LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Tim Chen <tim.c.chen@linux.intel.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Jiri Kosina <jikos@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Tom Lendacky <thomas.lendacky@amd.com>,
Ingo Molnar <mingo@redhat.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Andrea Arcangeli <aarcange@redhat.com>,
David Woodhouse <dwmw@amazon.co.uk>,
Andi Kleen <ak@linux.intel.com>,
Dave Hansen <dave.hansen@intel.com>,
Casey Schaufler <casey.schaufler@intel.com>,
Asit Mallick <asit.k.mallick@intel.com>,
Arjan van de Ven <arjan@linux.intel.com>,
Jon Masters <jcm@redhat.com>,
linux-kernel@vger.kernel.org, x86@kernel.org
Subject: Re: [Patch v3 00/13] Provide process property based options to enable Spectre v2 userspace-userspace protection
Date: Fri, 19 Oct 2018 09:43:35 -0700 [thread overview]
Message-ID: <591b320f-b3b0-278f-cde9-71a14b5e4d87@linux.intel.com> (raw)
In-Reply-To: <20181019075740.GY3121@hirez.programming.kicks-ass.net>
On 10/19/2018 12:57 AM, Peter Zijlstra wrote:
> On Wed, Oct 17, 2018 at 10:59:28AM -0700, Tim Chen wrote:
>> Application to application exploit is in general difficult due to address
>> space layout randomization in applications and the need to know an
>
> Does the BTB attack on KASLR not work for userspace?
>
With KASLR, you can probe the kernel mapped and unmapped
addresses with side channels like TLB and infer the kernel mapping
offsets much more easily, as kernel is in the same address
space as the attack process. It is a lot harder to do
such probing from another process that doesn't share the
same page tables.
Tim
next prev parent reply other threads:[~2018-10-19 16:43 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-17 17:59 Tim Chen
2018-10-17 17:59 ` [Patch v3 01/13] x86/speculation: Clean up spectre_v2_parse_cmdline Tim Chen
2018-10-18 12:43 ` Thomas Gleixner
2018-10-17 17:59 ` [Patch v3 02/13] x86/speculation: Remove unnecessary ret variable in cpu_show_common Tim Chen
2018-10-18 12:46 ` Thomas Gleixner
2018-10-17 17:59 ` [Patch v3 03/13] x86/speculation: Add static key for Enhanced IBRS Tim Chen
2018-10-18 12:50 ` Thomas Gleixner
2018-10-26 16:58 ` Waiman Long
2018-10-26 18:15 ` Tim Chen
2018-10-28 9:32 ` Thomas Gleixner
2018-10-17 17:59 ` [Patch v3 04/13] x86/speculation: Disable STIBP when enhanced IBRS is in use Tim Chen
2018-10-18 12:58 ` Thomas Gleixner
2018-10-26 17:00 ` Waiman Long
2018-10-26 18:18 ` Tim Chen
2018-10-26 18:29 ` Tim Chen
2018-10-17 17:59 ` [Patch v3 05/13] x86/smt: Create cpu_smt_enabled static key for SMT specific code Tim Chen
2018-10-18 13:03 ` Thomas Gleixner
2018-10-19 7:51 ` Peter Zijlstra
2018-10-17 17:59 ` [Patch v3 06/13] mm: Pass task instead of task->mm as argument to set_dumpable Tim Chen
2018-10-18 13:22 ` Thomas Gleixner
2018-10-19 20:02 ` Peter Zijlstra
2018-10-17 17:59 ` [Patch v3 07/13] x86/process Add arch_set_dumpable Tim Chen
2018-10-18 13:28 ` Thomas Gleixner
2018-10-18 18:46 ` Tim Chen
2018-10-19 19:12 ` Thomas Gleixner
2018-10-19 20:16 ` Thomas Gleixner
2018-10-22 23:55 ` Tim Chen
2018-10-17 17:59 ` [Patch v3 08/13] x86/speculation: Rename SSBD update functions Tim Chen
2018-10-18 13:37 ` Thomas Gleixner
2018-10-17 17:59 ` [Patch v3 09/13] x86/speculation: Reorganize SPEC_CTRL MSR update Tim Chen
2018-10-18 13:47 ` Thomas Gleixner
2018-10-26 17:21 ` Waiman Long
2018-10-26 18:25 ` Tim Chen
2018-10-17 17:59 ` [Patch v3 10/13] x86/speculation: Add per thread STIBP flag Tim Chen
2018-10-18 13:53 ` Thomas Gleixner
2018-10-17 17:59 ` [Patch v3 11/13] x86/speculation: Add Spectre v2 lite app to app protection mode Tim Chen
2018-10-18 15:12 ` Thomas Gleixner
2018-10-17 17:59 ` [Patch v3 12/13] x86/speculation: Protect non-dumpable processes against Spectre v2 attack Tim Chen
2018-10-18 15:17 ` Thomas Gleixner
2018-10-26 17:46 ` Waiman Long
2018-10-26 18:10 ` Tim Chen
2018-10-17 17:59 ` [Patch v3 13/13] x86/speculation: Create PRCTL interface to restrict indirect branch speculation Tim Chen
2018-10-17 19:12 ` Randy Dunlap
2018-10-18 15:31 ` Thomas Gleixner
2018-10-19 7:57 ` [Patch v3 00/13] Provide process property based options to enable Spectre v2 userspace-userspace protection Peter Zijlstra
2018-10-19 16:43 ` Tim Chen [this message]
2018-10-19 18:38 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=591b320f-b3b0-278f-cde9-71a14b5e4d87@linux.intel.com \
--to=tim.c.chen@linux.intel.com \
--cc=aarcange@redhat.com \
--cc=ak@linux.intel.com \
--cc=arjan@linux.intel.com \
--cc=asit.k.mallick@intel.com \
--cc=casey.schaufler@intel.com \
--cc=dave.hansen@intel.com \
--cc=dwmw@amazon.co.uk \
--cc=jcm@redhat.com \
--cc=jikos@kernel.org \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
--subject='Re: [Patch v3 00/13] Provide process property based options to enable Spectre v2 userspace-userspace protection' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).