On 01/11/2018 10:21 AM, Alexei Starovoitov wrote: >> I was thinking that maybe we should add a new field or two to pt_regs. >> They could store CR2 and maybe CR3 as well. I'd also like to expose >> the error code of exceptions in stack traces. We should get this >> integrated right into the unwinder. > hmm. Exposing cr3 to user space will make it trivial for user process > to know whether kpti is active. Not sure how exploitable such > information leak.
It also gives userspace a pretty valuable physical address to go after. That, plus a KASLR defeat gives you a known-valuable virtual address to target. That's no good. I think CR3 is a non-starter.
