Kernel memory leaking on Intel CPUs?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
45 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Kernel memory leaking on Intel CPUs?

who one
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ "It is
understood the bug is present in modern Intel processors produced in the
past decade. It allows normal user programs – from database applications
to JavaScript in web browsers – to discern to some extent the layout or
contents of protected kernel memory areas." "The fix is to separate the
kernel's memory completely from user processes using what's called Kernel
Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete
Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux
kernel team, giving you an idea of how annoying this has been for the
developers." "AMD processors are not subject"
https://www.postgresql.org/message-id/20180102222354.qikjmf7dvnjgbkxe@...
Did anyone hear about this?
Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

Lampshade
Intel is probably waiting for Microsoft, Red Hat,
Apple and major cloud companies to update
OSes until release of Intel Security Advisory.

I am also curious does OpenBSD also maps
kernel to userspace memory of processes?
Could pledge protect against some scenarios
exploiting these kinds of bugs?

Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

Alceu R. de Freitas Jr.
In reply to this post by who one
 I was just about to ask about the same thing... will OpenBSD lose performance as well, given the security flaw conditions?Looks like an issue already for Linux, MS Windows and MacOSX.Didn't see any mention about *BSD on the article too...

    Em quarta-feira, 3 de janeiro de 2018 11:03:00 BRST, who one <[hidden email]> escreveu:  
 
 https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ "It is
understood the bug is present in modern Intel processors produced in the
past decade. It allows normal user programs – from database applications
to JavaScript in web browsers – to discern to some extent the layout or
contents of protected kernel memory areas." "The fix is to separate the
kernel's memory completely from user processes using what's called Kernel
Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete
Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux
kernel team, giving you an idea of how annoying this has been for the
developers." "AMD processors are not subject"
https://www.postgresql.org/message-id/20180102222354.qikjmf7dvnjgbkxe@...
Did anyone hear about this?
 
Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

Rupert Gallagher
In reply to this post by who one
Everybody is reading about it, including people like me that have formerly underestimated the problem... mea culpa

The question is, can we have a kernel free of patches for spynet cpus? The Russians are moving to ARM-based cpus, anthough ARM is subject to UK-style Orwellian spynet law. The Chinese have an interesting project on RISC, who is taking ages to hit the market.

Sent from ProtonMail Mobile

On Wed, Jan 3, 2018 at 13:19, who one <[hidden email]> wrote:

>Did anyone hear about this?
Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

Tom Smyth
In reply to this post by who one
sorry all,

I had posted to the tech mailing list about this .. I came across these 2
papers and they may be of interest about the CPU Security flaws

https://spectreattack.com/

I hope this helps
Tom Smyth

Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

Daniel Boyd-2
On Jan 4, 2018, at 5:43 AM, Tom Smyth <[hidden email]> wrote:

>
> sorry all,
>
> I had posted to the tech mailing list about this .. I came across these 2
> papers and they may be of interest about the CPU Security flaws
>
> https://spectreattack.com/
>
> I hope this helps
> Tom Smyth
>

Were the BSDs given advanced notice of this like MS, Apple, and Linux...?

Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

Alceu R. de Freitas Jr.
 Not that I was able to see.
I guess Intel does not give a shit about non-profit groups. Linux got this attention because there are a lot of players making money from it, players that surely have some sort of partnership with Intel.

Around 2003, when I was still in college, I went to a IBM talk about Linux and asked the speaker why IBM chose Linux for their products instead of any of the *BSD available. The answer was "our customers are not asking for our applications on *BSD, but on Linux".
The irony is that *BSD has a lot of importance on the ecosystem, heck, even some products (MS Windows, MacOSX) borrowed code from *BSD projects.

    Em quinta-feira, 4 de janeiro de 2018 11:32:45 BRST, Daniel Boyd <[hidden email]> escreveu:  
 
 On Jan 4, 2018, at 5:43 AM, Tom Smyth <[hidden email]> wrote:

>
> sorry all,
>
> I had posted to the tech mailing list about this .. I came across these 2
> papers and they may be of interest about the CPU Security flaws
>
> https://spectreattack.com/
>
> I hope this helps
> Tom Smyth
>

Were the BSDs given advanced notice of this like MS, Apple, and Linux...?

