Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On 23 November 2017 at 17:54, Pavel Machek wrote: > On Thu 2017-11-23 11:38:52, Ard Biesheuvel wrote: >> On 23 November 2017 at 10:46, Pavel Machek wrote: >> > On Thu 2017-11-23 09:23:02, Ard Biesheuvel wrote: >> >> On 23 November 2017 at 09:07, Pavel Machek

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On 23 November 2017 at 17:54, Pavel Machek wrote: > On Thu 2017-11-23 11:38:52, Ard Biesheuvel wrote: >> On 23 November 2017 at 10:46, Pavel Machek wrote: >> > On Thu 2017-11-23 09:23:02, Ard Biesheuvel wrote: >> >> On 23 November 2017 at 09:07, Pavel Machek wrote: >> >> > Hi! >> >> > >> >> >>

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On Thu 2017-11-23 11:38:52, Ard Biesheuvel wrote: > On 23 November 2017 at 10:46, Pavel Machek wrote: > > On Thu 2017-11-23 09:23:02, Ard Biesheuvel wrote: > >> On 23 November 2017 at 09:07, Pavel Machek wrote: > >> > Hi! > >> > > >> >> > On 22 Nov 2017, at 23:37,

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On Thu 2017-11-23 11:38:52, Ard Biesheuvel wrote: > On 23 November 2017 at 10:46, Pavel Machek wrote: > > On Thu 2017-11-23 09:23:02, Ard Biesheuvel wrote: > >> On 23 November 2017 at 09:07, Pavel Machek wrote: > >> > Hi! > >> > > >> >> > On 22 Nov 2017, at 23:37, Pavel Machek wrote: > >> >> >

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On 23 November 2017 at 10:46, Pavel Machek wrote: > On Thu 2017-11-23 09:23:02, Ard Biesheuvel wrote: >> On 23 November 2017 at 09:07, Pavel Machek wrote: >> > Hi! >> > >> >> > On 22 Nov 2017, at 23:37, Pavel Machek wrote: >> >> > >> >> > Hi! >> >> > >>

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On 23 November 2017 at 10:46, Pavel Machek wrote: > On Thu 2017-11-23 09:23:02, Ard Biesheuvel wrote: >> On 23 November 2017 at 09:07, Pavel Machek wrote: >> > Hi! >> > >> >> > On 22 Nov 2017, at 23:37, Pavel Machek wrote: >> >> > >> >> > Hi! >> >> > >> >> > If I'm willing to do timing

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On Thu 2017-11-23 09:23:02, Ard Biesheuvel wrote: > On 23 November 2017 at 09:07, Pavel Machek wrote: > > Hi! > > > >> > On 22 Nov 2017, at 23:37, Pavel Machek wrote: > >> > > >> > Hi! > >> > > >> > If I'm willing to do timing attacks to defeat KASLR... what

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On Thu 2017-11-23 09:23:02, Ard Biesheuvel wrote: > On 23 November 2017 at 09:07, Pavel Machek wrote: > > Hi! > > > >> > On 22 Nov 2017, at 23:37, Pavel Machek wrote: > >> > > >> > Hi! > >> > > >> > If I'm willing to do timing attacks to defeat KASLR... what prevents > >> > me from using

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On 23 November 2017 at 09:07, Pavel Machek wrote: > Hi! > >> > On 22 Nov 2017, at 23:37, Pavel Machek wrote: >> > >> > Hi! >> > >> > If I'm willing to do timing attacks to defeat KASLR... what prevents >> > me from using CPU caches to do that? >> > >>

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On 23 November 2017 at 09:07, Pavel Machek wrote: > Hi! > >> > On 22 Nov 2017, at 23:37, Pavel Machek wrote: >> > >> > Hi! >> > >> > If I'm willing to do timing attacks to defeat KASLR... what prevents >> > me from using CPU caches to do that? >> > >> >> Because it is

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

Hi! > > On 22 Nov 2017, at 23:37, Pavel Machek wrote: > > > > Hi! > > > > If I'm willing to do timing attacks to defeat KASLR... what prevents > > me from using CPU caches to do that? > > > > Because it is impossible to get a cache hit on an access to an >

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

Hi! > > On 22 Nov 2017, at 23:37, Pavel Machek wrote: > > > > Hi! > > > > If I'm willing to do timing attacks to defeat KASLR... what prevents > > me from using CPU caches to do that? > > > > Because it is impossible to get a cache hit on an access to an > unmapped

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

> On 22 Nov 2017, at 23:37, Pavel Machek wrote: > > Hi! > > If I'm willing to do timing attacks to defeat KASLR... what prevents > me from using CPU caches to do that? > Because it is impossible to get a cache hit on an access to an unmapped address?

