Re: [Patch v3 00/13] Provide process property based options to enable Spectre v2 userspace-userspace protection
From: Tim Chen
Date: Fri Oct 19 2018 - 12:43:39 EST
On 10/19/2018 12:57 AM, Peter Zijlstra wrote:
> On Wed, Oct 17, 2018 at 10:59:28AM -0700, Tim Chen wrote:
>> Application to application exploit is in general difficult due to address
>> space layout randomization in applications and the need to know an
>
> Does the BTB attack on KASLR not work for userspace?
>
With KASLR, you can probe the kernel mapped and unmapped
addresses with side channels like TLB and infer the kernel mapping
offsets much more easily, as kernel is in the same address
space as the attack process. It is a lot harder to do
such probing from another process that doesn't share the
same page tables.
Tim