lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 9 Jan 2017 09:59:42 +0100 (CET)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Pavel Machek <pavel@....cz>
cc:     Grzegorz Andrejczuk <grzegorz.andrejczuk@...el.com>,
        mingo@...hat.com, hpa@...or.com, x86@...nel.org,
        linux-kernel@...r.kernel.org, Piotr.Luc@...el.com,
        dave.hansen@...ux.intel.com
Subject: Re: [PATCH v11 0/5] Enabling Ring 3 MONITOR/MWAIT feature for Knights
 Landing

On Tue, 3 Jan 2017, Pavel Machek wrote:

> On Tue 2016-12-20 14:48:41, Grzegorz Andrejczuk wrote:
> > Following patches enable the use of the feature that allows
> > the Intel Xeon Phi x200 devices to use MONITOR/MWAIT instructions
> > outside ring 0. It allows userspace applications to use
> > more efficient synchronization operations, which improves performance
> > and energy efficiency.
> 
> What kind of security holes does it bring us?
> 
> rdseed can be used for two processes to communicate when they should
> not (serious problem for android). Can this be used for something similar?

No. The monitor address must be in the virtual address space of the
caller, so it's like any other 'read' operation.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