On 10/18/18 12:21 AM, Dave Hansen wrote:
> On 10/17/2018 04:32 AM, Pavel Machek wrote:
>>> Well, that depends. Do you care about PROT_NONE attacks as well? If not
>>> then no-swap would help you. But even then no-swap is rather theoretical
>>> attack on a physical host unless you allow an
On 10/18/18 12:21 AM, Dave Hansen wrote:
> On 10/17/2018 04:32 AM, Pavel Machek wrote:
>>> Well, that depends. Do you care about PROT_NONE attacks as well? If not
>>> then no-swap would help you. But even then no-swap is rather theoretical
>>> attack on a physical host unless you allow an
On 10/17/2018 04:32 AM, Pavel Machek wrote:
>> Well, that depends. Do you care about PROT_NONE attacks as well? If not
>> then no-swap would help you. But even then no-swap is rather theoretical
>> attack on a physical host unless you allow an arbitrary swapout to a
>> malicious user (e.g. allow a
On 10/17/2018 04:32 AM, Pavel Machek wrote:
>> Well, that depends. Do you care about PROT_NONE attacks as well? If not
>> then no-swap would help you. But even then no-swap is rather theoretical
>> attack on a physical host unless you allow an arbitrary swapout to a
>> malicious user (e.g. allow a
On 10/17/18 4:08 PM, Andi Kleen wrote:
> On Wed, Oct 17, 2018 at 12:56:10PM +0200, Pavel Machek wrote:
>> Hi!
>>
>> 6a012288 suggests I throw away 1GB on RAM. On 3GB system.. that is not
>> going to be pleasant.
>
> Just rebuild your kernel with PAE? I assume your CPU supports it.
I think it is
On 10/17/18 4:08 PM, Andi Kleen wrote:
> On Wed, Oct 17, 2018 at 12:56:10PM +0200, Pavel Machek wrote:
>> Hi!
>>
>> 6a012288 suggests I throw away 1GB on RAM. On 3GB system.. that is not
>> going to be pleasant.
>
> Just rebuild your kernel with PAE? I assume your CPU supports it.
I think it is
On Wed, Oct 17, 2018 at 12:56:10PM +0200, Pavel Machek wrote:
> Hi!
>
> 6a012288 suggests I throw away 1GB on RAM. On 3GB system.. that is not
> going to be pleasant.
Just rebuild your kernel with PAE? I assume your CPU supports it.
This will also give you NX, which if you're really worried
On Wed, Oct 17, 2018 at 12:56:10PM +0200, Pavel Machek wrote:
> Hi!
>
> 6a012288 suggests I throw away 1GB on RAM. On 3GB system.. that is not
> going to be pleasant.
Just rebuild your kernel with PAE? I assume your CPU supports it.
This will also give you NX, which if you're really worried
On Wed 17-10-18 13:32:26, Pavel Machek wrote:
[...]
> > > Now question is... can we do better? Kernel stores information about
> > > swapped-out pages there, right? That sounds like a cool hack, but
> > > maybe it is time to get rid of that hack?
> >
> > Patches are welcome.
>
> Cooperation will
On Wed 17-10-18 13:32:26, Pavel Machek wrote:
[...]
> > > Now question is... can we do better? Kernel stores information about
> > > swapped-out pages there, right? That sounds like a cool hack, but
> > > maybe it is time to get rid of that hack?
> >
> > Patches are welcome.
>
> Cooperation will
Hi!
> > 6a012288 suggests I throw away 1GB on RAM. On 3GB system.. that is not
> > going to be pleasant.
> >
> > l1tf.html says:
> >
> > # The Linux kernel contains a mitigation for this attack vector, PTE
> > # inversion, which is permanently enabled and has no performance
> > # impact.
> >
>
Hi!
> > 6a012288 suggests I throw away 1GB on RAM. On 3GB system.. that is not
> > going to be pleasant.
> >
> > l1tf.html says:
> >
> > # The Linux kernel contains a mitigation for this attack vector, PTE
> > # inversion, which is permanently enabled and has no performance
> > # impact.
> >
>
On Wed 17-10-18 12:56:10, Pavel Machek wrote:
> Hi!
>
> 6a012288 suggests I throw away 1GB on RAM. On 3GB system.. that is not
> going to be pleasant.
>
> l1tf.html says:
>
> # The Linux kernel contains a mitigation for this attack vector, PTE
> # inversion, which is permanently enabled and has
On Wed 17-10-18 12:56:10, Pavel Machek wrote:
> Hi!
>
> 6a012288 suggests I throw away 1GB on RAM. On 3GB system.. that is not
> going to be pleasant.
>
> l1tf.html says:
>
> # The Linux kernel contains a mitigation for this attack vector, PTE
> # inversion, which is permanently enabled and has
14 matches
Mail list logo
