From owner-freebsd-security@freebsd.org  Wed Jan  3 22:20:09 2018
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C509DEB2626
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed,  3 Jan 2018 22:20:09 +0000 (UTC) (envelope-from jhs@berklix.com)
Received: from land.berklix.org (land.berklix.org [144.76.10.75])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "land.berklix.org", Issuer "land.berklix.org" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 51EFE69434
 for <freebsd-security@freebsd.org>; Wed,  3 Jan 2018 22:20:08 +0000 (UTC)
 (envelope-from jhs@berklix.com)
Received: from mart.js.berklix.net (pD9FA9F51.dip0.t-ipconnect.de
 [217.250.159.81]) (authenticated bits=0)
 by land.berklix.org (8.15.2/8.15.2) with ESMTPSA id w03LDEJi091441
 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
 Wed, 3 Jan 2018 21:13:18 GMT (envelope-from jhs@berklix.com)
Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41])
 by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id w03LEORS077757;
 Wed, 3 Jan 2018 22:14:24 +0100 (CET) (envelope-from jhs@berklix.com)
Received: from fire.js.berklix.net (localhost [127.0.0.1])
 by fire.js.berklix.net (8.14.7/8.14.7) with ESMTP id w03LE5ZL017578;
 Wed, 3 Jan 2018 22:14:18 +0100 (CET) (envelope-from jhs@berklix.com)
Message-Id: <201801032114.w03LE5ZL017578@fire.js.berklix.net>
To: "Freebsd Security" <freebsd-security@freebsd.org>
Subject: Re: Intel hardware bug
From: "Julian H. Stacey" <jhs@berklix.com>
Organization: http://berklix.eu BSD Unix Linux Consultants, Munich Germany
User-agent: EXMH on FreeBSD http://berklix.eu/free/
X-From: http://www.berklix.eu/~jhs/
In-reply-to: Your message "Tue, 02 Jan 2018 20:52:27 -0500."
 <477ab39d-286d-d9a2-d31e-fd5f7f1679a8@sentex.net>
Date: Wed, 03 Jan 2018 22:14:05 +0100
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jan 2018 22:20:09 -0000

Mike Tancsa wrote:
> I am guessing this will impact FreeBSD as well ?
> http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

More URLs:

  https://lkml.org/lkml/2017/12/4/709 
	[patch 00/60] x86/kpti: Kernel Page Table Isolation (was KAISER)

  https://gruss.cc/files/kaiser.pdf Funded by ERC & EU
         KASLR is Dead: Long Live KASLR

  http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table
	July 28, 2017
    	The mysterious case of the Linux Page Table Isolation patches
        ... Ref to FreeBSD

  http://www.bbc.co.uk/news/technology-42553818
	Major flaw in millions of Intel chips revealed

  https://www.theguardian.com/technology/2018/jan/03/major-security-flaw-found-intel-processors-computers-windows-mac-os-linux
        Wed 3 Jan `18 14.24 GMT
	Major security flaw found in Intel processors

  https://twitter.com/aionescu/status/948609809540046849
	9:39 AM - 3 Jan 2018
        MacOS fix the Intel #KPTI Issue? Why yes ... since 10.13.2

  https://twitter.com/aionescu/status/948609809540046849
  https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx?source=isesitlnk0000001&mrr=1.00
	Dec 19, 2017 at 5:10PM
        Intel's CEO Just Sold A Lot of StocK ..
        Krzanich is keeping the bare minimum

  https://github.com/IAIK/KAISER/
	Kernel Address Isolation to have Side-channels Efficiently Removed

  https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/


Upgrades inc reboots of lots of commercial global net servers is
predicted once patches are out for each OS in a few days.  I wonder
what keywords industry will settle on to refer to this by (eg last
time "FOOF bug") Options inc.: KASLR, KAISER, Kernel Address tables,
Intel software mitigation, x86/kpti: Kernel Page Table Isolation.

I don't know what effect this has on FreeBSD, I guess we'll see an
authoritative announcement in a bit, when memory management people
get time to stop coding & drop back to PR, Meanwhile:

  https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/bibliography-osinternals.html

  https://duckduckgo.com/?sites=www.FreeBSD.org%2Cdocs.FreeBSD.org%2Clists.FreeBSD.org%2Cwiki.FreeBSD.org%2Cforums.FreeBSD.org&ka=v&kt=v&kh=1&kj=r2&q=memory+management&submit=Search&ia=web

  https://www.freebsd.org/doc/en_US.ISO8859-1/articles/vm-design/page-table-optimizations.html

  https://forums.freebsd.org/threads/63955/page-2

Cheers,
Julian
-- 
Julian H. Stacey, Computer Consultant, BSD Linux Unix Systems Engineer, Munich
 http://berklix.eu/brexit/ UK stole 3,700,000 votes; 700,000 from Brits in EU.
 http://berklix.eu/queen/  Sign petition before end of 2017.