|
|
Subscribe / Log in / New account

KAISER: hiding the kernel from user space

KAISER: hiding the kernel from user space

Posted Jan 3, 2018 17:30 UTC (Wed) by excors (subscriber, #95769)
In reply to: KAISER: hiding the kernel from user space by EdRowland
Parent article: KAISER: hiding the kernel from user space

I guess the main problem with that idea is that page tables take 8 bytes of physical memory per 4KB of virtual address space. If you want to fill up the whole ~48-bit virtual address space with distinct PTEs, you'd need 512GB of page tables.

You could try to reduce the size by e.g. using a single dummy PTE table that's shared by all the higher-level tables, instead of keeping them distinct. But an attacker can likely measure the timing difference between a page walk that fetches the PTE from cache, vs one that fetches it from RAM. If you access address A, then address A+4096, and the second one is fast (i.e. the PTE is already in the cache), you know that's using the dummy PTE, so it's still leaking information about where the kernel is.

to post comments

KAISER: hiding the kernel from user space

Posted Jan 6, 2018 0:26 UTC (Sat) by ridethewave (guest, #121115) [Link]

>I guess the main problem with that idea is that page tables take 8 bytes of physical memory >per 4KB of virtual address space
Couldn't you just map each virtual address to the same physical address then?


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds