On Fri, Jan 6, 2017 at 11:45 PM, Ingo Molnar <mi...@kernel.org> wrote: > > * Andy Lutomirski <l...@kernel.org> wrote:
>> P.S. Let's do the move to the fixmap, read/write as a separate patch. That >> will >> make bisecting much easier. > > Absolutely, but this has to be within the same series, as the interim > fixmap-only > step is less secure in some circumstances: we are moving the writable GDT > from a > previously randomized location to a fixed location. True, but despite being randomized its location was never even remotely secret. (Except on Kaby Lake or Foobar Lake or whatever CPU that is.) --Andy
