From owner-freebsd-hackers@freebsd.org  Wed Oct 19 19:00:02 2016
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2249EC18C36
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Wed, 19 Oct 2016 19:00:02 +0000 (UTC)
 (envelope-from labeachgeek@gmail.com)
Received: from mail-yw0-x236.google.com (mail-yw0-x236.google.com
 [IPv6:2607:f8b0:4002:c05::236])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id CEA27B7F
 for <freebsd-hackers@freebsd.org>; Wed, 19 Oct 2016 19:00:01 +0000 (UTC)
 (envelope-from labeachgeek@gmail.com)
Received: by mail-yw0-x236.google.com with SMTP id w3so23321004ywg.1
 for <freebsd-hackers@freebsd.org>; Wed, 19 Oct 2016 12:00:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
 bh=emSCnQhcccof3U0Q2j2u5jsp/pg2BN0JvJlZFt+zl/0=;
 b=K1pVMbBhQyyZMNvWc0VYPi36MIs4hSAKaIqq5I3YbCk6sXZkPTl908CxPLjHk3SqDm
 eWGs4LreafPi/kWRZ8aLJHI+4usmzwZaQQgZBEThUQrcoDaN4mdA3eGFE8lkKqe1jyUX
 sJ+wY7Tv4Hp0r+/1pu13I1f1ky0P9zvRy2K0Irq5bTycuaXy7Q4MpcRUpCv4Kxy3Oxh1
 ecaF5dhY0cpacT6I0pR8yDKkr5DkCAWoH4RDGk5ia/jE8b4KOwQP/Omv2UCk5tumRtxQ
 m3rgy0aMpaL7T8qNkVh55pcbA+JWI+jxlwEN8AD5EIykdMgJQfaToRcsfV8+fQKHzZ45
 u5vA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to;
 bh=emSCnQhcccof3U0Q2j2u5jsp/pg2BN0JvJlZFt+zl/0=;
 b=GQzP6JTPQalBwpAYORF55xx57ex1SBOtR+O9XAqd3YrZfrj7u6kG7XPQbwJSBQ84LF
 /uv/nWUs5/prdxHnmp/AUetVPQyGWYhP3VhOtcOpPj2klkkvA2qq9YnKC+B5NdyLTgGh
 5ydpedXGQZzLMb5IpeKCqWQwKI2FvBbb+Nt0Iezo2JCVZbgLPd4C+MYK7dFspg0qwCI1
 8RYWY9PsSSgDjpKn4VZrqyJhaRjomqBeaxjEkc6AuP1sIOh/g1FRf0CTnjFGgh2goWVJ
 RT7UtbwGlCi8fL9jf+mbgIHx7YXEsCfNKGakZTwNSJmO6vPit/o+X4kWZy8K6pIgjOzt
 5NRw==
X-Gm-Message-State: AA6/9RlXpi8MIT4mURgzzb9IkMElUTFmaGoKZKtJ2NXTkknbuUBdQ8O2u1k7dF/LyMwO0JK3tUuGx/aymt1Djw==
X-Received: by 10.202.106.65 with SMTP id f62mr5667837oic.68.1476903600817;
 Wed, 19 Oct 2016 12:00:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.244.12 with HTTP; Wed, 19 Oct 2016 12:00:00 -0700 (PDT)
Received: by 10.202.244.12 with HTTP; Wed, 19 Oct 2016 12:00:00 -0700 (PDT)
In-Reply-To: <CA+CmbWkSsWBGWCe7R-32Qtb8u92RN2VDTShGOKgxvOLrB2-_bQ@mail.gmail.com>
References: <CA+CmbWmNtwz+DfpEt5Gc0Ww3-eTT5DiMVczXgnXgoqc9KfUsxA@mail.gmail.com>
 <CA+CmbW=pOc-McyHrFS8QQy1zxByF4BUO=jqQdsf=J8d_kRi_jw@mail.gmail.com>
 <CA+CmbW=MRGHPRFjX4a_LQveyP80-1wLf44a9Jz2QGvy2KhDOcA@mail.gmail.com>
 <CA+CmbW=a06oqVZnW4uM9ijQWsnbUJq+95oLEbef2tZOQRWejeA@mail.gmail.com>
 <CA+CmbWkGyePScePpVgXSZDZOz1fyUsmrrR9ozR5X9Zoin5a-oQ@mail.gmail.com>
 <CA+CmbWkz9iFco_k5AEkh8dCdFxOkwJY-vUnUCE7JWZsg2waS4g@mail.gmail.com>
 <CA+CmbWkwePCPwoMKgKFqR_J=vBf+OTvnUEME7v7-Cip3De0yUA@mail.gmail.com>
 <CA+CmbW=gJTJDN2KYnwhmau36mJmr2ihQ2h=UwBM7QeCrQMEVaw@mail.gmail.com>
 <CA+CmbWnA3Tu4vgRggKNgL56Tf9LuajRg9HX0KJQ=ZoPbVbPjEQ@mail.gmail.com>
 <CA+CmbW=yR-tkKvuz=oBowb91xn0DkBOBK5W55jGj6mEh0=rY2g@mail.gmail.com>
 <CA+CmbW=gHAtuEMMTKYLdzvr9jipNxmyUY119Z_onB4-hqcsqxg@mail.gmail.com>
 <CA+CmbW=ed85QfP4L+K46Js_MtL7xkxfkXHk1VbxqHRMwcGUYkg@mail.gmail.com>
 <CA+CmbWkSsWBGWCe7R-32Qtb8u92RN2VDTShGOKgxvOLrB2-_bQ@mail.gmail.com>
From: Beach Geek <labeachgeek@gmail.com>
Date: Wed, 19 Oct 2016 14:00:00 -0500
Message-ID: <CA+CmbW=L5fj3pJ0VYbhcHdqVfenhOKt9ZmNpfmOaLqzVpAt9Ow@mail.gmail.com>
Subject: Attacking Branch Predictors to Bypass ASLR
To: freebsd-hackers@freebsd.org
X-Mailman-Approved-At: Wed, 19 Oct 2016 19:11:51 +0000
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2016 19:00:02 -0000

This came across my tech news feed. It's a bit early and more testing is
being done, but I wanted to start a discussion about it.

Does this affect FreeBSD?
If so, severity?
Can this be countered/fixed in the OS?

Link to 13 page paper:
http://www.cs.ucr.edu/~nael/pubs/micro16.pdf

Quotes:

"Today, ASLR-based defenses are
widely adopted in all major Operating Systems (OS), including
Linux [17], Windows [18] and OS X [19]. Smartphone system
software such as iOS [20] and Android [13] also use ASLR."

"We demonstrate that our attack can reliably recover
kernel ASLR in about 60 milliseconds when performed on a real
Haswell processor running a recent version of Linux. Finally, we
describe several possible protection mechanisms, both in software
and in hardware."

Opinions of whether this is a viable hack against FreeBSD systems?

BG