From owner-freebsd-security@freebsd.org Fri Jan 5 18:24:23 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 35CB0EB83A4; Fri, 5 Jan 2018 18:24:23 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D01AF76945; Fri, 5 Jan 2018 18:24:16 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from udns.ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.14.9/8.14.9) with ESMTP id w05IO4bV079748; Fri, 5 Jan 2018 10:24:10 -0800 (PST) (envelope-from bsd-lists@BSDforge.com) X-Mailer: UDNSMS MIME-Version: 1.0 Cc: "=?UTF-8?B?RnJlZWJzZCBTZWN1cml0eSIgPGZyZWVic2Qtc2VjdXJpdHlAZnJlZWJzZC5vcmc+LCAiRnJlZUJTRCBIYWNrZXJzIiA8ZnJlZWJzZC1oYWNrZXJzQGZyZWVic2Qub3JnPiwgIiBmcmVlYnNkLWFyY2hAZnJlZWJzZC5vcmc+IiA8ZnJlZWJzZC1hcmNoQGZyZWVic2Qub3JnPiwgIkMgQmVyZ3N0csO2bSIgPGNiZXJnc3Ryb21AcGF0aHNjYWxlLmNvbT4=?= In-Reply-To: <755a65eb-b02e-05c5-e1a2-701cfd8bc837@metricspace.net> From: "Chris H" Reply-To: bsd-lists@BSDforge.com To: "Eric McCorkle" Subject: Re: Intel hardware bug Date: Fri, 05 Jan 2018 10:24:10 -0800 Message-Id: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Fri, 05 Jan 2018 18:40:37 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2018 18:24:23 -0000 On Fri, 5 Jan 2018 10:35:13 -0500 "Eric McCorkle" sa= id > On 01/05/2018 09:55, C Bergstr=C3=B6m wrote: >=20 > > Don't bet on it=2E=C2=A0 There's reports of AMD vulnerabilities, also= for ARM=2E > > I doubt any major architecture is going to make it out unscathed=2E= =C2=A0 (But > > if one does, my money's on Power) > >=20 > >=20 > > Nope, the only arch that I'm aware of that gets past this is SPARC(hah!= ) > > due to the seperate userland and kernel memory virtualization=2E >=20 > Alas, poor Sparc=2E I knew them, Horatio=2E=2E=2E Ahh, good ol' SPARC! >=20 > It looks like Red Hat is indeed reporting Power9 to be vulnerable: >=20 > https://access=2Eredhat=2Ecom/security/vulnerabilities/speculativeexecution >=20 > Unfortunate=2E I hope they get fixed silicon out in time for the Talos II > workstation=2E What *I* want to know; is whether they're going to drastically reduce the price on all the affected processors? As it stands, they should be practically giving them away=2E How is it that the burden lies on the OS vendors, and not the manufacturers?! --Chris