On Wed, Nov 04, 2009 at 02:57:59AM +0100, Claire beuserie wrote: > Hi, > > On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt <dera...@cvs.openbsd.org>wrote: > > > 2) At least three of our developers were aware of this exploitation > > method going back perhaps two years before than the commit, but we > > gnashed our teeth a lot to try to find other solutions. Clever > > cpu architectures don't have this issue because the virtual address > > spaces are seperate, so i386/amd64 are the ones with the big impact. > > We did think long and hard about tlb bashing page 0 everytime we > > switch into the kernel, but it still does not look attractive from > > a performance standpoint. > > > > I'm confused. > > That came out a bit weird: are you saying you knew about the bug for 2 years > but did not fix it?
Allowing a mapping at address zero is not a bug per se, but it opens a door for other bugs to be exploited more effectively. This door has been closed, but only after hard thinking went into how to close it. -Otto