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

> On 22 Nov 2017, at 23:37, Pavel Machek wrote: > > Hi! > > If I'm willing to do timing attacks to defeat KASLR... what prevents > me from using CPU caches to do that? > Because it is impossible to get a cache hit on an access to an unmapped address? >>> >>> Um,

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

Hi! > >>> If I'm willing to do timing attacks to defeat KASLR... what prevents > >>> me from using CPU caches to do that? > >>> > >> > >> Because it is impossible to get a cache hit on an access to an > >> unmapped address? > > > > Um, no, I don't need to be able to directly access kernel

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

Hi! > >>> If I'm willing to do timing attacks to defeat KASLR... what prevents > >>> me from using CPU caches to do that? > >>> > >> > >> Because it is impossible to get a cache hit on an access to an > >> unmapped address? > > > > Um, no, I don't need to be able to directly access kernel

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

> On 22 Nov 2017, at 22:33, Pavel Machek wrote: > >> On Wed 2017-11-22 21:19:28, Ard Biesheuvel wrote: >>> On 22 November 2017 at 16:19, Pavel Machek wrote: >>> Hi! >>> This patch series implements something along the lines of KAISER for arm64:

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

> On 22 Nov 2017, at 22:33, Pavel Machek wrote: > >> On Wed 2017-11-22 21:19:28, Ard Biesheuvel wrote: >>> On 22 November 2017 at 16:19, Pavel Machek wrote: >>> Hi! >>> This patch series implements something along the lines of KAISER for arm64:

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On Wed 2017-11-22 19:37:14, Will Deacon wrote: > On Wed, Nov 22, 2017 at 05:19:14PM +0100, Pavel Machek wrote: > > > This patch series implements something along the lines of KAISER for > > > arm64: > > > > > > https://gruss.cc/files/kaiser.pdf > > > > > > although I wrote this from scratch

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On Wed 2017-11-22 19:37:14, Will Deacon wrote: > On Wed, Nov 22, 2017 at 05:19:14PM +0100, Pavel Machek wrote: > > > This patch series implements something along the lines of KAISER for > > > arm64: > > > > > > https://gruss.cc/files/kaiser.pdf > > > > > > although I wrote this from scratch

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On Wed 2017-11-22 21:19:28, Ard Biesheuvel wrote: > On 22 November 2017 at 16:19, Pavel Machek wrote: > > Hi! > > > >> This patch series implements something along the lines of KAISER for arm64: > >> > >> https://gruss.cc/files/kaiser.pdf > >> > >> although I wrote this from

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On Wed 2017-11-22 21:19:28, Ard Biesheuvel wrote: > On 22 November 2017 at 16:19, Pavel Machek wrote: > > Hi! > > > >> This patch series implements something along the lines of KAISER for arm64: > >> > >> https://gruss.cc/files/kaiser.pdf > >> > >> although I wrote this from scratch because the

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On 22 November 2017 at 16:19, Pavel Machek wrote: > Hi! > >> This patch series implements something along the lines of KAISER for arm64: >> >> https://gruss.cc/files/kaiser.pdf >> >> although I wrote this from scratch because the paper has some funny >> assumptions about how the

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On 22 November 2017 at 16:19, Pavel Machek wrote: > Hi! > >> This patch series implements something along the lines of KAISER for arm64: >> >> https://gruss.cc/files/kaiser.pdf >> >> although I wrote this from scratch because the paper has some funny >> assumptions about how the architecture

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On Mon, Nov 20, 2017 at 06:20:39PM +, Ard Biesheuvel wrote: > On 20 November 2017 at 18:06, Will Deacon wrote: > > I'll see if I can measure the cost of the current vbar switching to get > > an idea of the potential performance available. > > > > Yeah, makes sense. If

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On Mon, Nov 20, 2017 at 06:20:39PM +, Ard Biesheuvel wrote: > On 20 November 2017 at 18:06, Will Deacon wrote: > > I'll see if I can measure the cost of the current vbar switching to get > > an idea of the potential performance available. > > > > Yeah, makes sense. If the bulk of the

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On Mon, Nov 20, 2017 at 02:50:58PM -0800, Laura Abbott wrote: > On 11/17/2017 10:21 AM, Will Deacon wrote: > >This patch series implements something along the lines of KAISER for arm64: > > Passed some basic tests on Hikey Android and my Mustang box. I'll > leave the Mustang building kernels for

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On Wed, Nov 22, 2017 at 05:19:14PM +0100, Pavel Machek wrote: > > This patch series implements something along the lines of KAISER for arm64: > > > > https://gruss.cc/files/kaiser.pdf > > > > although I wrote this from scratch because the paper has some funny > > assumptions about how the

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On Mon, Nov 20, 2017 at 02:50:58PM -0800, Laura Abbott wrote: > On 11/17/2017 10:21 AM, Will Deacon wrote: > >This patch series implements something along the lines of KAISER for arm64: > > Passed some basic tests on Hikey Android and my Mustang box. I'll > leave the Mustang building kernels for

