WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] HT Vulnerability CAN-2005-0109

from [Nils Toedtmann] [Permanent Link][Original]
To: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] HT Vulnerability CAN-2005-0109
From: Nils Toedtmann <xen-devel@xxxxxxxxxxxxxxxxxx>
Date: Thu, 19 May 2005 12:33:47 +0200
Cc: david.hopwood@xxxxxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 19 May 2005 10:34:59 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <200505190346.15609.mark.williamson@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <1116427424.4496.17.camel@xxxxxxxxxxxxxxxxxxxxxxx> <200505181548.48629.mark.williamson@xxxxxxxxxxxx> <428BCB21.7020909@xxxxxxxxxxxxxxxx> <200505190346.15609.mark.williamson@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Am Donnerstag, den 19.05.2005, 03:46 +0100 schrieb Mark Williamson:
> > The paper includes code for the side channel attack (Figure 1 
> > in <http://www.daemonology.net/papers/htt.pdf>), and even if it didn't, it
> > would be easy to replicate.
> 
> I admit I hadn't noticed the code included could be used in the side channel 
> attack - it's a fair cop guv!  It's worrying - we should watch what the other 
> OS communities do on this.

At the moment, they release quick workarounds like hardening crypto libs
against timing attacks

  <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157631>

or disabling HT

  <ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-
SA-05:09.htt.asc>

 "V.   Solution

  Disable Hyper-Threading Technology on processors that support it.

  NOTE:  It is expected that future work in cryptographic libraries and
  operating system schedulers may remedy this problem for many or most
  users, without necessitating the disabling of Hyper-Threading
  Technology.  Future advisories will address individual cases."


In case i'd be so paranoiac (as the freebsd sec team) to consider the HT 
prob a real world threat: Would the xen boottime option "noht" be a 
workaround (diabling HT, but not SMP) until this gets fixed properly?

/nils.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-devel] [patch] more correct pfn_valid(), Tian, Kevin
Next by Date:  Re: [Xen-devel] Xeno-unstable crashing at boot, Mike Wray
Previous by Thread:  Re: [Xen-devel] HT Vulnerability CAN-2005-0109, Mark Williamson
Next by Thread:  Re: [Xen-devel] HT Vulnerability CAN-2005-0109, David Hopwood
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy