Re: [kernel-hardening] [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode

From: Daniel Gruss
Date: Mon May 08 2017 - 09:53:47 EST

Next message: Sudeep Holla: "Re: [PATCH V6 1/9] PM / OPP: Introduce "power-domain-opp" property"
Previous message: Horia Geantă: "Re: [PATCH] powerpc: fix distclean with Makefile.postlink"
In reply to: Daniel Gruss: "Re: [kernel-hardening] [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode"
Next in thread: Thomas Garnier: "Re: [kernel-hardening] [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 06.05.2017 10:38, Daniel Gruss wrote:

On 2017-05-06 06:02, David Gens wrote:

Assuming that their patch indeed leaks per-cpu addresses.. it might not
necessarily
be required to change it.

I think we're not leaking them (unless we still have some bug in our code).

Just to correct my answer here as well: Although we experimented with fixed mappings for per-cpu addresses, the current patch does not incorporate this yet, so it indeed still leaks. However, it is not a severe problem. The mapping of the required (per-cpu) variables would be at a fixed location in the user CR3, instead of the ones that are used in the kernel.

Next message: Sudeep Holla: "Re: [PATCH V6 1/9] PM / OPP: Introduce "power-domain-opp" property"
Previous message: Horia Geantă: "Re: [PATCH] powerpc: fix distclean with Makefile.postlink"
In reply to: Daniel Gruss: "Re: [kernel-hardening] [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode"
Next in thread: Thomas Garnier: "Re: [kernel-hardening] [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]