Hi!

It looks like there's Intel CPU bug, allowing prefetch from kernel
memory. It seems to be reason KASLR patches are pushed so fast to Linux.

https://mobile.twitter.com/brainsmoke/status/948561799875502080/photo/1
https://forums.freebsd.org/threads/63955/page-2#post-371276

Hmm.

Does that mean we can do

u16 *peek_addr = <somewhere into kernel>;
char cacheline1[64];
char cacheline2[64];

wbinvd();

if (*peek_addr == 0x1234)
(volatile char *) cacheline1[0];
else
(volatile char *) cacheline2[0];

Thread will certainly die to SIGSEGV here, but from other thread we
should be able to tell if cacheline1 or cacheline2 is in cache... and
therefore read unreadable memory....?

Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlpNS7AACgkQMOfwapXb+vK7qgCfZCTHnDr5zBL1ePfoqvXM6/4s
mXEAoJMYQ/PoUGS4ZMt9LcYjAwktmTnC
=BGX6
-----END PGP SIGNATURE-----

[ reply ]