Re: [Patch v3 00/13] Provide process property based options to enable Spectre v2 userspace-userspace protection

From: Peter Zijlstra
Date: Fri Oct 19 2018 - 14:38:53 EST

Next message: John Stultz: "Re: TSC to Mono-raw Drift"
Previous message: Nathan Chancellor: "[PATCH] pstore: Fix annotation on declaration of pstore_exit_fs"
In reply to: Tim Chen: "Re: [Patch v3 00/13] Provide process property based options to enable Spectre v2 userspace-userspace protection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Oct 19, 2018 at 09:43:35AM -0700, Tim Chen wrote:
> On 10/19/2018 12:57 AM, Peter Zijlstra wrote:
> > On Wed, Oct 17, 2018 at 10:59:28AM -0700, Tim Chen wrote:
> >> Application to application exploit is in general difficult due to address
> >> space layout randomization in applications and the need to know an
> >
> > Does the BTB attack on KASLR not work for userspace?
> >
>
> With KASLR, you can probe the kernel mapped and unmapped
> addresses with side channels like TLB and infer the kernel mapping
> offsets much more easily, as kernel is in the same address
> space as the attack process. It is a lot harder to do
> such probing from another process that doesn't share the
> same page tables.

I said BTB; see: http://www.cs.binghamton.edu/~dima/micro16.pdf

>From what I understood, local ASLR (of any kind) is a pipe dream.

Next message: John Stultz: "Re: TSC to Mono-raw Drift"
Previous message: Nathan Chancellor: "[PATCH] pstore: Fix annotation on declaration of pstore_exit_fs"
In reply to: Tim Chen: "Re: [Patch v3 00/13] Provide process property based options to enable Spectre v2 userspace-userspace protection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]