Re: [PATCH RFC] mm: protect suid binaries against rowhammer with copy-on-read mappings

From: Konstantin Khlebnikov
Date: Thu Mar 19 2015 - 09:24:49 EST


On 19.03.2015 16:04, Vlastimil Babka wrote:
On 03/18/2015 12:41 PM, Konstantin Khlebnikov wrote:
On 18.03.2015 12:57, Kirill A. Shutemov wrote:

I don't think it worth it. The only right way to fix the problem is ECC
memory.


ECC seems good protection until somebody figure out how to break it too.

I doubt that kind of attitude can get us very far. If we can't trust the
hardware, we lose sooner or later.


Obviously ECC was designed for protecting against cosmic rays which flips several bits. If attacker modifies whole cacheline he can chose
value which have the same ECC. I hope next generation of DRAM (or PRAM)
wouldn't be affected.

Software solution is possible: we can put untrusted applications into
special ghetto memory zone. This is relatively easy for virtual machines. And it seems might work for normal tasks too (page-cache
pages should be doubled or handled in the way similar to copy-on-read
from that patch).

--
Konstantin
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/