Side-channel attacks (Meltdown, Spectre)
Alexander Boettcher
alexander.boettcher at ...1...
Fri Jan 5 22:38:39 CET 2018
> I am not following the recent development of all those kernels, so I
> think it's best to directly consult the individual developers/teams for
> statements (like the one from Stefan above).
>
> For my part, I can tell you that the NOVA microhypervisor (at least the
> official version) does not map physical RAM into the kernel virtual address
> space, other than the RAM in which microhypervisor itself resides. NOVA maps
> certain devices (like APIC, IOMMU), but those can't be speculatively
> accessed anyway. I cannot comment on modified NOVA versions.
I for my part, can confirm that the slightly, cough, modified NOVA
version [1], as used by Genode, kept the original behavior of the
official NOVA version [0] in that regard.
> Some commercial kernels and L4/Fiasco certainly used to map as much physical
> memory as can fit into the kernel address space. Not sure if Fiasco.OC
> retains that behavior. Check for Physmem in class Mem_layout.
>
> Also any kernel that performs certain things like long IPC via a lazily
> flushed IPC window may have transient mappings of memory belonging
> to other user processes.
Thanks for the insights,
Alex.
[0] https://github.com/udosteinberg/NOVA
[1] https://github.com/alex-ab/NOVA/tree/r9
--
Alexander Boettcher
Genode Labs
http://www.genode-labs.com - http://www.genode.org
Genode Labs GmbH - Amtsgericht Dresden - HRB 28424 - Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.genode.org/pipermail/users/attachments/20180105/1cb1e012/attachment.sig>
More information about the users
mailing list