Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262592AbVEMXr5 (ORCPT ); Fri, 13 May 2005 19:47:57 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262630AbVEMXrH (ORCPT ); Fri, 13 May 2005 19:47:07 -0400 Received: from mx1.redhat.com ([66.187.233.31]:60127 "EHLO mx1.redhat.com") by vger.kernel.org with ESMTP id S262640AbVEMXoe (ORCPT ); Fri, 13 May 2005 19:44:34 -0400 Date: Fri, 13 May 2005 19:44:06 -0400 From: Dave Jones To: Lee Revell Cc: Alan Cox , Matt Mackall , Andy Isaacson , Andi Kleen , "Richard F. Rebel" , Gabor MICSKO , Linux Kernel Mailing List , tytso@mit.edu Subject: Re: Hyper-Threading Vulnerability Message-ID: <20050513234406.GG13846@redhat.com> Mail-Followup-To: Dave Jones , Lee Revell , Alan Cox , Matt Mackall , Andy Isaacson , Andi Kleen , "Richard F. Rebel" , Gabor MICSKO , Linux Kernel Mailing List , tytso@mit.edu References: <1115963481.1723.3.camel@alderaan.trey.hu> <1116009483.4689.803.camel@rebel.corp.whenu.com> <20050513190549.GB47131@muc.de> <20050513212620.GA12522@hexapodia.org> <20050513215905.GY5914@waste.org> <1116024419.20646.41.camel@localhost.localdomain> <1116025212.6380.50.camel@mindpipe> <20050513232708.GC13846@redhat.com> <1116027488.6380.55.camel@mindpipe> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1116027488.6380.55.camel@mindpipe> User-Agent: Mutt/1.4.1i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1606 Lines: 36 On Fri, May 13, 2005 at 07:38:08PM -0400, Lee Revell wrote: > On Fri, 2005-05-13 at 19:27 -0400, Dave Jones wrote: > > On Fri, May 13, 2005 at 07:00:12PM -0400, Lee Revell wrote: > > > On Fri, 2005-05-13 at 23:47 +0100, Alan Cox wrote: > > > > On Gwe, 2005-05-13 at 22:59, Matt Mackall wrote: > > > > > It might not be much of a problem though. If he's a bit off per guess > > > > > (really impressive), he'll still be many bits off by the time there's > > > > > enough entropy in the primary pool to reseed the secondary pool so he > > > > > can check his guesswork. > > > > > > > > You can also disable the tsc to user space in the intel processors. > > > > Thats something they anticipated as being neccessary in secure > > > > environments long ago. This makes the attack much harder. > > > > > > And break the hundreds of apps that depend on rdtsc? Am I missing > > > something? > > > > If those apps depend on rdtsc being a) present, and b) working > > without providing fallbacks, they're already broken. > > > > There's a reason its displayed in /proc/cpuinfo's flags field, > > and visible through cpuid. Apps should be testing for presence > > before assuming features are present. > > > > Well yes but you would still have to recompile those apps. Not if the app is written correctly. See above. Dave - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/