From owner-cvs-all@FreeBSD.ORG Fri Nov 9 08:27:52 2007 Return-Path: Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E04816A498 for ; Fri, 9 Nov 2007 08:27:52 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd3mo1so.prod.shaw.ca (idcmail-mo1so.shaw.ca [24.71.223.10]) by mx1.freebsd.org (Postfix) with ESMTP id 3D20413C4B9 for ; Fri, 9 Nov 2007 08:27:52 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd4mr3so.prod.shaw.ca (pd4mr3so-qfe3.prod.shaw.ca [10.0.141.214]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0JR8008P0A0EL630@l-daemon> for cvs-all@FreeBSD.org; Fri, 09 Nov 2007 00:26:38 -0700 (MST) Received: from pn2ml9so.prod.shaw.ca ([10.0.121.7]) by pd4mr3so.prod.shaw.ca (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JR800IRGA07HC50@pd4mr3so.prod.shaw.ca> for cvs-all@FreeBSD.org; Fri, 09 Nov 2007 00:26:38 -0700 (MST) Received: from hexahedron.daemonology.net ([24.82.201.197]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with SMTP id <0JR8000B9A06RS70@l-daemon> for cvs-all@FreeBSD.org; Fri, 09 Nov 2007 00:26:31 -0700 (MST) Received: (qmail 34058 invoked from network); Fri, 09 Nov 2007 07:25:52 +0000 Received: from unknown (HELO hexahedron.daemonology.net) (127.0.0.1) by localhost with SMTP; Fri, 09 Nov 2007 07:25:52 +0000 Date: Thu, 08 Nov 2007 23:25:51 -0800 From: Colin Percival In-reply-to: <47337724.9040108@FreeBSD.org> To: Kris Kennaway Message-id: <47340B7F.6040505@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.95.0 References: <200711081945.lA8JjKcW080540@repoman.freebsd.org> <47337724.9040108@FreeBSD.org> User-Agent: Thunderbird 2.0.0.6 (X11/20071102) Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/amd64/amd64 mp_machdep.c src/sys/i386/i386 mp_machdep.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Nov 2007 08:27:52 -0000 Kris Kennaway wrote: > Colin Percival wrote: >> Change the default for hyperthreading (or, generally speaking, cases >> where the L1 cache is shared between CPUs) to disabled for security >> reasons. As in earlier releases, this can be changed by setting >> machdep.hyperthreading_allowed=1 in /boot/loader.conf. >> This is not an MFC -- no seatbelts in CURRENT. > > What are you waiting for to happen in HEAD, To quote core@, whom I agree with on this point: We think this decision should be revisited once at least one of the following occur: new crypto code is made available by crypto vendors to address cache-related attacks, or sufficient work is performed on scheduling and protection mechanisms to prevent the attack from being exploited. > and what work are you doing > to expedite that? When I have time, I'm working on a cryptographic library which is designed from the ground up to be immune to timing and cache-based side channel attacks. Unfortunately my time has been rather limited lately due to the pressing need to eat, but if you know any companies which would be interested in sponsoring this work I'd be very happy to hear from them. Colin Percival