[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] HT Vulnerability CAN-2005-0109

Am Donnerstag, den 19.05.2005, 03:46 +0100 schrieb Mark Williamson:
> > The paper includes code for the side channel attack (Figure 1 
> > in <http://www.daemonology.net/papers/htt.pdf>), and even if it didn't, it
> > would be easy to replicate.
> I admit I hadn't noticed the code included could be used in the side channel 
> attack - it's a fair cop guv!  It's worrying - we should watch what the other 
> OS communities do on this.

At the moment, they release quick workarounds like hardening crypto libs
against timing attacks


or disabling HT


 "V.   Solution

  Disable Hyper-Threading Technology on processors that support it.

  NOTE:  It is expected that future work in cryptographic libraries and
  operating system schedulers may remedy this problem for many or most
  users, without necessitating the disabling of Hyper-Threading
  Technology.  Future advisories will address individual cases."

In case i'd be so paranoiac (as the freebsd sec team) to consider the HT 
prob a real world threat: Would the xen boottime option "noht" be a 
workaround (diabling HT, but not SMP) until this gets fixed properly?


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.