From owner-freebsd-security@freebsd.org  Thu Jan  4 15:03:25 2018
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A8B2EEBAE5C
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Thu,  4 Jan 2018 15:03:25 +0000 (UTC) (envelope-from des@des.no)
Received: from smtp.des.no (smtp.des.no [194.63.250.102])
 by mx1.freebsd.org (Postfix) with ESMTP id 6F0EB6D7D7
 for <freebsd-security@freebsd.org>; Thu,  4 Jan 2018 15:03:25 +0000 (UTC)
 (envelope-from des@des.no)
Received: from desk.des.no (smtp.des.no [194.63.250.102])
 by smtp.des.no (Postfix) with ESMTP id 450A410479;
 Thu,  4 Jan 2018 15:03:24 +0000 (UTC)
Received: by desk.des.no (Postfix, from userid 1001)
 id DC26C5CE0B; Thu,  4 Jan 2018 15:01:51 +0000 (UTC)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Erich Dollansky <freebsd.ed.lists@sumeritec.com>
Cc: "Ronald F. Guilmette" <rfg@tristatelogic.com>,
 "freebsd-security\@freebsd.org" <freebsd-security@freebsd.org>
Subject: Re: Intel hardware bug
References: <02563ce4-437c-ab96-54bb-a8b591900ba0@FreeBSD.org>
 <19876.1515025752@segfault.tristatelogic.com>
 <20180104132807.266fe46c.freebsd.ed.lists@sumeritec.com>
Date: Thu, 04 Jan 2018 16:01:51 +0100
In-Reply-To: <20180104132807.266fe46c.freebsd.ed.lists@sumeritec.com> (Erich
 Dollansky's message of "Thu, 4 Jan 2018 13:28:07 +0800")
Message-ID: <86vaghu0ps.fsf@desk.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jan 2018 15:03:25 -0000

Erich Dollansky <freebsd.ed.lists@sumeritec.com> writes:
> Intel used segments to separate things everybody hated.

Everybody hated segment-level memory protection, but the i386 also
introduced page-level memory protection, which was widely used and has
since been expanded to provide features that were never available at the
segment level.

> Intel introduced later the rings, everybody ignored.

Not at all.  They just don't use all four.  Unless you start looking at
hardware virtualization extensions, which introduce additional
protection levels.

> Instead of keeping the things separated - as suggested by Intel's
> design - people used shortcuts whenever possible.

This is irrelevant.  We are talking about timing-based side-channel
attacks.  The attacker is not able to access protected memory directly,
but is able to deduce its contents by repeatedly performing illegal
memory accesses and then checking how they affect the cache.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no