| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Feb 2018 09:41:41 +0100
From: Ondrej Zary <linux@...nbow-software.org>
To: whiteheadm@....org
Cc: David Laight <David.Laight@...lab.com>,
Arnd Bergmann <arnd@...db.de>,
Alan Cox <gnomes@...rguk.ukuu.org.uk>,
David Woodhouse <dwmw2@...radead.org>,
Guenter Roeck <linux@...ck-us.net>,
"Greg Kroah-Hartman" <gregkh@...uxfoundation.org>,
Hugh Dickins <hughd@...gle.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Jiri Kosina <jikos@...nel.org>, Borislav Petkov <bp@...en8.de>,
Kees Cook <keescook@...omium.org>,
Jamie Iles <jamie@...ieiles.com>,
Eduardo Valentin <eduval@...zon.com>,
Laura Abbott <labbott@...hat.com>,
Rik van Riel <riel@...riel.com>,
Thomas Gleixner <tglx@...utronix.de>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [BUG] x86 : i486 reporting to be vulnerable to Meltdown/Spectre_V1/Spectre_V2
On Thursday 08 February 2018, tedheadster wrote:
> On Thu, Feb 8, 2018 at 12:02 PM, David Laight <David.Laight@...lab.com>
wrote:
> > From: Arnd Bergmann
> >
> >> Sent: 08 February 2018 15:23
> >
> > ...
> >
> >> The Winchip is what eventually turned into the VIA Nano, which does
> >> have speculative execution, but I don't think the earlier C3 and C7 did,
> >> they are much closer to the original Winchip design.
> >
> > We had terrible trouble getting (IIRC) the C7 to execute functions
> > that were called in 16bit mode and returned in 32bit mode and v.v.
> > (for boot code bios calls).
> > The problems seemed to imply that it was caching return addresses
> > and the translation (to uops) of the instructions that followed.
> > So it would effectively decode the first few bytes in the wrong mode.
> > So there might be scope for one of these attacks.
> >
> > OTOH these devices were so slow that I doubt any are used for anything
> > serious - and certainly won't get a kernel update even if they are.
> >
> > Also worth nothing that the difference between the cpu and memory
> > speeds is much lower - so far fewer instructions could be speculatively
> > executed while waiting a cache miss.
> >
> > Tempting to disable everything.
> >
> > David
>
> You might think this absolutely crazy, but I would be willing to test
> such systems if I can get my hands on the needed hardware that I lack.
> I am already doing sanity testing on Intel
> i486/i586/i586-MMX/i686-PentiumPro systems, I just don't have the
> clone cpus (Cyrix, etc).
>
> While few people are using the 32bit kernel, I don't think we want to
> kill it completely just yet.
>
> - Matthew
I have a working Cyrix MII (was actively using it last year, now upgraded to a
P3-based Celeron). Some AMD CPUs too - K6(maybe -2 or -3?), not sure about K5
and also a Rise mP6. But never got a WinChip.
So the question is: what to test?
BTW. Kernel was not able to identify mP6 CPU 6 years ago, patches were
ignored.
--
Ondrej Zary
Powered by blists - more mailing lists