[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
As I understand it, on intel cpus and possibly more, we'll need to unmap
the kernel on userret, or else userland can read arbitrary kernel
People seem to be mentioning a 50% performance penalty and we might do
worse (we don't have vDSOs...)
Also, I understand that to exploit this, one has to attempt to access
kernel memory a lot, and SEGV at least once per bit.
I wonder if we can count the number of SEGVs and if we get a few, turn
on the workaround? that would at least spare us the performance penalty
for normal code.
Main Index |
Thread Index |