| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+55aFz58wU4XXHCKH85o=hkvUa0=usi09_Ox6FKa9BB2iLDpw@mail.gmail.com>
Date: Thu, 11 Jan 2018 10:36:10 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Alexei Starovoitov <alexei.starovoitov@...il.com>,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Willy Tarreau <w@....eu>,
Peter Zijlstra <peterz@...radead.org>,
LKML <linux-kernel@...r.kernel.org>, X86 ML <x86@...nel.org>,
Borislav Petkov <bp@...en8.de>,
Brian Gerst <brgerst@...il.com>,
Ingo Molnar <mingo@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
"H. Peter Anvin" <hpa@...or.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Kees Cook <keescook@...omium.org>
Subject: Re: [RFC PATCH v2 6/6] x86/entry/pti: don't switch PGD on when
pti_disable is set
On Thu, Jan 11, 2018 at 10:32 AM, Josh Poimboeuf <jpoimboe@...hat.com> wrote:
> On Thu, Jan 11, 2018 at 10:21:49AM -0800, Alexei Starovoitov wrote:
>>
>> hmm. Exposing cr3 to user space will make it trivial for user process
>> to know whether kpti is active. Not sure how exploitable such
>> information leak.
>
> It's already trivial to detect PTI from user space.
I agree. I don't think the whole "is PTI on" is all that much of a secret.
But exposing all of %cr3 to user space is completely unacceptable.
That's just about *the* best attack vector information you could give
to somebody, and would make KASLR almost totally uninteresting. If you
have access to the page directory pointer, and some other weakness
that allows you to access it, you're golden. You can do anything.
Linus
Powered by blists - more mailing lists