Re: Restricting rdtsc [was: kernel aslr]

To: Maxime Villard <max%m00nbsd.net@localhost>
Subject: Re: Restricting rdtsc [was: kernel aslr]
From: Thomas Klausner <tk%giga.or.at@localhost>
Date: Tue, 28 Mar 2017 22:47:42 +0200

On Tue, Mar 28, 2017 at 10:36:52PM +0200, Maxime Villard wrote:
> I already thought about this a few months ago, and my conclusion back then
> was that it is very difficult to achieve if we want both good performance
> and good security. This is a little off-topic, but the idea would consist in
> having two identical kernel text segments mapped at different addresses. Only
> one kernel is active at a time. Every once in a while we randomize the other
> kernel, wait for interrupts to happen in the currently running lwps, and
> migrate these lwps to the new kernel, dropping refcounts along the way. When
> it reaches zero, everybody uses the new kernel, and we unmap the previous
> one. And we keep jumping between kernels this way regularly. I also had other
> magic tricks for .data and .rodata, but that's another debate.

This would be a step in the direction of allowing updating running
kernels, wouldn't it?
 Thomas

References:
- Restricting rdtsc [was: kernel aslr]
  - From: Maxime Villard
- Re: Restricting rdtsc [was: kernel aslr]
  - From: Mouse
- Re: Restricting rdtsc [was: kernel aslr]
  - From: Maxime Villard
- Re: Restricting rdtsc [was: kernel aslr]
  - From: Mouse
- Re: Restricting rdtsc [was: kernel aslr]
  - From: Maxime Villard

Prev by Date: Re: Restricting rdtsc [was: kernel aslr]
Next by Date: Re: Restricting rdtsc [was: kernel aslr]
Previous by Thread: Re: Restricting rdtsc [was: kernel aslr]
Next by Thread: Re: Restricting rdtsc [was: kernel aslr]
Indexes:

Home | Main Index | Thread Index | Old Index