cvs commit: src/sys/amd64/amd64 mp_machdep.csrc/sys/amd64/include cpufunc.h src/sys/i386/i386 mp_machdep.c src/sys/i386/include cpufunc.h

[Nate Lawson]

Colin Percival wrote:
> Nate Lawson wrote:
>>Every general-purpose machine has measurable timing side channels.  The
>>question is merely one of bandwidth.
> 
> Absolutely.  Most covert channels operate at up to a few kbps; this covert
> channel operates at several Mbps.
> 
> The fact that this channel is many times faster than all the other channels
> combined makes it not just quantitatively different but also qualitatively
> different and deserving of more careful treatment.
> 
> Colin Percival

If it only requires 1024 bits to compromise a secret and you have two 
machines, one with a 1 Kbps channel and one with a 1 Mbps channel, which 
is secure?  On the first machine, the attacker takes 1 second to 
compromise the entire secret and on the other, 1 millisecond.  Depending 
on your application, both machines are likely insecure.  But if the 
application is designed to resist timing attacks by completely updating 
the secret every 10 ms, it is secure only on the first machine.  This is 
an oversimplified example but illustrates my point.

I think it's fine that we've added a knob to disable hyperthreading. 
However, since there may be no security gain for any given application, 
it's unclear that it should be disabled by default.  When setting up a 
multi-user/multi-privilege system, many admins enable jail but we don't 
ship with the base system set up that way by default.

-- 
Nate