[kentonv]

I don't think this issue is related to rowhammer. I think people have been speculating about rowhammer because it's a famous hardware bug, but none of the details of page table isolation seem to align with a rowhammer-based attack.

[kevin_thibedeau]

This enables the first step in a rowhammer attack: identify the privileged address you want to target.

[kentonv]

Oh, are you thinking the KASLR bypass is actually the main problem, because it allows targeted rowhammer? I'm not sure if that's really true, since a KASLR bypass would give you a virtual address, and rowhammer would care more about physical addresses.

But in any case, the KASLR bypass is not the main vulnerability here. KASLR is widely seen as too leaky to be really useful. Linux would not rush out a >5% performance hit just to fix one of the many leaks.