From owner-freebsd-arch@freebsd.org Sat Jan 6 16:31:44 2018 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 880BAEC0B78 for ; Sat, 6 Jan 2018 16:31:44 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5296975731 for ; Sat, 6 Jan 2018 16:31:44 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-io0-x234.google.com with SMTP id w188so8807603iod.10 for ; Sat, 06 Jan 2018 08:31:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=h6OI70j7BH1CsMhyDXPLWMy6nSQUdJa1qNrd5c24qZU=; b=p26tdeuP4XDdEjuSXCUSaY+ZFRObPgLfslUFrIWHAU8u2infsVe/NcJIIRVymGl0Wj TV8iuhHNAZsqfOPJu4xKEYo8crMHxgSerOcnyW58JCyPWucGlB6bj/TB9gZmQ5yxIRKn gA/yJSW27om3lSRsHbApzq1FxcCabugMK2I9XALcjOJe0kCZN+Zls2FEv0+cXDAtPa50 zWNb1HQWURQ24W+UOJxmBgIHdWf9duqe+5da7P2zz+8IcRwc/n5i5O5cyE8HOk2kXWlw 9Mkvft/ml5RFWzxxuYBck2emzQXiI+WhjvEtJl3yCkobOQOlByWGaQu1jwER7JwWWnkL 5MWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=h6OI70j7BH1CsMhyDXPLWMy6nSQUdJa1qNrd5c24qZU=; b=lnt6NRpHtHKtWnU2cqVJLQ4V8vTJ7eVbRFtqeFQwW+DGcEZijHQRJNYFgiGkgBDSXN x44Lg9qO2R/d5yOy0QmL7HHR4Cg8ntRBoFNLviMTZgDpiNdR7z4G7iAH/NAZI+VJjJSj H/uZCXK4QCrcOGekBihOjSTdrLxZpxMIbpYLrIrn127zpEUlY4EczRD23HzGFHriix18 +HzjVGEVjIn9AV4ifzqYqSsDYY8RIDiNzSEoFmHY4KAQGx9iWXD3FgVLBD5BNfwWbDUg F/fkAJLBo8nB3XHvidJiAMNGQLfZEQxrDFGhDXVmMvcUEsDu9aKM07gMqTD+xBnTlh8g DgOA== X-Gm-Message-State: AKwxytcmBMdYET4xl6hkG3tRw2BXT7G75nagl24eDgM9Uzs8G6ajzeph DxU1W1FZpFeduO+1xd1D/jn7GKy5U4zxAkyZKOIXTw== X-Google-Smtp-Source: ACJfBosH70NxeKd9hGga//yXlTQA1lxCtwfiWMsBVfVjJSZZr2qxLI6XxpuTew9HIDFzHb6HYoE9OL7Ck6gMBlPHYs0= X-Received: by 10.107.78.12 with SMTP id c12mr6278684iob.63.1515256303292; Sat, 06 Jan 2018 08:31:43 -0800 (PST) MIME-Version: 1.0 Sender: wlosh@bsdimp.com Received: by 10.79.160.217 with HTTP; Sat, 6 Jan 2018 08:31:42 -0800 (PST) X-Originating-IP: [2603:300b:6:5100:1052:acc7:f9de:2b6d] In-Reply-To: <73d2f1a5-55f7-0ae7-7660-3e680ba3d32e@metricspace.net> References: <33bcd281-4018-7075-1775-4dfcd58e5a48@metricspace.net> <73d2f1a5-55f7-0ae7-7660-3e680ba3d32e@metricspace.net> From: Warner Losh Date: Sat, 6 Jan 2018 09:31:42 -0700 X-Google-Sender-Auth: dqnExtGmM5mYdYak8_Ly-fGxTuQ Message-ID: Subject: Re: Fwd: A more general possible meltdown/spectre countermeasure To: Eric McCorkle Cc: Wojciech Puchar , "freebsd-hackers@freebsd.org" , "freebsd-arch@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jan 2018 16:31:44 -0000 On Sat, Jan 6, 2018 at 9:12 AM, Eric McCorkle wrote: > On 01/06/2018 11:07, Wojciech Puchar wrote: > > sorry for stupid question but for my understanding these attacks works > > as below: > > > > 1) perform access to byte not allowed virtual address and use next > > instruction to store relative to private space so cache is filled > > depending on value that one shouldn't be able to access. > > > > 2) as kernel get trap on access violation it will generate SIGSEGV or > > SIGBUS which is directed by application using signal(2) so it can be > > ignored. > > > > 3) other part of code perform some timing magic and detects this way > > where cache is filled - so byte value can be guessed properly. > > > > > > My question is - why simply any access attempts to kernel space cannot > > generate SIGKILL? Of course it would harm program development, but as > > today developers doesn't usually use timesharing machine but have > > private computers, simple sysctl variable would suffice. > > I'd thought of this myself. The problem is that the cache effects could > still be observed by another process. > > While is doesn't defeat the attack, tt does still complicate attacks, so > I think it's worth considering. The problem is that the attempts to access kernel space are speculative. There's no way to get the 'speculative trap' that would have been generated had the code actually executed. There literally is no signal to the kernel this just happened. Warner