Re: [RFC PATCH v2 6/6] x86/entry/pti: don't switch PGD on when pti_disable is set
From: Dave Hansen
Date: Thu Jan 11 2018 - 13:57:57 EST
On 01/11/2018 10:51 AM, Linus Torvalds wrote:
> On Thu, Jan 11, 2018 at 10:38 AM, Dave Hansen
> <dave.hansen@xxxxxxxxxxxxxxx> wrote:
>> On 01/11/2018 10:32 AM, Josh Poimboeuf wrote:
>>>> hmm. Exposing cr3 to user space will make it trivial for user process
>>>> to know whether kpti is active. Not sure how exploitable such
>>>> information leak.
>>> It's already trivial to detect PTI from user space.
>> Do tell.
> One way to do it is to just run the attack, and see if you get something.
Not judging how trivial (or not) the attack is, I was hoping for
something that was *not* the attack itself. :)
I'd love to have a tool that tells you for sure "KPTI enabled or not",
but I'd also love to have it be something I can easily distribute
without it being handled like a WMD.