Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 5 Jan 2018 19:59:36 +0800
From:      Erich Dollansky <freebsd.ed.lists@sumeritec.com>
To:        Stefan Esser <se@freebsd.org>
Cc:        Darren Reed <darrenr@freebsd.org>, freebsd-current@freebsd.org
Subject:   Re: Intel CPU design flaw - FreeBSD affected?
Message-ID:  <20180105195936.1ee7d010.freebsd.ed.lists@sumeritec.com>
In-Reply-To: <b735d895-342c-9a7b-4aea-acc371f48c7e@freebsd.org>
References:  <9dda0496-be16-35c6-6c45-63d03b218ccb@protected-networks.net> <CANCZdfra8iS6ptP9Ct401sLum2mZi4dg0KTnkayQjUMbyDc4pQ@mail.gmail.com> <CAGfo=8kDVFvuXVf0572LvBY6e3F0XrxDrj_YE6A9puc3T1S3eQ@mail.gmail.com> <5A4E165B.6040809@freebsd.org> <b735d895-342c-9a7b-4aea-acc371f48c7e@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

On Thu, 4 Jan 2018 15:33:46 +0100
Stefan Esser <se@freebsd.org> wrote:

> Am 04.01.18 um 12:56 schrieb Darren Reed:
> > On 4/01/2018 11:51 AM, Mark Heily wrote:  
> >> On Jan 2, 2018 19:05, "Warner Losh" <imp@bsdimp.com> wrote:
> >>
> >> The register article says the specifics are under embargo still.
> >> That would make it hard for anybody working with Intel to comment
> >> publicly on the flaw and any mitigations that may be underway. It
> >> would be unwise to assume that all the details are out until the
> >> embargo lifts.
> >>
> >>
> >> Details of the flaws are now published at:
> >>
> >> https://meltdownattack.com  
> > 
> > The web page has both: meltdown and spectre.
> > Most people are only talking about meltdown which doesn't hit AMD.
> > spectre impacts *both* Intel and AMD.
> > 
> > SuSE are making available a microcode patch for AMD 17h processors
> > that disables branch prediction:
> > 
> > https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html  
> 
> Disabling branch prediction will have a very noticeable effect on
> execution speed in general (while split page tables only affect
> programs that perform system calls at a high frequency).
> 
> I have not fully read the Meltdown and Spectre papers, yet, but I do
> assume, that the attack at the branch prediction tries to counter
> KASLR, which we do not support at all in FreeBSD.
> 
> So, I guess, we do not have to bother with disabling of branch
> prediction in FreeBSD for the time being?
> 
an attack on KASLR will not work, but any other attack will be get data
from the kernel out. So, FreeBSD is affected but not by the attacks
which will work on the other operating systems. Information still can
be extracted.

Erich



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180105195936.1ee7d010.freebsd.ed.lists>