Kernel page-table isolation merged
Kernel page-table isolation merged
Posted Jan 3, 2018 3:03 UTC (Wed) by rahvin (guest, #16953)In reply to: Kernel page-table isolation merged by andresfreund
Parent article: Kernel page-table isolation merged
By all reports this is worse than the Intel lights-out firmware bug and allows user space code to read protected kernel memory, conceivably allowing one VM to read the memory of another VM per one of the scenario's I've seen. This has the potential to be heart-bleed plus a remote exploitable memory read that can be executed by user space code including javascript running in a browser. And it's hard coded in Intel silicon requiring the need to use the OS to separate the kernel and user space cache system resulting in major performance hits. Talk about ugly and just like the firmware it's in every processor Intel has built for more than a decade.
This is beyond brutal and I expect it's going to exacerbate the AMD processor shortage, good news for AMD at least. Bad news for anyone running an internet connected server.
Posted Jan 3, 2018 10:54 UTC (Wed)
by cesarb (subscriber, #6266)
[Link] (2 responses)
Has the commit adding that test been merged already? So far, I've only seen it on the mailing list, but not on the kernel repository, so as far as I can see, AMD hardware is not yet exempted.
Posted Jan 4, 2018 0:33 UTC (Thu)
by rahvin (guest, #16953)
[Link] (1 responses)
https://lkml.org/lkml/2017/12/27/2
Posted Jan 4, 2018 2:11 UTC (Thu)
by mjg59 (subscriber, #23239)
[Link]
Kernel page-table isolation merged
Kernel page-table isolation merged
Kernel page-table isolation merged