From owner-freebsd-security@freebsd.org  Fri Jan 12 18:52:09 2018
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A610EE75D0B
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Fri, 12 Jan 2018 18:52:09 +0000 (UTC)
 (envelope-from brett@lariat.org)
Received: from mail.lariat.net (mail.lariat.net [66.62.230.51])
 by mx1.freebsd.org (Postfix) with ESMTP id 7258D79D05
 for <freebsd-security@freebsd.org>; Fri, 12 Jan 2018 18:52:09 +0000 (UTC)
 (envelope-from brett@lariat.org)
Received: from Toshi.lariat.org (IDENT:ppp1000.lariat.net@localhost
 [127.0.0.1]) by mail.lariat.net (8.9.3/8.9.3) with ESMTP id LAA17145;
 Fri, 12 Jan 2018 11:51:59 -0700 (MST)
Message-Id: <201801121851.LAA17145@mail.lariat.net>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Fri, 12 Jan 2018 11:51:36 -0700
To: Mike Tancsa <mike@sentex.net>, Brett Glass <brett@lariat.org>,
 Oliver Pinter <oliver.pinter@hardenedbsd.org>,
 "Zahrir, Abderrahmane" <Abderrahmane.Zahrir@ca.com>
From: Brett Glass <brett@lariat.org>
Subject: Re: Response to Meltdown and Spectre
Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
In-Reply-To: <b878f894-b005-f93b-c515-6fed466b760a@sentex.net>
References: <CY1PR01MB124768D9AE4AB4D9CDAB565B8F170@CY1PR01MB1247.prod.exchangelabs.com>
 <CAPQ4ffsL40LsNM1deHLeSQtwAcjszqJC+LSd5KiSvncrPiU6jQ@mail.gmail.com>
 <201801121807.LAA16736@mail.lariat.net>
 <b878f894-b005-f93b-c515-6fed466b760a@sentex.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jan 2018 18:52:09 -0000

At 11:26 AM 1/12/2018, Mike Tancsa wrote:

>"The code will be selectable via a tunable which ..." Perhaps wait for
>the final product.
>
>         ---Mike

Yes, I will be eagerly awaiting the final patch! In the meantime, I 
have located some architectural information about the latest Intel 
Atoms which indicates that they are not vulnerable even without the 
patch. As the article at

https://www.anandtech.com/show/6936/intels-silvermont-architecture-revealed-getting-serious-about-mobile/2

from AnandTech (among other sources) explains, even the Atoms that 
do OOE only do it on wholly register-based operations. This means 
that operations which are accelerated and then conditionally 
committed later cannot affect the cache. So, no processor from the 
Atom family should be susceptible to Meltdown or Spectre, and the 
extra security measures can safely be turned off automatically on 
all of them. This would be a big help to those of us who would 
otherwise have to recompile the kernel and/or set a special tunable.

--Brett Glass