Maxime Villard wrote: > In the first mail, you said that it was better to have a all-or-nothing > sysctl, which is *exactly* what I just committed.
Yes, sysctl is better than giving rdtsc to root only. But "better" alone isn't strong enough to count me as a supporter. > In the second one, as a reply to me, you were indeed talking about > more granular control -- but with vdso, which we don't have, so > it's basically not doable. IMO, it's more important to have vdso than to control rdtsc. > (PS: there is no point in having it done in a note section either, since > unpriv user can still create a binary with rdtsc enabled and side channel > the kernel.) Mount all user-writable partitions with noexec. -- Alex
