From owner-freebsd-security@freebsd.org Mon Jan 8 23:02:54 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A4FF0E698C2 for ; Mon, 8 Jan 2018 23:02:54 +0000 (UTC) (envelope-from oliver.pinter@hardenedbsd.org) Received: from mail-wm0-x243.google.com (mail-wm0-x243.google.com [IPv6:2a00:1450:400c:c09::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3CC287A0CE for ; Mon, 8 Jan 2018 23:02:54 +0000 (UTC) (envelope-from oliver.pinter@hardenedbsd.org) Received: by mail-wm0-x243.google.com with SMTP id a79so17132903wma.0 for ; Mon, 08 Jan 2018 15:02:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=WTcO+kLeHZqLd/YC6Gs9E9KhR7oy1yB+wRDtSwBLXgA=; b=laKtKYglwruNrMbDAxAZq9S84+lYr7/2/xrvoK3IahrvjTVk6y6+D8EDRIQ0WPKesq osK2CrQiObdTsC3Iub08UMdxenVpCQ0D8NediYJ5kF8UmREcFnOWJ+65EfRQ6H9DRKlv uOR2/qiIouuf1IEzrONRbOcH3S+Zk4pnwB0X3aEZkpcNfwmUWgubTMUTRItrC8A06pHn hkE8SH1N4WjDXPzUYupf4WOG0KkDhKtyrj+CqNSH38ZSHrtnMdMMQEswEDcxghUswWuy l5vR7cRFZRV+W8a7zTkeATWbMZl2ntiJ4MEIDuygKVgrD4U5nL8NCCdg3a+bX2EQqTXJ PgqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=WTcO+kLeHZqLd/YC6Gs9E9KhR7oy1yB+wRDtSwBLXgA=; b=E2j3fGzUoMoHElGjsg1TB/gwoFCyV2zFqsokkFvn8Z4paDcwuSxGzxV7LmtuqB2O1T xA7MSAOG9Nnob0S7Pc/c6iFPhfnevTe6LUrUO6oUCJ7xM5HFzhOBRq7Ba9VhxJE+SKLH KW4lrLHesgT/5HyAVrjo6w7R123dKInsZLjaDlNzLm8qY7Yj/pyu0tGGLqMO/YV/VZw5 Kc8us0byCaIrXS+G6GVuq/UOUfUwBSV7lAsiX1Yl0LCdWwBYJiB6dRwHLxGxOjhn9uA1 XZK4dhafIttKzHLGx/cUrNu7hm33pe8/XnEjMOEfkaa431MxwbYTbyw3T7q/bULMdy8s cucg== X-Gm-Message-State: AKwxytftuAnI1SlOnsmpaFjPa07P10MpLt7/6G0iIvWCQFTpC9HgjrJx 84Q6vIvWMGx5SSKBpxDPr6ff3DF5ekdOFOr8pP3mhQ== X-Google-Smtp-Source: ACJfBouGiDFJoZI7v8sJ0Dm/6HJFVC7Bx2sMINu0BF3nv2Fu/Zo0DpqcfNEDYT+pHJUCcKDW8scZMWI9JBxZ5oSFWhA= X-Received: by 10.80.165.253 with SMTP id b58mr57764edc.201.1515452572757; Mon, 08 Jan 2018 15:02:52 -0800 (PST) MIME-Version: 1.0 Received: by 10.80.149.174 with HTTP; Mon, 8 Jan 2018 15:02:52 -0800 (PST) In-Reply-To: <20180108175751.GH9701@gmail.com> References: <20180108175751.GH9701@gmail.com> From: Oliver Pinter Date: Tue, 9 Jan 2018 00:02:52 +0100 Message-ID: Subject: Re: Response to Meltdown and Spectre To: Gordon Tetlow Cc: freebsd-security@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jan 2018 23:02:54 -0000 On 1/8/18, Gordon Tetlow wrote: > By now, we're sure most everyone have heard of the Meltdown and Spectre > attacks. If not, head over to https://meltdownattack.com/ and get an > overview. Additional technical details are available from Google > Project Zero. > https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html > > The FreeBSD Security Team was notified of the issue in late December > and received a briefing under NDA with the original embargo date of > January 9th. Since we received relatively late notice of the issue, our > ability to provide fixes is delayed. > > Meltdown (CVE-2017-5754) > ~~~~~~~~~~~~~~~~~~~~~~~~ > In terms of priority, the first step is to mitigate against the Meltdown > attack (CVE-2017-5754, cited as variant 3 by Project Zero). Work for > this is ongoing, but due to the relatively large changes needed, this is > going to take a little while. We are currently targeting patches for > amd64 being dev complete this week with testing probably running into > next week. From there, we hope to give it a short bake time before > pushing it into the 11.1-RELEASE branch. Additional work will be > required to bring the mitigation to 10.3-RELEASE and 10.4-RELEASE. > > The code will be selectable via a tunable which will automatically turn > on for modern Intel processors and off for AMD processors (since they > are reportedly not vulnerable). Since the fix for Meltdown does incur a > performance hit for any transition between user space and kernel space, > this could be rather impactful depending on the workload. As such, the > tunable can also be overridden by the end-user if they are willing to > accept the risk. > > Initial work can be tracked at https://reviews.freebsd.org/D13797. > Please note this is a work in progress and some stuff is likely to be > broken. > > Spectre (CVE-2017-5753 and CVE-2017-5715) > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > When it comes to the Spectre vulnerabilities, it is much harder to sort > these out. Variant 1 (CVE-2017-5753) is going to require some static > analysis to determine vulnerable use cases that will require barriers to > stop speculation from disclosing information it shouldn't. While we > haven't done the analysis to determine where we are vulnerable, the > number of cases here are supposed to be pretty small. Apparently there > have been some Coverity rules developed to help look for these, but we > are still evaluating what can be done here. > > The other half of Spectre, variant 2 (CVE-2017-5715) is a bit trickier > as it affects both normal processes and bhyve. There is a proposed patch > for LLVM (https://reviews.llvm.org/D41723) that introduces a concept > called 'retpoline' which mitigates this issue. We are likely to pull > this into HEAD and 11-STABLE once it hits the LLVM tree. Unfortunately, > the currently supported FreeBSD releases are using older versions of > LLVM for which we are not sure the LLVM project will produce patches. We > will be looking at the feasibility to backport these patches to these > earlier versions. > > There are CPU microcode fixes coming out when in concert with OS changes > would also help, but that's a bit down the road at the moment. > > > If anything significantly changes I will make additional posts to > clarify as the information becomes available. > > Best regards, > Gordon Tetlow > with security-officer hat on > Thanks for the information and for the hard work too!