Date: Sat, 6 Jan 2018 21:41:52 +0100 (CET) From: Wojciech Puchar <wojtek@puchar.net> To: Warner Losh <imp@bsdimp.com> Cc: Wojciech Puchar <wojtek@puchar.net>, Eric McCorkle <eric@metricspace.net>, "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: Fwd: A more general possible meltdown/spectre countermeasure Message-ID: <alpine.BSF.2.20.1801062140090.71856@puchar.net> In-Reply-To: <CANCZdfqsV1bUAmwVGHZZfBK2FQ_Y03WvHQuUtBOABHo6mbbYAA@mail.gmail.com> References: <c98b7ac3-26f0-81ee-2769-432697f876e5@metricspace.net> <33bcd281-4018-7075-1775-4dfcd58e5a48@metricspace.net> <alpine.BSF.2.20.1801061701200.40627@puchar.net> <73d2f1a5-55f7-0ae7-7660-3e680ba3d32e@metricspace.net> <CANCZdfqZnZhKXD3SKgyro%2BYLX7j5BYrmCZ7xEGwYY6AWkQpKzg@mail.gmail.com> <alpine.BSF.2.20.1801061752540.46832@puchar.net> <CANCZdfqsV1bUAmwVGHZZfBK2FQ_Y03WvHQuUtBOABHo6mbbYAA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> The only workaround that's completely effective is to unmap all of kernel memory when running in userland. It's a bit tricky because this means on every syscall on interrupt: - memcopy part of top level PTE on enter, bzero on exit - TLB flush both on enter and exit. IMHO it would make much more than 30% overhead in many cases. am i wrong? > there's small parts that have to stay mapped for various architectural reasons. This means KASLR on these CPUs likely can never be > effective since meltdown will let you find what the trap address is and from that find the kernel (though there's some rumblings > that the indirection Linux is doing will suffice). > > Warner > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1801062140090.71856>