Re: [RFC PATCH v2 6/6] x86/entry/pti: don't switch PGD on when pti_disable is set

From: Dave Hansen
Date: Thu Jan 11 2018 - 13:57:57 EST

Next message: Vince Weaver: "Re: perf: perf_fuzzer quickly locks up on 4.15-rc7"
Previous message: Christoffer Dall: "Re: [PATCH v2] KVM: arm/arm64: vgic-its: Fix vgicv4 init"
In reply to: Linus Torvalds: "Re: [RFC PATCH v2 6/6] x86/entry/pti: don't switch PGD on when pti_disable is set"
Next in thread: Josh Poimboeuf: "Re: [RFC PATCH v2 6/6] x86/entry/pti: don't switch PGD on when pti_disable is set"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/11/2018 10:51 AM, Linus Torvalds wrote:
> On Thu, Jan 11, 2018 at 10:38 AM, Dave Hansen
> <dave.hansen@xxxxxxxxxxxxxxx> wrote:
>> On 01/11/2018 10:32 AM, Josh Poimboeuf wrote:
>>>> hmm. Exposing cr3 to user space will make it trivial for user process
>>>> to know whether kpti is active. Not sure how exploitable such
>>>> information leak.
>>> It's already trivial to detect PTI from user space.
>> Do tell.
> One way to do it is to just run the attack, and see if you get something.

Not judging how trivial (or not) the attack is, I was hoping for
something that was *not* the attack itself. :)

I'd love to have a tool that tells you for sure "KPTI enabled or not",
but I'd also love to have it be something I can easily distribute
without it being handled like a WMD.

Next message: Vince Weaver: "Re: perf: perf_fuzzer quickly locks up on 4.15-rc7"
Previous message: Christoffer Dall: "Re: [PATCH v2] KVM: arm/arm64: vgic-its: Fix vgicv4 init"
In reply to: Linus Torvalds: "Re: [RFC PATCH v2 6/6] x86/entry/pti: don't switch PGD on when pti_disable is set"
Next in thread: Josh Poimboeuf: "Re: [RFC PATCH v2 6/6] x86/entry/pti: don't switch PGD on when pti_disable is set"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]