Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262650AbVEMXaW (ORCPT ); Fri, 13 May 2005 19:30:22 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262643AbVEMX3f (ORCPT ); Fri, 13 May 2005 19:29:35 -0400 Received: from mx1.redhat.com ([66.187.233.31]:34011 "EHLO mx1.redhat.com") by vger.kernel.org with ESMTP id S262626AbVEMX1g (ORCPT ); Fri, 13 May 2005 19:27:36 -0400 Date: Fri, 13 May 2005 19:27:08 -0400 From: Dave Jones To: Lee Revell Cc: Alan Cox , Matt Mackall , Andy Isaacson , Andi Kleen , "Richard F. Rebel" , Gabor MICSKO , Linux Kernel Mailing List , tytso@mit.edu Subject: Re: Hyper-Threading Vulnerability Message-ID: <20050513232708.GC13846@redhat.com> Mail-Followup-To: Dave Jones , Lee Revell , Alan Cox , Matt Mackall , Andy Isaacson , Andi Kleen , "Richard F. Rebel" , Gabor MICSKO , Linux Kernel Mailing List , tytso@mit.edu References: <1115963481.1723.3.camel@alderaan.trey.hu> <1116009483.4689.803.camel@rebel.corp.whenu.com> <20050513190549.GB47131@muc.de> <20050513212620.GA12522@hexapodia.org> <20050513215905.GY5914@waste.org> <1116024419.20646.41.camel@localhost.localdomain> <1116025212.6380.50.camel@mindpipe> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1116025212.6380.50.camel@mindpipe> User-Agent: Mutt/1.4.1i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1264 Lines: 29 On Fri, May 13, 2005 at 07:00:12PM -0400, Lee Revell wrote: > On Fri, 2005-05-13 at 23:47 +0100, Alan Cox wrote: > > On Gwe, 2005-05-13 at 22:59, Matt Mackall wrote: > > > It might not be much of a problem though. If he's a bit off per guess > > > (really impressive), he'll still be many bits off by the time there's > > > enough entropy in the primary pool to reseed the secondary pool so he > > > can check his guesswork. > > > > You can also disable the tsc to user space in the intel processors. > > Thats something they anticipated as being neccessary in secure > > environments long ago. This makes the attack much harder. > > And break the hundreds of apps that depend on rdtsc? Am I missing > something? If those apps depend on rdtsc being a) present, and b) working without providing fallbacks, they're already broken. There's a reason its displayed in /proc/cpuinfo's flags field, and visible through cpuid. Apps should be testing for presence before assuming features are present. Dave - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/