Re: [RFC] perf: mmap2 not covering VM_CLONE regions

[Ingo Molnar]

* Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:

> On Wed, Oct 02, 2013 at 01:23:16PM +0200, Peter Zijlstra wrote:
>
> > So the only thing I can come up with is something like the below; 
> > supposedly the sha hash mixing a boot time random seed and the mm 
> > pointer is enough to avoid it being a data leak.
> 
> That is, right until it becomes feasible to run 2^64 SHA1 computations. 
> I've actually no idea how hard that is given todays GPU assisted 
> efforts.

Well, here are the possible cryptanalytic attacks I can think of:

 - differential, because here you don't just have access to the hash
   value but you can essentially feed highly correlated plaintext to the 
   hash at will, by starting/stopping threads, knowing their typical mm 
   pointer differences, etc.

   I.e. less than 2^64, potentially a lot less.

 - then there are timing attacks, and someone having access to a PMU
   context and who can trigger this SHA1 computation arbitrarily in task 
   local context can run very accurate and low noise timing attacks...

   I don't think the kernel's sha_transform() is hardened against timing 
   attacks, it's performance optimized so it has variable execution time
   highly dependent on plaintext input - which leaks information about the 
   plaintext.

But then again, how realistic is an attack? All that effort just to 
recover the raw kernel data pointer value of a struct mm? Dunno whether we 
should worry about it.

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/