From owner-freebsd-current@freebsd.org Thu Jan 4 21:07:33 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 201B6EB731D for ; Thu, 4 Jan 2018 21:07:33 +0000 (UTC) (envelope-from imb@protected-networks.net) Received: from mail.protected-networks.net (mail.protected-networks.net [IPv6:2001:470:8d59:1::8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protected-networks.net", Issuer "Protected Networks CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id DE99F17B4 for ; Thu, 4 Jan 2018 21:07:32 +0000 (UTC) (envelope-from imb@protected-networks.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= protected-networks.net; h=content-transfer-encoding :content-language:content-type:content-type:in-reply-to :mime-version:user-agent:date:date:message-id:from:from :references:subject:subject; s=201508; t=1515100050; bh=jMDl2asf UZjV2UtagU83SwXEq7WMrDn0IxrxwIsCgCs=; b=RCKYR6QYg0aV0PanPu+WJJFP bRt/jXkk3BFRoiIxA1OthISjVc5lVJt1NbYuJ44rDvux1B3n1j4SB/SHWd0nn/CA F2aib8rB+hEORqSWCat9IGiRN4hsPnz1C1MvUnIexj92tZ6A1zOtNeuK5aH2tnm7 SVZavEe7RYPjaykfgVw= Received: from toshi.auburn.protected-networks.net (toshi.auburn.protected-networks.net [192.168.1.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: imb@mail.protected-networks.net) by mail.protected-networks.net (Postfix) with ESMTPSA id 9F3AC934C; Thu, 4 Jan 2018 16:07:30 -0500 (EST) Subject: Re: Intel CPU design flaw - FreeBSD affected? // disabling LDTSC To: "Klaus P. Ohrhallinger" , freebsd-current@freebsd.org, jan.kokemueller@gmail.com References: <9dda0496-be16-35c6-6c45-63d03b218ccb@protected-networks.net> <18376c97-3c0d-49c8-9483-96b95a84f3f1@7he.at> From: Michael Butler Openpgp: id=6F63E6399DCC8E3E94D60F0642FF6BAE0442D492; url=0442D492 Message-ID: <02f1caac-b20d-d9bb-ceeb-fd1a2639e6f7@protected-networks.net> Date: Thu, 4 Jan 2018 16:07:19 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jan 2018 21:07:33 -0000 On 01/04/18 14:59, Klaus P. Ohrhallinger wrote: > On 04.01.2018 19:51, Jan Kokemüller wrote: > >> It is possible to emulate a high resolution counter with a thread that >> continuously increments a variable [1]. This is the reason why browser >> vendors are currently disabling the SharedArrayBuffer feature [2]. >> >> [1]: https://gist.github.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6#gistcomment-2311156 >> [2]: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ > > I tried the phtread example from [1] but even with some tweaking is does > not work at all. > > This is a multiprocessor system, with moderate load. > > As far as I understand the matter, it can only work if both threads > share the same cpu cache, otherwise the counter variable is either never > up-to-date, or has to be fetched and stored from/to memory, which is way > too slow for this purpose. > > Any suggestions ? > > --- > > CPU: Intel(R) Xeon(R) CPU E5420 @ 2.50GHz (2500.14-MHz > K8-class CPU) > FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs > FreeBSD/SMP: 2 package(s) x 4 core(s) Interestingly, the Xeon 5400 series is not listed as vulnerable in the Intel documentation where the 5500 and 5600s are; I checked as I have a bunch of E5440s in service. https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr imb