[GTALUG] python sweetness — The mysterious case of the Linux Page Table

Dhaval Giani dhaval.giani at gmail.com
Thu Jan 4 00:08:16 EST 2018


On Wed, Jan 3, 2018 at 11:59 PM Russell Reiter <rreiter91 at gmail.com> wrote:

> On January 3, 2018 10:56:30 PM EST, Dhaval Giani <dhaval.giani at gmail.com>
> wrote:
> >
> https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html
> >gives the gory details
> >
> >At this point, I cannot stress on how important it is to update your
> >systems as soon as your distribution ships them. I am hoping this
> >remains to be a once in a lifetime event.
> I admire your optimism. To me it looks like this is a kind of example of
> feeping creaturisim in hypervisor's; not necessarily an easy patch.

I am unsure what you are implying. This is a hardware issue which has been
fixed in software. There are exploits out already that I am seeing able to
run through your web browser. This is serious stuff. Also unsure what this
has to do with hypervisors apart from them also needing to mitigate this

> The idea of the necessity of some sort of kernel isolation has been around
> for quite a while. In part as a response to the ease with which userland
> interpreters can polute kernelspace.
> https://lwn.net/Articles/39283/
> I've read that some of the proposed solutions could add as much as a 30%
> operational overhead. Not much of an issue for average home users but for
> enterprise this could be a real game changer.

The 30% overhead is for a pathological case. A 5-10% overhead is more
likely. And do you honestly think that upstream is not going to work on
getting that overhead down?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20180104/bf8ea9fd/attachment.html>

More information about the talk mailing list