 
Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

Allan Streib-2
"Alceu R. de Freitas Jr." <[hidden email]> writes:

> I guess Intel does not give a shit about non-profit groups. Linux got
> this attention because there are a lot of players making money from
> it, players that surely have some sort of partnership with Intel.

From what I have read in the past 24 hours, the spectre attacks are not
limited to Intel CPUs, but in theory could affect any that use
speculative execution (including, at least, modern ARM designs and AMD
processors).

My uninformed take on this is that when you allow anyone in the world to
run programs on your systems (i.e. JavaScript in browsers, "cloud"
hosted virtual machines running on shared hardware, etc.) these sorts of
things occasionally happen. No CPUs or software are perfectly secure.

Allan

Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

Tom Smyth
In reply to this post by Daniel Boyd-2
Hello Daniel,

I don't know as Im not a core developer... the Vuln was embargoed  so my guess
is a lot of people were in the dark.

Thanks
Tom Smyth

On 4 January 2018 at 13:31, Daniel Boyd <[hidden email]> wrote:

> On Jan 4, 2018, at 5:43 AM, Tom Smyth <[hidden email]> wrote:
>>
>> sorry all,
>>
>> I had posted to the tech mailing list about this .. I came across these 2
>> papers and they may be of interest about the CPU Security flaws
>>
>> https://spectreattack.com/
>>
>> I hope this helps
>> Tom Smyth
>>
>
> Were the BSDs given advanced notice of this like MS, Apple, and Linux...?

Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

Daniel Wilkins
In reply to this post by Allan Streib-2
On Thu, Jan 04, 2018 at 10:21:12AM -0500, Allan Streib wrote:

> "Alceu R. de Freitas Jr." <[hidden email]> writes:
>
> > I guess Intel does not give a shit about non-profit groups. Linux got
> > this attention because there are a lot of players making money from
> > it, players that surely have some sort of partnership with Intel.
>
> From what I have read in the past 24 hours, the spectre attacks are not
> limited to Intel CPUs, but in theory could affect any that use
> speculative execution (including, at least, modern ARM designs and AMD
> processors).
>
> My uninformed take on this is that when you allow anyone in the world to
> run programs on your systems (i.e. JavaScript in browsers, "cloud"
> hosted virtual machines running on shared hardware, etc.) these sorts of
> things occasionally happen. No CPUs or software are perfectly secure.
>
> Allan
>

From what I understand, AMD has come out and explicitly said that their
architecture isn't and has never been vulnerable, while Intel's said that
it affects every processor in the last 20+ years and that it's "not a big
deal for most users" because it's only a kernel memory *read*.

Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

Daniel Boyd-2
In reply to this post by Allan Streib-2
On Thu, 2018-01-04 at 10:21 -0500, Allan Streib wrote:

> "Alceu R. de Freitas Jr." <[hidden email]> writes:
>
> > I guess Intel does not give a shit about non-profit groups. Linux
> > got
> > this attention because there are a lot of players making money from
> > it, players that surely have some sort of partnership with Intel.
>
> From what I have read in the past 24 hours, the spectre attacks are
> not
> limited to Intel CPUs, but in theory could affect any that use
> speculative execution (including, at least, modern ARM designs and
> AMD
> processors).
>
> My uninformed take on this is that when you allow anyone in the world
> to
> run programs on your systems (i.e. JavaScript in browsers, "cloud"
> hosted virtual machines running on shared hardware, etc.) these sorts
> of
> things occasionally happen. No CPUs or software are perfectly secure.
>
> Allan
>
>

AMD has said that it doesn't affect their processors. Whether or not
that's true, I'm not sure.

One curiosity I had was whether the KARL mitigation in 6.2 would help
with this. I suppose it depends on the nature of the flaw (which is
still embargoed I assume).

Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

Daniel Boyd-2
In reply to this post by Daniel Wilkins
On Thu, 2018-01-04 at 10:49 -0500, Daniel Wilkins wrote:

> On Thu, Jan 04, 2018 at 10:21:12AM -0500, Allan Streib wrote:
> > "Alceu R. de Freitas Jr." <[hidden email]> writes:
> >
> > > I guess Intel does not give a shit about non-profit groups. Linux
> > > got
> > > this attention because there are a lot of players making money
> > > from
> > > it, players that surely have some sort of partnership with Intel.
> >
> > From what I have read in the past 24 hours, the spectre attacks are
> > not
> > limited to Intel CPUs, but in theory could affect any that use
> > speculative execution (including, at least, modern ARM designs and
> > AMD
> > processors).
> >
> > My uninformed take on this is that when you allow anyone in the
> > world to
> > run programs on your systems (i.e. JavaScript in browsers, "cloud"
> > hosted virtual machines running on shared hardware, etc.) these
> > sorts of
> > things occasionally happen. No CPUs or software are perfectly
> > secure.
> >
> > Allan
> >
>
> From what I understand, AMD has come out and explicitly said that
> their
> architecture isn't and has never been vulnerable, while Intel's said
> that
> it affects every processor in the last 20+ years and that it's "not a
> big
> deal for most users" because it's only a kernel memory *read*.
>
>

I'm admittedly not an expert on all things kernel, but allowing user
space programs to read kernel space memory seems ... bad.  Read/write
would be worse, granted

Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

Raul Miller
In reply to this post by Daniel Wilkins
On Thu, Jan 4, 2018 at 10:49 AM, Daniel Wilkins <[hidden email]> wrote:
> From what I understand, AMD has come out and explicitly said that their
> architecture isn't and has never been vulnerable, while Intel's said that
> it affects every processor in the last 20+ years and that it's "not a big
> deal for most users" because it's only a kernel memory *read*.

I think you should interpret this as saying that there is a part of
that specific exploit implementation which AMD cpus have not
implemented.

But keep in mind, also, that the exploit involves multiple hardware
components (not only sloppy cpu instruction scheduling but shoddy
power management interacting with cheap dynamic ram refresh).

Of course, I have also misused my adjectives here. The cpu scheduling
is just wonderful, the power management is professional and the memory
implementation is beyond high tech. Sales people are omniscient and
thus have good reason for ... ah, ... never mind. I'm going to go
crawl back under my rock.

Good luck,

--
Raul

Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

Jordan Geoghegan
In reply to this post by Rupert Gallagher
The Russians heavily use SPARC for aerospace/military applications as
well as their in house domestic-use-only Elbrus machines, for what I
imagine to be reasons precisely like this.


On 01/04/18 00:13, Rupert Gallagher wrote:
> Everybody is reading about it, including people like me that have formerly underestimated the problem... mea culpa
>
> The question is, can we have a kernel free of patches for spynet cpus? The Russians are moving to ARM-based cpus, anthough ARM is subject to UK-style Orwellian spynet law. The Chinese have an interesting project on RISC, who is taking ages to hit the market.
>
> Sent from ProtonMail Mobile
>
> On Wed, Jan 3, 2018 at 13:19, who one <[hidden email]> wrote:
>
>> Did anyone hear about this?

Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

Mike Tancsa
In reply to this post by Daniel Boyd-2
On 1/4/2018 10:51 AM, Daniel Boyd wrote:
>
> AMD has said that it doesn't affect their processors. Whether or not
> that's true, I'm not sure.
>
> One curiosity I had was whether the KARL mitigation in 6.2 would help
> with this. I suppose it depends on the nature of the flaw (which is
> still embargoed I assume).

Seems a lot of the details are out

https://meltdownattack.com/

        ---Mike


--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, [hidden email]
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada   http://www.tancsa.com/

Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

Rupert Gallagher
In reply to this post by Jordan Geoghegan
The Intel flop hits the US .mil as well,  because they depend on COTS Xeons.

I pity the Russians. I wonder if they pay through the nose for Oracle's power hungry hardware, or make it cheaper and power efficient of their own.

