From owner-freebsd-security@FreeBSD.ORG Tue Mar 10 17:16:38 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4AEE3A9F for ; Tue, 10 Mar 2015 17:16:38 +0000 (UTC) Received: from mail-we0-f178.google.com (mail-we0-f178.google.com [74.125.82.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D86F3ED8 for ; Tue, 10 Mar 2015 17:16:37 +0000 (UTC) Received: by wesw62 with SMTP id w62so3351045wes.8 for ; Tue, 10 Mar 2015 10:16:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=cVupNXRDlOQNty3ZW4jIhCiVcA3v98NvOvM4v6EmYbc=; b=MnpIRqbHlsdleeUpIHtXDN60VY5LFoarIBtMOVgJyWAs21P/ouRQY20eTIbVeApiWX lplDkdhb2yZEcz16PR9LMInPo2O0qSfCgRgyBxcOjjKe7nD2jdZEgfatxW8IJcwCMQ3y 9p7POSior0PxtvNBZDtkcPYABcFSW0sPYs0+m/tAIt/tbH4LcbC7TqGFOnRihPqmWblD LJwOwrB5ncGixNmYYHdNgCtg1KEcXQ2j0lGxpBlVDyglFDPTSh15Q3jX1oMkPIOVaT7j 4ifxpn1aSoc8beM2GhyXHnFe/Mmk7WgeY2VU6JBX3FWXvCK0QKZC6fQF9C3xkX2N5+Fv cweQ== X-Gm-Message-State: ALoCoQlAK08qy6+zcVV3mvIgjlTyXGB40vFnqlN/AWIC11MKjkzMwZzXBmgUFcU4JcHhGAnoZY2j X-Received: by 10.194.88.131 with SMTP id bg3mr71765042wjb.119.1426007789688; Tue, 10 Mar 2015 10:16:29 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.159.133 with HTTP; Tue, 10 Mar 2015 10:15:49 -0700 (PDT) X-Originating-IP: [68.178.93.3] In-Reply-To: <54FE12CE.1000401@digiware.nl> References: <54FE12CE.1000401@digiware.nl> From: Leif Pedersen Date: Tue, 10 Mar 2015 12:15:49 -0500 Message-ID: Subject: Re: DRAM Rowhammer exploits To: "freebsd-security@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Mar 2015 17:16:38 -0000 I have a suggestion. As a simpler measure, would it be possible to implement a test at boot time to determine whether the system is vulnerable? I guess such a test would have to run in the kernel to get the particular memory mapping required. The result would naturally emit a kernel message, but it would be much easier to monitor for automatically if it also set a read-only sysctl. For sure at my company, I would add an alert for such a test on our most accessible systems. I could easily replace any affected hardware on our DMZ and edge networks if I can identify it easily. For that matter, some hardware may not need replacing if I diddle with the over-clocker's BIOS settings. Ongoing monitoring matters because I'd hate to have someone swap hardware or reset the BIOS in an emergency and not know they opened the vulnerability. If the hardware can be worked around, that's very helpful, but the proposals sound like they'd have fairly severe performance impacts and/or be impossible to guarantee for all hardware. On many of our systems, multi-user security is just not an issue, and for them I would choose performance over fixing this problem or replacing the hardware. Indeed, I would keep the hardware removed from sensitive systems to reuse in more protected environments. In any case, I would think that having a reliable test would be very helpful to most of this audience. Without it, I'm fumbling in the dark. Does anyone empathize with this? - Leif