Re: [kernel-hardening] [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode

From: Daniel Gruss
Date: Sat May 06 2017 - 04:39:01 EST

Next message: SF Markus Elfring: "[PATCH 03/10] dlm: Improve a size determination in table_seq_start()"
Previous message: SF Markus Elfring: "[PATCH 02/10] dlm: Add spaces for better code readability"
In reply to: David Gens: "Re: [kernel-hardening] [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode"
Next in thread: Christoph Hellwig: "Re: [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2017-05-06 06:02, David Gens wrote:

Assuming that their patch indeed leaks per-cpu addresses.. it might not
necessarily
be required to change it.

I think we're not leaking them (unless we still have some bug in our code). The basic idea is that any part that is required for the context switch is at a fixed location (unrelated to the location of code / data / per-cpu data / ...) and thus does not reveal any randomized offsets. Then the attacker cannot gain any knowledge through the side channel anymore.
For any attack the attacker could then only use the few KBs of memory that cannot be unmapped because of the way x86 works. Hardening these few KBs seems like an easier task than doing the same for the entire kernel.

(The best solution would of course be Intel introducing CR3A and CR3B just like ARM has TTBR0 and TTBR1 - on ARM this entirely prevents any prefetch / double-fault side-channel attacks.)

Next message: SF Markus Elfring: "[PATCH 03/10] dlm: Improve a size determination in table_seq_start()"
Previous message: SF Markus Elfring: "[PATCH 02/10] dlm: Add spaces for better code readability"
In reply to: David Gens: "Re: [kernel-hardening] [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode"
Next in thread: Christoph Hellwig: "Re: [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]