On Tue, Mar 10, 2015 at 11:40:03PM +0100, Carl-Daniel Hailfinger wrote: > On 10.03.2015 21:32, Solar Designer wrote: > > On Tue, Mar 10, 2015 at 02:35:41PM +0100, lst_ho...@kwsoft.de wrote: > >> Zitat von Benjamin Henrion <zoo...@gmail.com>: > >>> Could this be used to gain HN root access from a container: > >>> > >>> http://googleprojectzero.blogspot.be/2015/03/exploiting-dram-rowhammer-bug-to-gain.html?m=1 > >>> > >>> best, > >> As i understand this is a hardware defect, so yes it would be > >> exploitable within any OS which does not explicit prevent the usage > >> pattern of RAM. > > Yes, but patching the Linux kernel to restrict access to > > /proc/self/pagemap may mitigate the currently described attack. This is > > something the OpenVZ project may do. > > Wouldn't that still leave the way to attack via hugepages which makes > /proc/self/pagemap partially unneeded?
This mitigation would certainly be far from perfect, and would not provide any sort of guarantee, but it's whatever we can have cheaply. Alexander _______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users
