lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <6196469d-9766-faef-563d-e278dc92e4e2@redhat.com>
Date:   Mon, 5 Feb 2018 15:19:23 +0100
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     Dave Hansen <dave.hansen@...ux.intel.com>,
        linux-kernel@...r.kernel.org
Cc:     x86@...nel.org, luto@...capital.net, ak@...ux.intel.com,
        jun.nakajima@...el.com, tim.c.chen@...ux.intel.com,
        arjan@...ux.intel.com, dwmw2@...radead.org, keescook@...gle.com
Subject: Re: [PATCH] x86/kvm: clear RSB before VMENTER to obscure host
 addresses

On 02/02/2018 22:10, Dave Hansen wrote:
> I'm posting this because I went to the trouble of hacking it together
> and writing up a pretty lengthy description of what it does and where
> it _might_ have benefit.  But, I'm rather unconvinced that mitigation
> of attacks on ASLR has a lot of value because of how many other
> attacks on ASLR there are.
> 
> Thus, the RFC.

I'm a bit afraid that this would be pretty expensive for just an ASLR
attack.

The cost of stuffing the RSB once is about 60 clock cycles, and if you
do it twice we're spending 10-15% of vmexit time (for the low-latency
cases that matter) on RSB stuffing.

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