lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 8 Feb 2018 12:27:08 -0500
From:   tedheadster <tedheadster@...il.com>
To:     David Laight <David.Laight@...lab.com>
Cc:     Arnd Bergmann <arnd@...db.de>,
        Alan Cox <gnomes@...rguk.ukuu.org.uk>,
        Ondrej Zary <linux@...nbow-software.org>,
        David Woodhouse <dwmw2@...radead.org>,
        Guenter Roeck <linux@...ck-us.net>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Hugh Dickins <hughd@...gle.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Jiri Kosina <jikos@...nel.org>, Borislav Petkov <bp@...en8.de>,
        Kees Cook <keescook@...omium.org>,
        Jamie Iles <jamie@...ieiles.com>,
        Eduardo Valentin <eduval@...zon.com>,
        Laura Abbott <labbott@...hat.com>,
        Rik van Riel <riel@...riel.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [BUG] x86 : i486 reporting to be vulnerable to Meltdown/Spectre_V1/Spectre_V2

On Thu, Feb 8, 2018 at 12:02 PM, David Laight <David.Laight@...lab.com> wrote:
> From: Arnd Bergmann
>> Sent: 08 February 2018 15:23
> ...
>> The Winchip is what eventually turned into the VIA Nano, which does
>> have speculative execution, but I don't think the earlier C3 and C7 did,
>> they are much closer to the original Winchip design.
>
> We had terrible trouble getting (IIRC) the C7 to execute functions
> that were called in 16bit mode and returned in 32bit mode and v.v.
> (for boot code bios calls).
> The problems seemed to imply that it was caching return addresses
> and the translation (to uops) of the instructions that followed.
> So it would effectively decode the first few bytes in the wrong mode.
> So there might be scope for one of these attacks.
>
> OTOH these devices were so slow that I doubt any are used for anything
> serious - and certainly won't get a kernel update even if they are.
>
> Also worth nothing that the difference between the cpu and memory
> speeds is much lower - so far fewer instructions could be speculatively
> executed while waiting a cache miss.
>
> Tempting to disable everything.
>
>         David

You might think this absolutely crazy, but I would be willing to test
such systems if I can get my hands on the needed hardware that I lack.
I am already doing sanity testing on Intel
i486/i586/i586-MMX/i686-PentiumPro systems, I just don't have the
clone cpus (Cyrix, etc).

While few people are using the 32bit kernel, I don't think we want to
kill it completely just yet.

- Matthew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