From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 04F953B2A4 for ; Mon, 1 Jan 2018 18:08:49 -0500 (EST) Received: by mail-qk0-x22e.google.com with SMTP id p13so43804595qke.4 for ; Mon, 01 Jan 2018 15:08:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=YI28TAGYelZLx9fFF4gqy5+HB8DcDMEFdtXjMgNJdYo=; b=E6H6MwPnfVUIw6Z4qGKRI0i+wjCk0uUFm8Gmu4usas1jCBV9lnqNhj+Vprbay13G+s KgVp0CgUl2bHVVUeS6iCcRGB56PI1XQYEux2R5dw3LTdMZSuj11W8Q08gLPJLvGTlTid P8akdG9jjh3Yj4FdwijN2PWkAyuNby0Qf4itnrvzdxY14GR8bIk6CZ6jEC7W0STpEmVx K4DGQFLC6v31o9O9S5/wZFhaHVh1ovtUq7ecpJMGcPNl8nLd8YBSD3x+h+Z1YODSDpEH PyCsnNS/Z+ZOK8ooJ1anzI5oCO1Am00kFXjvQZ158y60B6zrdLzElhPy4RWXvLXmlZJE 4BKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=YI28TAGYelZLx9fFF4gqy5+HB8DcDMEFdtXjMgNJdYo=; b=Yigo9GpvFrd4ZnyVCVjS+oEjVX6e21LNk7U5MZE1iGNi7hS5U590e1RngIOOL1p854 5Azq65+EwhKVul4QMEx6iUi8Qqyeiu93PKGtO9SlRB6LKhb/+isotW90ZRxR3W0wTUou Act9Dz0GtxEtI1UaurG6FkBExsvXh3Y5QWI7FaIBtPfH5yyllJlZefvEBQfJasYRt0JI UbC7ECKq2hQay9oU4Y+Je3g1lMp8LGEtOwi+bKrQ23JOOi/CD1AWK0KMep5o1LSjyhn+ xKf6bnQxQ7VLYjfCtVP/9dfqxfyzCQv1uFu7C+MKKDErGi+JZYtGK0knipmm9VvB0GGz jekw== X-Gm-Message-State: AKGB3mLKPPtQY5mVMuaO7n016z+PoB1Eni43MDOMfHBRi5Vch6/iRsRb CTJU/ag6KP3Egm9HZfQaswUtHs/gMKVGELJhSM0PGA== X-Google-Smtp-Source: ACJfBovoLj4YCHejXMHlcnvCgzxGYiwBxIqIWfIE+Zf2RFu8ha5eiBAc+oP4jzA13cbADP2YpVYPP7OyYg+f2rRDDSo= X-Received: by 10.55.214.144 with SMTP id p16mr56287010qkl.299.1514848129272; Mon, 01 Jan 2018 15:08:49 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.193.93 with HTTP; Mon, 1 Jan 2018 15:08:48 -0800 (PST) From: Dave Taht Date: Mon, 1 Jan 2018 15:08:48 -0800 Message-ID: To: cerowrt-devel@lists.bufferbloat.net Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: [Cerowrt-devel] KASLR: Do we have to worry about other arches than x86? X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jan 2018 23:08:50 -0000 or is this primarily a virtualization bug? http://hn.premii.com/#/article/16046636 "Bad news: the software mitigation is expensive The primary reason for the old Linux behaviour of mapping kernel memory in the same page tables as user memory is so that when the user=E2=80=99s code triggers a system call, fault, or an interrupt fires, i= t is not necessary to change the virtual memory layout of the running process. Since it is unnecessary to change the virtual memory layout, it is further unnecessary to flush highly performance-sensitive CPU caches that are dependant on that layout, primarily the Translation Lookaside Buffer. With the page table splitting patches merged, it becomes necessary for the kernel to flush these caches every time the kernel begins executing, and every time user code resumes executing. For some workloads, the effective total loss of the TLB lead around every system call leads to highly visible slowdowns: @grsecurity measured a simple case where Linux =E2=80=9Cdu -s=E2=80=9D suffered a 50% slowdown on = a recent AMD CPU." --=20 Dave T=C3=A4ht CEO, TekLibre, LLC http://www.teklibre.com Tel: 1-669-226-2619