Re: [RFC] perf: mmap2 not covering VM_CLONE regions
From: Stephane Eranian
Date: Mon Oct 07 2013 - 07:16:45 EST
On Wed, Oct 2, 2013 at 3:01 PM, Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
> On Wed, Oct 02, 2013 at 02:59:32PM +0200, Stephane Eranian wrote:
>> On Wed, Oct 2, 2013 at 2:46 PM, Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>> > On Wed, Oct 02, 2013 at 02:39:53PM +0200, Ingo Molnar wrote:
>> >> - then there are timing attacks, and someone having access to a PMU
>> >> context and who can trigger this SHA1 computation arbitrarily in task
>> >> local context can run very accurate and low noise timing attacks...
>> >>
>> >> I don't think the kernel's sha_transform() is hardened against timing
>> >> attacks, it's performance optimized so it has variable execution time
>> >> highly dependent on plaintext input - which leaks information about the
>> >> plaintext.
>> >
>> > Typical user doesn't have enough priv to profile kernel space; once you
>> > do you also have enough priv to see kernel addresses outright (ie.
>> > kallsyms etc..).
>> >
>> I was going to say just that. But that's not the default, paranoid level
>> is at 1 by default and not 2. So I supposedly can still do:
>
> Oh right you are.. so yes that's a very viable avenue.
I am going to try this out today. I think if it works well, we could
also simplify the
MMAP2 record and just pass this unique id for all cases.MMAP2 is only in rcX
release so far. Is that still possible?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/