grsecurity · Jan 24, 2018 · 12:34 AM UTC

grsecurity

grsecurity @grsecurity

24 Jan 2018

We continue to work on the 4.4 backport of UDEREF, completely replacing KAISER and making us unaffected by any future issues discovered in the upstream backported code. A customer-only knowledge base has been launched at grsecurity.net/docs/ with the latest info #grsecurity

Jörg Rödel (@joro@fosstodon.org) · Jan 26, 2018 · 12:20 PM UTC

Jörg Rödel (@joro@fosstodon.org) @joergroedel

26 Jan 2018

Not affected by upstream bugs, but still by #Meltdown marc.info/?l=linux-kernel&m=…

PaX Team · Jan 26, 2018 · 2:00 PM UTC

PaX Team @paxteam

26 Jan 2018

i backported our UDEREF/amd64 solution to 4.4 since it's a natural fit for address space separation (have had the logic for other purposes since 2009 or so). as for i386, how do you know if the segmentation based approach fails on CPUs that aren't 64 bit capable?

Jörg Rödel (@joro@fosstodon.org) · Jan 26, 2018 · 3:18 PM UTC

Jörg Rödel (@joro@fosstodon.org) @joergroedel

26 Jan 2018

Doesn't matter. There are people running 32-bit kernels on 64-bit capable hardware too.

PaX Team · Jan 26, 2018 · 3:32 PM UTC

PaX Team · Jan 26, 2018 · 3:32 PM UTC

PaX Team @paxteam

26 Jan 2018

Replying to @joergroedel @grsecurity

and of course if they're now supposed to swallow the perf impact of KAISER/PTI, they can just switch to a 64 bit kernel and call it a day. whatever way i look at it, we're covered, unlike upstream. really a shame for you guys having spent so much time and still come up short...

Jan 26, 2018 · 3:32 PM UTC