On Thu, Jan 4, 2018 at 18:28, Jordan Geoghegan <[hidden email]> wrote:

> The Russians heavily use SPARC for aerospace/military applications as well as their in house domestic-use-only Elbrus machines, for what I imagine to be reasons precisely like this.  @mail.com>
Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

Rupert Gallagher
In reply to this post by Daniel Wilkins
https://mobile.twitter.com/misc0110/status/948706387491786752

On Thu, Jan 4, 2018 at 16:49, Daniel Wilkins <[hidden email]> wrote:

> Intel's said that it affects every processor in the last 20+ years and that it's "not a big deal for most users" because it's only a kernel memory *read*. @yahoo.com.br>
Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

torsten
I wonder how it is in reality for most *BSD users due to
1. hide processes run by other users
2. disable reading kernel messaging buffers...
3. disable kernel messaging debugging by unprivileged users

And some other tweeks

What surprises me is the "panic" publication of this because of already known and in *BSDs addressed concerns about hyper threatening and shared memory well back since 1994


> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf
> Of Rupert Gallagher
> Sent: 04 January 2018 22:22
> To: Daniel Wilkins; Allan Streib
> Cc: Alceu R. de Freitas Jr.; [hidden email]
> Subject: Re: Kernel memory leaking on Intel CPUs?
>
> https://mobile.twitter.com/misc0110/status/948706387491786752
>
> On Thu, Jan 4, 2018 at 16:49, Daniel Wilkins <[hidden email]>
> wrote:
>
> > Intel's said that it affects every processor in the last 20+ years
> and that it's "not a big deal for most users" because it's only a
> kernel memory *read*. @yahoo.com.br>

Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

torsten
Ps
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
security.bsd.unprivileged_read_msgbuf=0
security.bsd.unprivileged_proc_debug=0
kern.randompid=$(jot -r 1 9999)
security.bsd.stack_guard_page=1


> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf
> Of torsten
> Sent: 05 January 2018 00:59
> To: 'Rupert Gallagher'; 'Daniel Wilkins'; 'Allan Streib'
> Cc: 'Alceu R. de Freitas Jr.'; [hidden email]
> Subject: Re: Kernel memory leaking on Intel CPUs?
>
> I wonder how it is in reality for most *BSD users due to 1. hide
> processes run by other users 2. disable reading kernel messaging
> buffers...
> 3. disable kernel messaging debugging by unprivileged users
>
> And some other tweeks
>
> What surprises me is the "panic" publication of this because of already
> known and in *BSDs addressed concerns about hyper threatening and
> shared memory well back since 1994
>
>
> > -----Original Message-----
> > From: [hidden email] [mailto:[hidden email]] On
> Behalf
> > Of Rupert Gallagher
> > Sent: 04 January 2018 22:22
> > To: Daniel Wilkins; Allan Streib
> > Cc: Alceu R. de Freitas Jr.; [hidden email]
> > Subject: Re: Kernel memory leaking on Intel CPUs?
> >
> > https://mobile.twitter.com/misc0110/status/948706387491786752
> >
> > On Thu, Jan 4, 2018 at 16:49, Daniel Wilkins <[hidden email]>
> > wrote:
> >
> > > Intel's said that it affects every processor in the last 20+ years
> > and that it's "not a big deal for most users" because it's only a
> > kernel memory *read*. @yahoo.com.br>


Reply | Threaded
Open this post in threaded view
|

Re: Kernel memory leaking on Intel CPUs?

SJP Lists
In reply to this post by Rupert Gallagher
On Friday, 5 January 2018, Rupert Gallagher <[hidden email]> wrote:

> The Intel flop hits the US .mil as well,  because they depend on COTS
> Xeons.
>
> I pity the Russians. I wonder if they pay through the nose for Oracle's
> power hungry hardware, or make it cheaper and power efficient of their own.
>
> On Thu, Jan 4, 2018 at 18:28, Jordan Geoghegan <[hidden email]>
> wrote:
>
> > The Russians heavily use SPARC for aerospace/military applications as
> well as their in house domestic-use-only Elbrus machines, for what I
> imagine to be reasons precisely like this.  @mail.com>


SPARC architecture is open to others to develop their own CPU designs.  The
Russians are not forced to buy SPARC from Oracle.
123