From owner-freebsd-arch@freebsd.org Sat Jan 6 19:00:24 2018 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68626EC69B2; Sat, 6 Jan 2018 19:00:24 +0000 (UTC) (envelope-from gljennjohn@gmail.com) Received: from mail-wr0-x22a.google.com (mail-wr0-x22a.google.com [IPv6:2a00:1450:400c:c0c::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EE1027AFAC; Sat, 6 Jan 2018 19:00:23 +0000 (UTC) (envelope-from gljennjohn@gmail.com) Received: by mail-wr0-x22a.google.com with SMTP id o15so7067306wrf.12; Sat, 06 Jan 2018 11:00:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=y/9jrmvhifUSJWS2amKTdaYeaaTWEWa/Ro0O/My4ppI=; b=ffajEtLxsUavF7T0nFW7kbSZnOd4+iWbhJSqkhMeCxB4l/Ie7s3IN60bO57WcT3KJ3 1ULme51H4GJPw5mwKc7V0LPbMDroJVoLlEsujv0gUQXifw31u3q/uC1OiBZ/b8IAhUrs C+9Bf4gyWkKZkYb3UeAluJpiN7n0i1+UdpFgF4oIzz48qwjcHKBp2APR7Hdedg0kxpdh 4VhVBl7ddYn7+tIKYPbLZmPCG/ZXjeGXroyCVGB/Gf34dw4ncaJwFJB/mrAf/Nf9Z3ls vU4Q93d2wxLgk+ujHyQd4NZmHQ7KRzm7iLYw3YP/9X+AaHFC94ju0tuXF9DmAO0RNEc6 cl1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:reply-to:mime-version:content-transfer-encoding; bh=y/9jrmvhifUSJWS2amKTdaYeaaTWEWa/Ro0O/My4ppI=; b=I9PnPBi9bqFfRCQdUpzRHsAFrEmg3c3F8C6ukmL/2rl0Oh6prbMTemQpPWJg0IV1ML WDFIPMN5Tz1cKKgwy3dpc4XfgV41Rw/9e5yJcu55Ut2ZWkhOnD8qFSWTUSKiOpO3FBoq qdDRlN71HBVDzwuCEf96EDy34f5HUEGS6+51os0yZ8SYgh/2M2MG5XoSl0cSdNKpUiPj xbzJgz+HrBgFKfbKkAK7LZFvyz8IIigVFuTyHI4/5NCsiJESgpuGX5HTLJreb74VMRkU RD8n3fk8x6hIMkr0neW8KziF1zxkyucSHnu4ozKEAwBICnNxFUIE9UXT6USI1pXMI3Pc Jw2Q== X-Gm-Message-State: AKGB3mLxobfs+Tw5kfVdPPuRXIXwsDHx27m9hiKiCZXdouFg4sprDxdR X2mOPCfdK+wn1OY4/DpxlPE= X-Google-Smtp-Source: ACJfBosL9Zvtk0A2DjkMio8tfgJdKONQg9C7rAMY/VbWmqrkhJa/rpeNUKucpB9nJdSyfC1uxwnuNQ== X-Received: by 10.223.164.207 with SMTP id h15mr5897330wrb.59.1515265222539; Sat, 06 Jan 2018 11:00:22 -0800 (PST) Received: from ernst.home (p5B023419.dip0.t-ipconnect.de. [91.2.52.25]) by smtp.gmail.com with ESMTPSA id p107sm4457934wrc.61.2018.01.06.11.00.21 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 06 Jan 2018 11:00:21 -0800 (PST) Date: Sat, 6 Jan 2018 20:00:20 +0100 From: Gary Jennejohn To: Warner Losh Cc: Wojciech Puchar , Eric McCorkle , "freebsd-hackers@freebsd.org" , "freebsd-arch@freebsd.org" Subject: Re: A more general possible meltdown/spectre countermeasure Message-ID: <20180106200020.051c4149@ernst.home> In-Reply-To: References: <33bcd281-4018-7075-1775-4dfcd58e5a48@metricspace.net> <73d2f1a5-55f7-0ae7-7660-3e680ba3d32e@metricspace.net> Reply-To: gljennjohn@gmail.com X-Mailer: Claws Mail 3.16.0 (GTK+ 2.24.31; amd64-portbld-freebsd12.0) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jan 2018 19:00:24 -0000 On Sat, 6 Jan 2018 10:04:54 -0700 Warner Losh wrote: > On Sat, Jan 6, 2018 at 9:53 AM, Wojciech Puchar wrote: > > > While is doesn't defeat the attack, tt does still complicate > >> attacks, so > >> I think it's worth considering. > >> > >> > >> The problem is that the attempts to access kernel space are speculative. > >> There's no way to get the 'speculative trap' that would > >> have been generated had the code actually executed. There literally is no > >> signal to the kernel this just happened. > >> > >> Warner > >> > >> > >> f..k. so there are no real workarounds. Anyway - if CPU companies would > > be honest they would replace at least all server CPUs that are on warranty > > > The only workaround that's completely effective is to unmap all of kernel > memory when running in userland. It's a bit tricky because there's small > parts that have to stay mapped for various architectural reasons. This > means KASLR on these CPUs likely can never be effective since meltdown will > let you find what the trap address is and from that find the kernel (though > there's some rumblings that the indirection Linux is doing will suffice). > This point is addressed in one of the papers. KAISER only maps small parts of the address space, which are apparently required for special use, in both the kernel and user space. Otherwise, the kernel and user space do not share any part of the memory map. The conclusion in the paper is that, yes, a small part of memory is still common to both the kernel and user space, but if KASLR is used, then it will be very difficult to identify these ranges. -- Gary Jennejohn