Intel hardware bug
Erich Dollansky
freebsd.ed.lists at sumeritec.com
Fri Jan 5 02:41:22 UTC 2018
Hi,
On Thu, 04 Jan 2018 16:01:51 +0100
Dag-Erling Smørgrav <des at des.no> wrote:
> Erich Dollansky <freebsd.ed.lists at sumeritec.com> writes:
> > Intel used segments to separate things everybody hated.
>
> Everybody hated segment-level memory protection, but the i386 also
good that hate is meanwhile illegal.
> introduced page-level memory protection, which was widely used and has
> since been expanded to provide features that were never available at
> the segment level.
Yes, but instead of combining both, the segment registers were set to
point to the same memory locations disabling the additional protection
given by the segments.
>
> > Intel introduced later the rings, everybody ignored.
>
> Not at all. They just don't use all four. Unless you start looking
> at hardware virtualization extensions, which introduce additional
> protection levels.
It was just abusing them to replace the supervisor flag other
processors have or have had.
>
> > Instead of keeping the things separated - as suggested by Intel's
> > design - people used shortcuts whenever possible.
>
> This is irrelevant. We are talking about timing-based side-channel
> attacks. The attacker is not able to access protected memory
> directly, but is able to deduce its contents by repeatedly performing
> illegal memory accesses and then checking how they affect the cache.
Directly yes, not if the kernel memory would be always in a different
segment. It would land then in cache only when memory near segment
bounds are accessed. Which could be easily avoided.
Anyway, we cannot turn the clock back now. I just wanted to mention
that Intel has had different thoughts those days. I am not even sure if
Intel engineers remember this.
Erich
More information about the freebsd-security
mailing list