Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Intel CPU bug forcing page table switch during syscalls?

From: Pavel Machek <pavel () ucw cz>
Date: Wed, 3 Jan 2018 22:31:29 +0100
Hi!

It looks like there's Intel CPU bug, allowing prefetch from kernel
memory. It seems to be reason KASLR patches are pushed so fast to Linux.

https://mobile.twitter.com/brainsmoke/status/948561799875502080/photo/1
https://forums.freebsd.org/threads/63955/page-2#post-371276

Hmm.

Does that mean we can do

   u16 *peek_addr = <somewhere into kernel>;
   char cacheline1[64];
   char cacheline2[64];

   wbinvd();

   if (*peek_addr == 0x1234)
      (volatile char *) cacheline1[0];
   else
      (volatile char *) cacheline2[0];

Thread will certainly die to SIGSEGV here, but from other thread we
should be able to tell if cacheline1 or cacheline2 is in cache... and
therefore read unreadable memory....?

                                                                        Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Attachment: signature.asc
Description: Digital signature

Previous By Date Next
Previous By Thread Next

Current thread: