Hi! It looks like there's Intel CPU bug, allowing prefetch from kernel memory. It seems to be reason KASLR patches are pushed so fast to Linux. https://mobile.twitter.com/brainsmoke/status/948561799875502080/photo/1 https://forums.freebsd.org/threads/63955/page-2#post-371276 Hmm. Does that mean we can do u16 *peek_addr = <somewhere into kernel>; char cacheline1[64]; char cacheline2[64]; wbinvd(); if (*peek_addr == 0x1234) (volatile char *) cacheline1[0]; else (volatile char *) cacheline2[0]; Thread will certainly die to SIGSEGV here, but from other thread we should be able to tell if cacheline1 or cacheline2 is in cache... and therefore read unreadable memory....? Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature
