| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 24 Jul 2011 20:12:10 +0200 From: Ingo Molnar <mingo@...e.hu> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Borislav Petkov <bp@...64.org>, "H. Peter Anvin" <hpa@...or.com>, Thomas Gleixner <tglx@...utronix.de>, LKML <linux-kernel@...r.kernel.org>, "Przywara, Andre" <Andre.Przywara@....com>, "Pohlack, Martin" <Martin.Pohlack@....com> Subject: Re: [PATCH] x86, AMD: Correct F15h IC aliasing issue * Linus Torvalds <torvalds@...ux-foundation.org> wrote: > On Sun, Jul 24, 2011 at 10:22 AM, Borislav Petkov <bp@...64.org> wrote: > > > >> So at a MINIMUM, I would say that this is acceptable only when the > >> process doing the allocation hasn't got ASLR disabled. > > > > I guess I could look at randomize_va_space before enabling it. > > That's not what I meant - I meant the per-process PF_RANDOMIZE and > ADDR_NO_RANDOMIZE personality flags (although the global > "randomize_va_space" thing obviously is one input to that too) > > In fact, if 99% of your problem is ASLR-induced, might I suggest > just making the whole thing a tweak to ASLR instead, and not use > ASLR for bits 14:12? That should be fundamentally much safer: it > doesn't change any semantics at all, it just makes for slightly > less random bits to be used. Indeed - that would be much nicer and smaller as well. It could also go away easily if this bug is fixed in a future CPU. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists