Intel CPU bug forcing page table switch during syscalls?

From: Pavel Machek <pavel@ucw.cz>
To: bugtraq@securityfocus.com
Cc:
Subject: Intel CPU bug forcing page table switch during syscalls?
Date:


Hi!

It looks like there's Intel CPU bug, allowing prefetch from kernel
memory. It seems to be reason KASLR patches are pushed so fast to Linux.

https://mobile.twitter.com/brainsmoke/status/948561799875502080/photo/1
https://forums.freebsd.org/threads/63955/page-2#post-371276

Hmm.

Does that mean we can do

   u16 *peek_addr = <somewhere into kernel>;
   char cacheline1[64];
   char cacheline2[64];

   wbinvd();

   if (*peek_addr == 0x1234)
      (volatile char *) cacheline1[0];
   else
      (volatile char *) cacheline2[0];

Thread will certainly die to SIGSEGV here, but from other thread we
should be able to tell if cacheline1 or cacheline2 is in cache... and
therefore read unreadable memory....?

                                                                     Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html




Copyright © 1995-2018 LinuxRocket.net. All rights reserved.