Date: Fri, 5 Jan 2018 10:40:20 +0800 From: Erich Dollansky <freebsd.ed.lists@sumeritec.com> To: freebsd-security@freebsd.org Subject: Re: Intel hardware bug Message-ID: <20180105104020.51c2a742.freebsd.ed.lists@sumeritec.com> In-Reply-To: <86vaghu0ps.fsf@desk.des.no> References: <02563ce4-437c-ab96-54bb-a8b591900ba0@FreeBSD.org> <19876.1515025752@segfault.tristatelogic.com> <20180104132807.266fe46c.freebsd.ed.lists@sumeritec.com> <86vaghu0ps.fsf@desk.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Thu, 04 Jan 2018 16:01:51 +0100 Dag-Erling Sm=C3=B8rgrav <des@des.no> wrote: > Erich Dollansky <freebsd.ed.lists@sumeritec.com> writes: > > Intel used segments to separate things everybody hated. =20 >=20 > Everybody hated segment-level memory protection, but the i386 also good that hate is meanwhile illegal. > introduced page-level memory protection, which was widely used and has > since been expanded to provide features that were never available at > the segment level. Yes, but instead of combining both, the segment registers were set to point to the same memory locations disabling the additional protection given by the segments. >=20 > > Intel introduced later the rings, everybody ignored. =20 >=20 > Not at all. They just don't use all four. Unless you start looking > at hardware virtualization extensions, which introduce additional > protection levels. It was just abusing them to replace the supervisor flag other processors have or have had. >=20 > > Instead of keeping the things separated - as suggested by Intel's > > design - people used shortcuts whenever possible. =20 >=20 > This is irrelevant. We are talking about timing-based side-channel > attacks. The attacker is not able to access protected memory > directly, but is able to deduce its contents by repeatedly performing > illegal memory accesses and then checking how they affect the cache. Directly yes, not if the kernel memory would be always in a different segment. It would land then in cache only when memory near segment bounds are accessed. Which could be easily avoided. Anyway, we cannot turn the clock back now. I just wanted to mention that Intel has had different thoughts those days. I am not even sure if Intel engineers remember this. Erich
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180105104020.51c2a742.freebsd.ed.lists>