y21+z9bE6GRwaCbOfk4sulxgVkeYGpaUfUz7ehVwCstHq/XTZV1L9 +k3/5c3SiinVn7HDupbfNpm7ON7jNXrPL7JoQ8BoKvGr0WnjylrWrOlLkCmHffM2sBOI4rQH3Hj+e Y8Z/12+6UkQzR4HtZH4AiAoPTbUPtul+j2JthsIJdbUHdeIpW4k5XpzXsBb8ogKS1sT4ecZgmS0Cr kxkIxtSQ==; Received: from subs08-103-10-67-165.three.co.id ([103.10.67.165]:63366 helo=X220.sumeritec.com) by srv31.niagahoster.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1eXHvj-0008AC-EL for freebsd-security@freebsd.org; Fri, 05 Jan 2018 09:40:23 +0700 Date: Fri, 5 Jan 2018 10:40:20 +0800 From: Erich Dollansky To: freebsd-security@freebsd.org Subject: Re: Intel hardware bug Message-ID: <20180105104020.51c2a742.freebsd.ed.lists@sumeritec.com> In-Reply-To: <86vaghu0ps.fsf@desk.des.no> References: <02563ce4-437c-ab96-54bb-a8b591900ba0@FreeBSD.org> <19876.1515025752@segfault.tristatelogic.com> <20180104132807.266fe46c.freebsd.ed.lists@sumeritec.com> <86vaghu0ps.fsf@desk.des.no> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-AuthUser: freebsd.ed.lists@sumeritec.com X-Originating-IP: 153.92.8.106 X-AntiSpamCloud-Domain: out.niagahoster.com X-AntiSpamCloud-Username: niaga Authentication-Results: antispamcloud.com; auth=pass (login) smtp.auth=niaga@out.niagahoster.com X-AntiSpamCloud-Outgoing-Class: unsure X-AntiSpamCloud-Outgoing-Evidence: Combined (0.19) X-Recommended-Action: accept X-Filter-ID: EX5BVjFpneJeBchSMxfU5tmdcpJdnWV2Vhiz634GuXcXv9krsgRhBn0ayn6qsUc7lCeNIXfjqpSe UiX0XTvcPqfm1maHdAncSkRuP6ipcKfnx8yeplRO3sLIqUlSH7OGPaCEWmBvanFxv5Jk0fC5vywe u0y55YfYug69rU0O7vpLHeKWm+N/u/LV8U8yCyCamdySlZou9qHIGOZDEEo7Oz5PFcTrVJ+zvZvH ArjfByGtQdjfscDSJuG5MqyTGgAPMlw2eBB5w7fOyMq2QAtv4H5+HsgsCFnQw5RRvfPvanfgRcGA xD53rdbVx7JJx2IYTn/nIOG7l2M5BF99f8EUtNOyOZ0LCWyRLTW+ixPGoQGc7n7zay64jR5I1ayb CJrfx9537/7rZ2H1fP4wGxurimbdDoD390nzzgliUnnZRwXSYJerErquhGL/2cp9hA/QYw3U+6fD JowgRNrCFqltRJEbriqr9OJ0Q12Y+nq43Ic/2Jb+MUDCV6Z92vdi8cBprSOIPpeqwlm2NDGXIJ2x 7Ee2ptr3YOxz4xICp+ATaf3lbKfM/L/KiAe8F7/DDm6TlAi1iGhdNcs+Yle1GiLgvTl4lidU1b80 J2t/rYe9m+T+DoqBsC/uQMsclP8aiBJ2SSzm7P5LFQTh7xAIEq/JAOP/OUUiyoxKCnwuNYv1rN6V sHlNXcCdbxR/aQgzOMboEvUJ0lgG1/w0tyuWnShPbysavtI/BpoTTR0m9vx748g+ePukY31yweyg GiaBPV1Kfqb5R4VemuUI6bcEARsm0ASAg3ACsLVYcMwnzM6V4gQ3iiZtVhbV1vIcdJN0W2QuBIdw bMEc9U7OFQR0XkTUr1ss+n2ffnQxt6aJ7klZab+otuHJEaECIIhJNxMS+c0bF+8gN8ax9LqntRCm aHw627KnGFLUSfQxoCgjbv9bX5I= X-Report-Abuse-To: spam@quarantine1.antispamcloud.com X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2018 02:41:22 -0000 Hi, On Thu, 04 Jan 2018 16:01:51 +0100 Dag-Erling Sm=C3=B8rgrav wrote: > Erich Dollansky writes: > > Intel used segments to separate things everybody hated. =20 >=20 > Everybody hated segment-level memory protection, but the i386 also good that hate is meanwhile illegal. > introduced page-level memory protection, which was widely used and has > since been expanded to provide features that were never available at > the segment level. Yes, but instead of combining both, the segment registers were set to point to the same memory locations disabling the additional protection given by the segments. >=20 > > Intel introduced later the rings, everybody ignored. =20 >=20 > Not at all. They just don't use all four. Unless you start looking > at hardware virtualization extensions, which introduce additional > protection levels. It was just abusing them to replace the supervisor flag other processors have or have had. >=20 > > Instead of keeping the things separated - as suggested by Intel's > > design - people used shortcuts whenever possible. =20 >=20 > This is irrelevant. We are talking about timing-based side-channel > attacks. The attacker is not able to access protected memory > directly, but is able to deduce its contents by repeatedly performing > illegal memory accesses and then checking how they affect the cache. Directly yes, not if the kernel memory would be always in a different segment. It would land then in cache only when memory near segment bounds are accessed. Which could be easily avoided. Anyway, we cannot turn the clock back now. I just wanted to mention that Intel has had different thoughts those days. I am not even sure if Intel engineers remember this. Erich