exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

FreeBSD Update On Spectre / Meltdown Patching

FreeBSD Update On Spectre / Meltdown Patching
Posted Jan 9, 2018
Authored by Gordon Tetlow

This is a note from the FreeBSD team that they were notified of the issue in late December and received a briefing under NDA with the original embargo date of January 9th. Since they received relatively late notice of the issue, their ability to provide fixes is delayed.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
SHA-256 | 6ca4e042704f1c11c5f3b11989e130de889f46523779b326d9cbaf056da654ca

FreeBSD Update On Spectre / Meltdown Patching

Change Mirror Download
By now, we're sure most everyone have heard of the Meltdown and Spectre
attacks. If not, head over to https://meltdownattack.com/ and get an
overview. Additional technical details are available from Google
Project Zero.
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

The FreeBSD Security Team was notified of the issue in late December
and received a briefing under NDA with the original embargo date of
January 9th. Since we received relatively late notice of the issue, our
ability to provide fixes is delayed.

Meltdown (CVE-2017-5754)
~~~~~~~~~~~~~~~~~~~~~~~~
In terms of priority, the first step is to mitigate against the Meltdown
attack (CVE-2017-5754, cited as variant 3 by Project Zero). Work for
this is ongoing, but due to the relatively large changes needed, this is
going to take a little while. We are currently targeting patches for
amd64 being dev complete this week with testing probably running into
next week. From there, we hope to give it a short bake time before
pushing it into the 11.1-RELEASE branch. Additional work will be
required to bring the mitigation to 10.3-RELEASE and 10.4-RELEASE.

The code will be selectable via a tunable which will automatically turn
on for modern Intel processors and off for AMD processors (since they
are reportedly not vulnerable). Since the fix for Meltdown does incur a
performance hit for any transition between user space and kernel space,
this could be rather impactful depending on the workload. As such, the
tunable can also be overridden by the end-user if they are willing to
accept the risk.

Initial work can be tracked at https://reviews.freebsd.org/D13797.
Please note this is a work in progress and some stuff is likely to be
broken.

Spectre (CVE-2017-5753 and CVE-2017-5715)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When it comes to the Spectre vulnerabilities, it is much harder to sort
these out. Variant 1 (CVE-2017-5753) is going to require some static
analysis to determine vulnerable use cases that will require barriers to
stop speculation from disclosing information it shouldn't. While we
haven't done the analysis to determine where we are vulnerable, the
number of cases here are supposed to be pretty small. Apparently there
have been some Coverity rules developed to help look for these, but we
are still evaluating what can be done here.

The other half of Spectre, variant 2 (CVE-2017-5715) is a bit trickier
as it affects both normal processes and bhyve. There is a proposed patch
for LLVM (https://reviews.llvm.org/D41723) that introduces a concept
called 'retpoline' which mitigates this issue. We are likely to pull
this into HEAD and 11-STABLE once it hits the LLVM tree. Unfortunately,
the currently supported FreeBSD releases are using older versions of
LLVM for which we are not sure the LLVM project will produce patches. We
will be looking at the feasibility to backport these patches to these
earlier versions.

There are CPU microcode fixes coming out when in concert with OS changes
would also help, but that's a bit down the road at the moment.


If anything significantly changes I will make additional posts to
clarify as the information becomes available.

Best regards,
Gordon Tetlow
with security-officer hat on
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close