On Mon, Jan 5, 2015 at 6:18 PM, Kirill A. Shutemov <kir...@shutemov.name> wrote: > On Mon, Jan 05, 2015 at 05:57:24PM -0800, Andy Lutomirski wrote: >> On Mon, Jan 5, 2015 at 5:47 PM, Kirill A. Shutemov <kir...@shutemov.name> >> wrote: >> > On Mon, Jan 05, 2015 at 11:50:04AM -0800, Andy Lutomirski wrote: >> >> On Mon, Jan 5, 2015 at 11:23 AM, One Thousand Gnomes >> >> <gno...@lxorguk.ukuu.org.uk> wrote: >> >> >> In the meantime, I created test that actually uses physical memory, >> >> >> 8MB apart, as described in some footnote. It is attached. It should >> >> >> work, but it needs boot with specific config options and specific >> >> >> kernel parameters. >> >> > >> >> > Why not just use hugepages. You know the alignment guarantees for 1GB >> >> > pages and that means you don't even need to be root >> >> > >> >> > In fact - should we be disabling 1GB huge page support by default at >> >> > this >> >> > point, at least on non ECC boxes ? >> >> >> >> Can you actually damage anyone else's data using a 1 GB hugepage? >> > >> > hugetlbfs is a filesystem: the answer is yes. Although I don't see the >> > issue as a big attach vector. >> >> What I mean is: if I map a 1 GB hugepage and rowhammer it, is it >> likely that the corruption will be confined to the same 1 GB? > > I don't know for sure, but it looks likely to me according to claim in the > paper (8MB). But it still can be sombody else's data: 644 file on > hugetlbfs mmap()ed r/o by anyone. > > When I read the paper I thought that vdso would be interesting target for > the attack, but having all these constrains in place, it's hard aim the > attack anything widely used. >
The vdso and the vvar page are both at probably-well-known physical addresses, so you can at least target the kernel a little bit. I *think* that kASLR helps a little bit here. --Andy > -- > Kirill A. Shutemov -- Andy Lutomirski AMA Capital Management, LLC -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
