FreeBSD Security Advisories
2005-May-13 08:25 UTC
FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================FreeBSD-SA-05:09.htt Security Advisory The FreeBSD Project Topic: information disclosure when using HTT Category: core Module: sys Announced: 2005-05-13 Revised: 2005-05-13 Credits: Colin Percival Affects: All FreeBSD/i386 and FreeBSD/amd64 releases. Corrected: 2005-05-13 00:13:00 UTC (RELENG_5, 5.4-STABLE) 2005-05-13 00:13:00 UTC (RELENG_5_4, 5.4-RELEASE-p1) 2005-05-13 00:13:00 UTC (RELENG_5_3, 5.3-RELEASE-p15) 2005-05-13 00:13:00 UTC (RELENG_4, 4.11-STABLE) 2005-05-13 00:13:00 UTC (RELENG_4_11, 4.11-RELEASE-p9) 2005-05-13 00:13:00 UTC (RELENG_4_10, 4.10-RELEASE-p14) CVE Name: CAN-2005-0109 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://www.freebsd.org/security/>. 0. Revision History v1.0 2005-05-13 Initial release. v1.1 2005-05-13 Additional details. I. Background Sharing the execution resources of a superscalar processor between multiple execution threads is referred to as "simultaneous multithreading". "Hyper-Threading Technology" or HTT is the name used for the implementation of simultaneous multithreading on Intel Pentium 4, Mobile Pentium 4, and Xeon processors. HTT involves sharing certain CPU resources between multiple threads, including memory caches. FreeBSD supports HTT when using a kernel compiled with the SMP option. II. Problem Description When running on processors supporting Hyper-Threading Technology, it is possible for a malicious thread to monitor the execution of another thread. NOTE: Similar problems may exist in other simultaneous multithreading implementations, or even some systems in the absence of simultaneous multithreading. However, current research has only demonstrated this flaw in Hyper-Threading Technology, where shared memory caches are used. III. Impact Information may be disclosed to local users, allowing in many cases for privilege escalation. For example, on a multi-user system, it may be possible to steal cryptographic keys used in applications such as OpenSSH or SSL-enabled web servers. IV. Workaround Systems not using processors with Hyper-Threading Technology support are not affected by this issue. On systems which are affected, the security flaw can be eliminated by setting the "machdep.hlt_logical_cpus" tunable: # echo "machdep.hlt_logical_cpus=1" >> /boot/loader.conf The system must be rebooted in order for tunables to take effect. Use of this workaround is not recommended on "dual-core" systems, as this workaround will also disable one of the processor cores. V. Solution Disable Hyper-Threading Technology on processors that support it. NOTE: It is expected that future work in cryptographic libraries and operating system schedulers may remedy this problem for many or most users, without necessitating the disabling of Hyper-Threading Technology. Future advisories will address individual cases. Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.10, 4.11, 5.3, and 5.4 systems. a) Download the relevant patch from the location below and verify the detached PGP signature using your PGP utility. [FreeBSD 4.10] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt410.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt410.patch.asc [FreeBSD 4.11] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt411.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt411.patch.asc [FreeBSD 5.x] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt5.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt5.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the system. NOTE: For users that are certain that their environment is not affected by this vulnerability, such as single-user systems, Hyper-Threading Technology may be re-enabled by setting the tunable "machdep.hyperthreading_allowed". VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/sys/i386/i386/mp_machdep.c 1.115.2.23 src/sys/i386/include/cpufunc.h 1.96.2.4 RELENG_4_11 src/UPDATING 1.73.2.91.2.10 src/sys/conf/newvers.sh 1.44.2.39.2.13 src/sys/i386/i386/mp_machdep.c 1.115.2.22.2.1 src/sys/i386/include/cpufunc.h 1.96.2.3.12.1 RELENG_4_10 src/UPDATING 1.73.2.90.2.15 src/sys/conf/newvers.sh 1.44.2.34.2.16 src/sys/i386/i386/mp_machdep.c 1.115.2.20.2.1 src/sys/i386/include/cpufunc.h 1.96.2.3.10.1 RELENG_5 src/sys/amd64/amd64/mp_machdep.c 1.242.2.11 src/sys/amd64/include/cpufunc.h 1.145.2.1 src/sys/i386/i386/mp_machdep.c 1.235.2.10 src/sys/i386/include/cpufunc.h 1.142.2.1 RELENG_5_4 src/UPDATING 1.342.2.24.2.10 src/sys/amd64/amd64/mp_machdep.c 1.242.2.7.2.4 src/sys/amd64/include/cpufunc.h 1.145.6.1 src/sys/conf/newvers.sh 1.62.2.18.2.6 src/sys/i386/i386/mp_machdep.c 1.235.2.6.2.3 src/sys/i386/include/cpufunc.h 1.142.6.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.18 src/sys/amd64/amd64/mp_machdep.c 1.242.2.2.2.2 src/sys/amd64/include/cpufunc.h 1.145.4.1 src/sys/conf/newvers.sh 1.62.2.15.2.20 src/sys/i386/i386/mp_machdep.c 1.235.2.3.2.2 src/sys/i386/include/cpufunc.h 1.142.4.1 - ------------------------------------------------------------------------- VII. References http://www.daemonology.net/hyperthreading-considered-harmful/ The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:09.htt.asc -----BEGIN PGP SIGNATURE----- iD8DBQFChJA4FdaIBMps37IRAo8nAJ9w7xtIF0atnxiKDhFOpBXEZQDtZQCghWdM qc5lGST7l+iJEYN/7zTNUPY=WqEa -----END PGP SIGNATURE-----
David Schultz
2005-May-13 09:11 UTC
FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED]
On Fri, May 13, 2005, FreeBSD Security Advisories wrote:> II. Problem Description > > When running on processors supporting Hyper-Threading Technology, it is > possible for a malicious thread to monitor the execution of another > thread. > > NOTE: Similar problems may exist in other simultaneous multithreading > implementations, or even some systems in the absence of simultaneous > multithreading. However, current research has only demonstrated this > flaw in Hyper-Threading Technology, where shared memory caches are used.But isn't this a well-known and fundamental problem with SMT? Someone at Sun pointed out a similar attack to me in 2003; it turns out that it's possible for a thread to monitor which of the processor's functional units another thread is using. For instance, you can sample the number of shifts vs. adds vs. multiplies and use this information to mount a differential timing attack. Also, recent work [1] shows that programs with key-dependent cache behavior can be attacked even without SMT. So this sounds like trying to solve in the OS a problem that can only be solved in the application. Is there something more subtle that's going on? P.S. I'm getting on a plane in a few hours, and I may be unable to respond for a few days. [1] http://cr.yp.to/antiforgery/cachetiming-20050414.pdf