From owner-freebsd-current@freebsd.org Wed Jun 8 15:01:08 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A9986B6F0A6 for ; Wed, 8 Jun 2016 15:01:08 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6DDD41EB8 for ; Wed, 8 Jun 2016 15:01:08 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost.zedat.fu-berlin.de (Exim 4.85) for freebsd-current@freebsd.org with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (envelope-from ) id <1bAeya-001x1d-7k>; Wed, 08 Jun 2016 17:01:00 +0200 Received: from x4e340432.dyn.telefonica.de ([78.52.4.50] helo=thor.walstatt.dynvpn.de) by inpost2.zedat.fu-berlin.de (Exim 4.85) for freebsd-current@freebsd.org with esmtpsa (TLSv1.2:AES256-GCM-SHA384:256) (envelope-from ) id <1bAeyZ-003xEy-Tv>; Wed, 08 Jun 2016 17:01:00 +0200 Date: Wed, 8 Jun 2016 17:01:02 +0200 From: "O. Hartmann" To: FreeBSD CURRENT Subject: CURRENT: bhyve and Kernel SamePage Mergin Message-ID: <20160608170102.6a0ee504.ohartman@zedat.fu-berlin.de> Organization: FU Berlin X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.29; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/rAnmWtY3eRQN8Zc6zhu0xfZ"; protocol="application/pgp-signature" X-Originating-IP: 78.52.4.50 X-ZEDAT-Hint: A X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 15:01:08 -0000 --Sig_/rAnmWtY3eRQN8Zc6zhu0xfZ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable A couple of days I got as a responsible personell for a couple of systems a= warning about the vulnerabilities of the mechanism called "Kernel SamePage Mergin". On th= is year's IEEE symposion there has been submitted a paper by Bosman et al., 2016, describi= ng an attack on KSM. This technique, also referred to as memory/page deduplication, seem= s to be vulnerable by design under certain circumstances. I guess the experts of th= e readers here do already know, but I consider myself a non-expert and therefore, I'd like= to ask about the status of that kind of development in FreeBSD. I read about a project o= f last year's Google Summer of Code 2015 targetting KSM on FreeBSD. In Linux, this deduplication techniques is implemented since kernel 2.6.38 = and Windows Kernel uses this techniques since Windows 8.1 and sibblings (also Windows S= erver). We were strongly advised to disable those "features" in Windows clients, serve= rs and Linux servers, if used. Other papers describe successful attacks on memory contents and ASLR by mis= using KSM. On Windows, mmap() entropy is 19bit, on Linux usually 28bit. And FreeBSD (if planned/used/already implemented?)?=20 If you are interested I could provide links or PDFs of the papers I already= gathered about that subject (it is not much, simply google for "KSM FReeBSD" or KSM = deduplication ASLR). Thanks in advance, oh --Sig_/rAnmWtY3eRQN8Zc6zhu0xfZ Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXWDMuAAoJEOgBcD7A/5N8Uj0IANpXcJh0VstTZpU9e8kLU7Jv E3VZGz6Q8NrV1+b3rqgeID8/8Nbq4/O0dSVaCXQmmOJfAO9vgbFxhZOman5jUbKh JnBSXTYjkKBAsS7oI/HK5/bdXdxNIvo8e+Z7Rwd85HrTFO3n7MaeZ6bSHKEobkQ9 f8dMjpAWtr2FC1QrjpfEl6FyKvJWMo7XzdLarn+h3d5NfG5xtLJwWE8z2Gf0IcW6 VScrzmyEylOH4Alk/asbh4qXl86BzL0wdmo0YeIk+Xb3Y8/v5/DU2XR+KS1KNxG7 md5o6Xp8pECtkMtxtPFnnnoOthI+OTPXc6hxgGalQGWSNEMeXu/jLec8b8Ckp6U= =sdIh -----END PGP SIGNATURE----- --Sig_/rAnmWtY3eRQN8Zc6zhu0xfZ--