From owner-cvs-all@FreeBSD.ORG Fri Nov 9 08:27:08 2007 Return-Path: Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CCA7C16A417 for ; Fri, 9 Nov 2007 08:27:08 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd2mo3so.prod.shaw.ca (idcmail-mo1so.shaw.ca [24.71.223.10]) by mx1.freebsd.org (Postfix) with ESMTP id 99C8C13C481 for ; Fri, 9 Nov 2007 08:27:08 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd3mr6so.prod.shaw.ca (pd3mr6so-qfe3.prod.shaw.ca [10.0.141.21]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0JR800BZD9ZW8T30@l-daemon> for cvs-all@FreeBSD.org; Fri, 09 Nov 2007 00:26:20 -0700 (MST) Received: from pn2ml3so.prod.shaw.ca ([10.0.121.147]) by pd3mr6so.prod.shaw.ca (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JR800EU59ZW9510@pd3mr6so.prod.shaw.ca> for cvs-all@FreeBSD.org; Fri, 09 Nov 2007 00:26:21 -0700 (MST) Received: from hexahedron.daemonology.net ([24.82.201.197]) by l-daemon (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with SMTP id <0JR800HKQ9ZV8R60@l-daemon> for cvs-all@FreeBSD.org; Fri, 09 Nov 2007 00:26:20 -0700 (MST) Received: (qmail 34051 invoked from network); Fri, 09 Nov 2007 07:25:41 +0000 Received: from unknown (HELO hexahedron.daemonology.net) (127.0.0.1) by localhost with SMTP; Fri, 09 Nov 2007 07:25:41 +0000 Date: Thu, 08 Nov 2007 23:25:40 -0800 From: Colin Percival In-reply-to: <47337940.6040909@root.org> To: Nate Lawson Message-id: <47340B74.9070004@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.95.0 References: <200711081945.lA8JjKcW080540@repoman.freebsd.org> <47337724.9040108@FreeBSD.org> <47337940.6040909@root.org> User-Agent: Thunderbird 2.0.0.6 (X11/20071102) Cc: cvs-src@FreeBSD.org, Kris Kennaway , src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/amd64/amd64 mp_machdep.c src/sys/i386/i386 mp_machdep.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Nov 2007 08:27:08 -0000 Nate Lawson wrote: > I'm still waiting for what will be done to prevent the attack on > uniprocessor or multi-core machines (shared L2). Continuing to focus on > hyperthreading is like locking the screen door on your submarine. Exploiting the a cache collision channel through the L2 cache is much harder than through the L1 cache, and is likely impossible under many circumstances (OpenSSL has been fixed to prevent the most easily exploitable cache side channel). In addition, there are other attacks, e.g., using shared branch prediction tables, to which hyperthreaded processors are vulnerable but which do not affect multicore systems at all. Rather than locking the screen door on a submarine, I'd say that a more apt comparison would be turning off a fire hydrant even though a garden hose is still running. I recommend the use of more sophisticated countermeasures against side channel attacks where highly sensitive keying material is concerned; but this does not invalidate the utility of applying such a very simple countermeasure which prevents a very easy attack. Colin Percival