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On Wed, Nov 22, 2017 at 05:19:14PM +0100, Pavel Machek wrote: > > This patch series implements something along the lines of KAISER for arm64: > > > > https://gruss.cc/files/kaiser.pdf > > > > although I wrote this from scratch because the paper has some funny > > assumptions about how the

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

Hi! > This patch series implements something along the lines of KAISER for arm64: > > https://gruss.cc/files/kaiser.pdf > > although I wrote this from scratch because the paper has some funny > assumptions about how the architecture works. There is a patch series > in review for x86, which

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

Hi! > This patch series implements something along the lines of KAISER for arm64: > > https://gruss.cc/files/kaiser.pdf > > although I wrote this from scratch because the paper has some funny > assumptions about how the architecture works. There is a patch series > in review for x86, which

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On 11/17/2017 10:21 AM, Will Deacon wrote: Hi all, This patch series implements something along the lines of KAISER for arm64: https://gruss.cc/files/kaiser.pdf although I wrote this from scratch because the paper has some funny assumptions about how the architecture works. There is a

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On 11/17/2017 10:21 AM, Will Deacon wrote: Hi all, This patch series implements something along the lines of KAISER for arm64: https://gruss.cc/files/kaiser.pdf although I wrote this from scratch because the paper has some funny assumptions about how the architecture works. There is a

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On 20 November 2017 at 18:06, Will Deacon wrote: > Hi Ard, > > Cheers for having a look. > > On Sat, Nov 18, 2017 at 03:25:06PM +, Ard Biesheuvel wrote: >> On 17 November 2017 at 18:21, Will Deacon wrote: >> > This patch series implements something

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On 20 November 2017 at 18:06, Will Deacon wrote: > Hi Ard, > > Cheers for having a look. > > On Sat, Nov 18, 2017 at 03:25:06PM +, Ard Biesheuvel wrote: >> On 17 November 2017 at 18:21, Will Deacon wrote: >> > This patch series implements something along the lines of KAISER for arm64: >> >>

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

Hi Ard, Cheers for having a look. On Sat, Nov 18, 2017 at 03:25:06PM +, Ard Biesheuvel wrote: > On 17 November 2017 at 18:21, Will Deacon wrote: > > This patch series implements something along the lines of KAISER for arm64: > > Very nice! I am quite pleased, because

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

Hi Ard, Cheers for having a look. On Sat, Nov 18, 2017 at 03:25:06PM +, Ard Biesheuvel wrote: > On 17 November 2017 at 18:21, Will Deacon wrote: > > This patch series implements something along the lines of KAISER for arm64: > > Very nice! I am quite pleased, because this makes KASLR much

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On Fri, Nov 17, 2017 at 04:19:35PM -0800, Stephen Boyd wrote: > On 11/17, Will Deacon wrote: > > Hi all, > > > > This patch series implements something along the lines of KAISER for arm64: > > > > https://gruss.cc/files/kaiser.pdf > > > > although I wrote this from scratch because the paper

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On Fri, Nov 17, 2017 at 04:19:35PM -0800, Stephen Boyd wrote: > On 11/17, Will Deacon wrote: > > Hi all, > > > > This patch series implements something along the lines of KAISER for arm64: > > > > https://gruss.cc/files/kaiser.pdf > > > > although I wrote this from scratch because the paper

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On 17 November 2017 at 18:21, Will Deacon wrote: > Hi all, > > This patch series implements something along the lines of KAISER for arm64: > > https://gruss.cc/files/kaiser.pdf > > although I wrote this from scratch because the paper has some funny > assumptions about how

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On 17 November 2017 at 18:21, Will Deacon wrote: > Hi all, > > This patch series implements something along the lines of KAISER for arm64: > > https://gruss.cc/files/kaiser.pdf > > although I wrote this from scratch because the paper has some funny > assumptions about how the architecture

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On 11/17, Will Deacon wrote: > Hi all, > > This patch series implements something along the lines of KAISER for arm64: > > https://gruss.cc/files/kaiser.pdf > > although I wrote this from scratch because the paper has some funny > assumptions about how the architecture works. There is a patch

Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

On 11/17, Will Deacon wrote: > Hi all, > > This patch series implements something along the lines of KAISER for arm64: > > https://gruss.cc/files/kaiser.pdf > > although I wrote this from scratch because the paper has some funny > assumptions about how the architecture works. There is a patch

[PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

Hi all, This patch series implements something along the lines of KAISER for arm64: https://gruss.cc/files/kaiser.pdf although I wrote this from scratch because the paper has some funny assumptions about how the architecture works. There is a patch series in review for x86, which follows a

[PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

Hi all, This patch series implements something along the lines of KAISER for arm64: https://gruss.cc/files/kaiser.pdf although I wrote this from scratch because the paper has some funny assumptions about how the architecture works. There is a patch series in review for x86, which follows a