lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20170109091238.GA19679@amd>
Date:   Mon, 9 Jan 2017 10:12:38 +0100
From:   Pavel Machek <pavel@....cz>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     Grzegorz Andrejczuk <grzegorz.andrejczuk@...el.com>,
        mingo@...hat.com, hpa@...or.com, x86@...nel.org,
        linux-kernel@...r.kernel.org, Piotr.Luc@...el.com,
        dave.hansen@...ux.intel.com
Subject: Re: [PATCH v11 0/5] Enabling Ring 3 MONITOR/MWAIT feature for
 Knights Landing

On Mon 2017-01-09 09:59:42, Thomas Gleixner wrote:
> On Tue, 3 Jan 2017, Pavel Machek wrote:
> 
> > On Tue 2016-12-20 14:48:41, Grzegorz Andrejczuk wrote:
> > > Following patches enable the use of the feature that allows
> > > the Intel Xeon Phi x200 devices to use MONITOR/MWAIT instructions
> > > outside ring 0. It allows userspace applications to use
> > > more efficient synchronization operations, which improves performance
> > > and energy efficiency.
> > 
> > What kind of security holes does it bring us?
> > 
> > rdseed can be used for two processes to communicate when they should
> > not (serious problem for android). Can this be used for something similar?
> 
> No. The monitor address must be in the virtual address space of the
> caller, so it's like any other 'read' operation.

Hmm. Unlike any other 'read' operation, it allows userland to modulate
CPU frequency with great precision; probably allowing userland to
transmit at radio bands, and allowing sound production without
syscalls (singing capacitors).

But userland can probably do that already, with help of
high-resolution timers, so nothing new theree... that I can think off.

Lets wait for the presentation at 39c3 :-).
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