[MODERATED] Re: [PATCH v5 0/8] L1TFv4 5

[MODERATED] Re: [PATCH v5 0/8] L1TFv4 5

[Linus Torvalds]

On Wed, 23 May 2018, speck for Andi Kleen wrote:
> 
> Updated version of the L1TF patchkit for the native OS.

Btw., what's the expected release date for this issue?

                   Linus

[MODERATED] Re: [PATCH v5 0/8] L1TFv4 5

[Jiri Kosina]

On Wed, 23 May 2018, speck for Linus Torvalds wrote:

> > Updated version of the L1TF patchkit for the native OS.
> 
> Btw., what's the expected release date for this issue?

2018-08-14 AFAIK (including all the virtualization implications, and 
together with the unrelated lazy FPU switching thing).

-- 
Jiri Kosina
SUSE Labs

[MODERATED] Re: [PATCH v5 0/8] L1TFv4 5

[Andrew Cooper]

[-- Attachment #1: Type: text/plain, Size: 503 bytes --]

On 23/05/2018 23:10, speck for Linus Torvalds wrote:
>
> On Wed, 23 May 2018, speck for Andi Kleen wrote:
>> Updated version of the L1TF patchkit for the native OS.
> Btw., what's the expected release date for this issue?

August 14th (probably 2am Pacific, but I've not had that confirmed yet).

One way or another, its going to be public by August 16th, when the
discoverer gives his USENIX presentation
(https://www.usenix.org/conference/usenixsecurity18/presentation/bulck).

~Andrew

[MODERATED] Re: [PATCH v5 0/8] L1TFv4 5

[Linus Torvalds]

On Thu, 24 May 2018, speck for Jiri Kosina wrote:
> > 
> > Btw., what's the expected release date for this issue?
> 
> 2018-08-14 AFAIK (including all the virtualization implications, and 
> together with the unrelated lazy FPU switching thing).

Christ. And people don't think it will leak before that, with people 
already sniffing around it? 

I was hoping that Intel would have Coffee Lake out and this *fixed* by 
August, rather than the whole disclosure being that late. It damn well 
should be one single little 'and' to turn all non-P gates to just use 
physical address 0. That's a mask revision.

Oh well. The native patches look ok to me.

             Linus

[MODERATED] Re: [PATCH v5 0/8] L1TFv4 5

[Jon Masters]

[-- Attachment #1: Type: text/plain, Size: 1712 bytes --]

On 05/23/2018 06:28 PM, speck for Linus Torvalds wrote:
> 
> 
> On Thu, 24 May 2018, speck for Jiri Kosina wrote:
>>>
>>> Btw., what's the expected release date for this issue?
>>
>> 2018-08-14 AFAIK (including all the virtualization implications, and 
>> together with the unrelated lazy FPU switching thing).

There's an accepted paper at <conf removed> in August which will
disclose a separate attack (also covered by the Intel letter) from which
this can easily be inferred once public. There is some risk from that
paper ahead of time but some effort has been placed into isolating it
until the conference. Unfortunately, that's a pretty hard deadline.

> Christ. And people don't think it will leak before that, with people 
> already sniffing around it? 

Which is why we need to be very careful with this list and such (and why
I sent mail about it, etc.). On our end, we consider containment failure
highly likely, but we are hoping to make it until Aug due to the immense
lift required from many third parties, such as all the cloud vendors. I
would really reinforce the need for us to be very careful with this one.

> I was hoping that Intel would have Coffee Lake out and this *fixed* by 
> August, rather than the whole disclosure being that late. It damn well 
> should be one single little 'and' to turn all non-P gates to just use 
> physical address 0. That's a mask revision.

Sure, it's a mask rev for existing silicon, but the deployed fleet that
is impacted is in the many millions, and there are a very large number
of pieces impacted beyond just the OS community who need to prep.

Jon.

-- 
Computer Architect | Sent from my Fedora powered laptop