Site Navigation

Date:      Fri, 5 Jan 2018 15:25:34 +0000 (UTC)
From:      Jules Gilbert <repeatable_compression@yahoo.com>
To:        =?UTF-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
Cc:        "Ronald F. Guilmette" <rfg@tristatelogic.com>,  Eric McCorkle <eric@metricspace.net>,  Freebsd Security <freebsd-security@freebsd.org>,  Poul-Henning Kamp <phk@phk.freebsd.dk>,  "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>,  FreeBSD Hackers <freebsd-hackers@freebsd.org>,  Shawn Webb <shawn.webb@hardenedbsd.org>,  Nathan Whitehorn <nwhitehorn@freebsd.org>
Subject:   Re: Intel hardware bug
Message-ID:  <302406914.1010662.1515165934929@mail.yahoo.com>
In-Reply-To: <861sj4tlak.fsf@desk.des.no>
References:  <736a2b77-d4a0-b03f-8a6b-6a717f5744d4@metricspace.net> <2594.1515141192@segfault.tristatelogic.com> <809675000.867372.1515146821354@mail.yahoo.com> <861sj4tlak.fsf@desk.des.no>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Ah, sorry I'm wrong.=C2=A0 I apologize.=C2=A0 I won't intrude further.=C2=
=A0 I spoke up because selectively choosing to read sections of kernel memo=
ry is one thing, obtaining useful information from an arbitrary block of ke=
rnel memory you don't get to choose is quite another.
But their are several people here I respect very much and if they say I'm w=
rong about an area they focus on,... me bad.

    On Friday, January 5, 2018, 9:48:50 AM EST, Dag-Erling Sm=C3=B8rgrav <d=
es@des.no> wrote: =20
=20
 Jules Gilbert <repeatable_compression@yahoo.com> writes:
> Sorry guys, you just convinced me that no one, not the NSA, not the
> FSB, no one!, has in the past, or will in the future be able to
> exploit this to actually do something not nice.

The technique has already been proven by multiple independent parties to
work quite well, allowing an attacker to read kernel memory at speeds of
up to 500 kB/s.=C2=A0 But I guess you know better...

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no =20
From owner-freebsd-arch@freebsd.org  Fri Jan  5 15:53:01 2018
Return-Path: <owner-freebsd-arch@freebsd.org>
Delivered-To: freebsd-arch@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BABB9EB0A16;
 Fri,  5 Jan 2018 15:53:01 +0000 (UTC)
 (envelope-from eric@metricspace.net)
Received: from mail.metricspace.net (mail.metricspace.net
 [IPv6:2001:470:1f11:617::107])
 by mx1.freebsd.org (Postfix) with ESMTP id 921806F00F;
 Fri,  5 Jan 2018 15:53:01 +0000 (UTC)
 (envelope-from eric@metricspace.net)
Received: from [192.168.43.57] (mobile-166-171-187-244.mycingular.net
 [166.171.187.244])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate) (Authenticated sender: eric)
 by mail.metricspace.net (Postfix) with ESMTPSA id 1FE5D8900;
 Fri,  5 Jan 2018 15:35:14 +0000 (UTC)
Subject: Re: Intel hardware bug
To: =?UTF-8?Q?C_Bergstr=c3=b6m?= <cbergstrom@pathscale.com>
Cc: Freebsd Security <freebsd-security@freebsd.org>,
 "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>,
 FreeBSD Hackers <freebsd-hackers@freebsd.org>
References: <736a2b77-d4a0-b03f-8a6b-6a717f5744d4@metricspace.net>
 <2594.1515141192@segfault.tristatelogic.com>
 <809675000.867372.1515146821354@mail.yahoo.com>
 <250f3a77-822b-fba5-dcd7-758dfec94554@metricspace.net>
 <CAOnawYpe5V-kUn4tLWKyBcDmsKqUP9-VNRhfDG48VMFWFbq6Vw@mail.gmail.com>
From: Eric McCorkle <eric@metricspace.net>
Message-ID: <755a65eb-b02e-05c5-e1a2-701cfd8bc837@metricspace.net>
Date: Fri, 5 Jan 2018 10:35:13 -0500
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <CAOnawYpe5V-kUn4tLWKyBcDmsKqUP9-VNRhfDG48VMFWFbq6Vw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch/>;
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jan 2018 15:53:01 -0000

On 01/05/2018 09:55, C Bergström wrote:

>     Don't bet on it.  There's reports of AMD vulnerabilities, also for ARM.
>     I doubt any major architecture is going to make it out unscathed.  (But
>     if one does, my money's on Power)
> 
> 
> Nope, the only arch that I'm aware of that gets past this is SPARC(hah!)
> due to the seperate userland and kernel memory virtualization.

Alas, poor Sparc.  I knew them, Horatio...

It looks like Red Hat is indeed reporting Power9 to be vulnerable:

https://access.redhat.com/security/vulnerabilities/speculativeexecution

Unfortunate.  I hope they get fixed silicon out in time for the Talos II
workstation.

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?302406914.1010662.1515165934929>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact