search for: rowhammer

I did see the note that this has not been demonstrated in a real-world scenario and that ASLR is also a mitigation approach. I was wondering if the team had considered the pattern match recommendation in the paper. Would this approach cause any compatibility issues? Or does the OpenSSH team saw any other concerns in implementing those changes? Thank you, Alex

Hi I'm a privacy distro maintainer investigating the implications of the newly published nethammer attack [0] on KVM guests particularly the virtio-net drivers. The summary of the paper is that rowhammer can be remotely triggered by feeding susceptible* network driver crafted traffic. This attack can do all kinds of nasty things such as modifying SSL certs on the victim system. * Susceptible drivers are those relying on Intel CAT, uncached memory or the clflush instruction. My question is, do vir...

On Tue, Jun 23, 2020 at 04:59:14PM +0200, Joerg Roedel wrote: > On Tue, Jun 23, 2020 at 04:53:44PM +0200, Peter Zijlstra wrote: > > +noinstr void idtentry_validate_ist(struct pt_regs *regs) > > +{ > > + if ((regs->sp & ~(EXCEPTION_STKSZ-1)) == > > + (_RET_IP_ & ~(EXCEPTION_STKSZ-1))) > > + die("IST stack recursion", regs, 0); > > +}

...own regs->sp too. > That shouldn't be possible with the current code, I think. NMI; #MC; Anything which IRET but isn't fatal - #DB, or #BP from patching, #GP from *_safe(), etc; NMI Sure its a corner case, but did you hear that IST is evil? ~Andrew P.S. did you also hear that with Rowhammer, userspace has a nonzero quantity of control over generating #MC, depending on how ECC is configured on the platform.

...nd #PF. Like I wrote, its broken vs #MC. But Joerg was talking about IST recursion with NMI in the middle, something like: #DB, NMI, #DB, and not already being fatal. This one in particular is ruled out by #DB itself clearing DR7 (but NMI would also do that). > P.S. did you also hear that with Rowhammer, userspace has a nonzero > quantity of control over generating #MC, depending on how ECC is > configured on the platform. Yes, excellent stuff.

On Sat, May 19, 2018 at 12:42:14AM +0000, procmem wrote: > Hi I'm a privacy distro maintainer investigating the implications of the > newly published nethammer attack [0] on KVM guests particularly the > virtio-net drivers. The summary of the paper is that rowhammer can be > remotely triggered by feeding susceptible* network driver crafted > traffic. This attack can do all kinds of nasty things such as modifying > SSL certs on the victim system. > > * Susceptible drivers are those relying on Intel CAT, uncached memory or > the clflush instru...

https://bugzilla.mindrot.org/show_bug.cgi?id=3656 Bug ID: 3656 Summary: How to fix row hammer attacks? Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: security Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

Hello! I'm sorry in advance if I'm asking stupid questions, this is my first time dealing with a development list, so please excuse me if something is wrong with this message... I'm pretty interested in the OpenSSH codebase, and a couple of questions arose while I was investigating it, and I guess this is the place where I can find answers. 1. There are a lot of allocations, even for