From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752715AbdKWKr4 (ORCPT ); Thu, 23 Nov 2017 05:47:56 -0500 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:43860 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752523AbdKWKry (ORCPT ); Thu, 23 Nov 2017 05:47:54 -0500 Date: Thu, 23 Nov 2017 11:47:52 +0100 From: Pavel Machek To: Dave Hansen Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org Subject: Re: [PATCH 00/23] KAISER: unmap most of the kernel from userspace page tables Message-ID: <20171123104752.GB17990@amd> References: <20171031223146.6B47C861@viggo.jf.intel.com> <20171122161907.GA12684@amd> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="9zSXsLTf0vkW971A" Content-Disposition: inline In-Reply-To: <20171122161907.GA12684@amd> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --9zSXsLTf0vkW971A Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed 2017-11-22 17:19:07, Pavel Machek wrote: > Hi! >=20 > > KAISER makes it harder to defeat KASLR, but makes syscalls and > > interrupts slower. These patches are based on work from a team at > > Graz University of Technology posted here[1]. The major addition is > > support for Intel PCIDs which builds on top of Andy Lutomorski's PCID > > work merged for 4.14. PCIDs make KAISER's overhead very reasonable > > for a wide variety of use cases. >=20 > Is it useful? >=20 > > Full Description: > >=20 > > KAISER is a countermeasure against attacks on kernel address > > information. There are at least three existing, published, > > approaches using the shared user/kernel mapping and hardware features > > to defeat KASLR. One approach referenced in the paper locates the > > kernel by observing differences in page fault timing between > > present-but-inaccessable kernel pages and non-present pages. >=20 > I mean... evil userspace will still be able to determine kernel's > location using cache aliasing effects, right? Issues with AnC attacks are tracked via several CVE identifiers. CVE-2017-5925 is assigned to track the developments for Intel processors CVE-2017-5926 is assigned to track the developments for AMD processors Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --9zSXsLTf0vkW971A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAloWp1gACgkQMOfwapXb+vJ/EwCdE+s8rl/8J9z8zG5LklwlSeNT E5UAoJlIldkJu8PK08DYWCYOi6BvpMG7 =Us5Y -----END PGP SIGNATURE----- --9zSXsLTf0vkW971A--