I forgot one sentence :-( On 13/11/2018 20:31, Igor Stoppa wrote: > On 13/11/2018 19:47, Andy Lutomirski wrote: > >> For general rare-writish stuff, I don't think we want IRQs running >> with them mapped anywhere for write. For AVC and IMA, I'm less sure. > > Why would these be less sensitive? > > But I see a big difference between my initial implementation and this one. > > In my case, by using a shared mapping, visible to all cores, freezing > the core that is performing the write would have exposed the writable > mapping to a potential attack run from another core. > > If the mapping is private to the core performing the write, even if it > is frozen, it's much harder to figure out what it had mapped and where, > from another core. > > To access that mapping, the attack should be performed from the ISR, I > think. Unless the secondary mapping is also available to other cores, through the shared mm_struct ? -- igor
