On Mon 2017-09-25 09:33:42, Ingo Molnar wrote: > > * Pavel Machek wrote: > > > > For example, there would be collision with regular user-space mappings, right? > > > Can local unprivileged users use mmap(MAP_FIXED) probing to figure out where > > > the kernel lives? > > > > Local unpriviledged users can probably get your secret bits using cache probing > > and jump prediction buffers. > > > > Yes, you don't want to leak the information using mmap(MAP_FIXED), but CPU will > > leak it for you, anyway. > > Depends on the CPU I think, and CPU vendors are busy trying to mitigate this > angle. I believe any x86 CPU running Linux will leak it. And with CPU vendors putting "artifical inteligence" into branch prediction, no, I don't think it is going to get better. That does not mean we shoudl not prevent mmap() info leak, but... Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html