> I'm just basing this on the history of the patch, which preceeds me, so
> if this is incorrect, please don't blame me for misinformation :)
>
> The original patch claims that hyper-threading opens the user up to some
> sort of security risk involving hardware limitations in protecting
> memory across the threads. I can't recall all the details.
>
> If this is wrong, I'm more than happy to just drop the whole damn patch.
that is not correct.
I suspect what is meant is the "attack" on older openssl versions where
you could in theory get SOME information about a key in use by snooping
cache patterns in a shared cache situation. By no means is it a "direct"
leak of any kind, and openssl has since then been fixed to not have as
many key-dependent execution streams anymore.
I would suggest you drop the patch; openssl has been long fixed, and it
was only a theoretical attack in the first place...
I'm not saying the attack isn't something that should be addressed.. but
it is, and disabling hyperthreading is not the right fix.
--
if you want to mail me at work (you don't), use arjan (at) linux.intel.com
Test the interaction between Linux and your BIOS via http://www.linuxfirmwarekit.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]