WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] HT Vulnerability CAN-2005-0109

Am Donnerstag, den 19.05.2005, 03:46 +0100 schrieb Mark Williamson:
> > The paper includes code for the side channel attack (Figure 1 
> > in <http://www.daemonology.net/papers/htt.pdf>), and even if it didn't, it
> > would be easy to replicate.
> 
> I admit I hadn't noticed the code included could be used in the side channel 
> attack - it's a fair cop guv!  It's worrying - we should watch what the other 
> OS communities do on this.

At the moment, they release quick workarounds like hardening crypto libs
against timing attacks

  <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157631>

or disabling HT

  <ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-
SA-05:09.htt.asc>

 "V.   Solution

  Disable Hyper-Threading Technology on processors that support it.

  NOTE:  It is expected that future work in cryptographic libraries and
  operating system schedulers may remedy this problem for many or most
  users, without necessitating the disabling of Hyper-Threading
  Technology.  Future advisories will address individual cases."


In case i'd be so paranoiac (as the freebsd sec team) to consider the HT 
prob a real world threat: Would the xen boottime option "noht" be a 
workaround (diabling HT, but not SMP) until this gets fixed properly?

/nils.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel