Re: [PATCH] x86: add UMIP support

Hi Jan, On Thu, 2016-11-17 at 07:52 +0100, Ingo Molnar wrote: > * Jan Beulich wrote: > > > This is a small aid to security, hiding in particular the kernel address > > information otherwise available through SGDT/SIDT. > > > > Signed-off-by: Jan Beulich >

Re: [PATCH] x86: add UMIP support

Hi Jan, On Thu, 2016-11-17 at 07:52 +0100, Ingo Molnar wrote: > * Jan Beulich wrote: > > > This is a small aid to security, hiding in particular the kernel address > > information otherwise available through SGDT/SIDT. > > > > Signed-off-by: Jan Beulich > > --- > > Main question here is

Re: [PATCH] x86: add UMIP support

* Jan Beulich wrote: > This is a small aid to security, hiding in particular the kernel address > information otherwise available through SGDT/SIDT. > > Signed-off-by: Jan Beulich > --- > Main question here is whether to limit this to 64-bit (or at least

Re: [PATCH] x86: add UMIP support

* Jan Beulich wrote: > This is a small aid to security, hiding in particular the kernel address > information otherwise available through SGDT/SIDT. > > Signed-off-by: Jan Beulich > --- > Main question here is whether to limit this to 64-bit (or at least > !CONFIG_VM86) for the time being, or

[PATCH] x86: add UMIP support

This is a small aid to security, hiding in particular the kernel address information otherwise available through SGDT/SIDT. Signed-off-by: Jan Beulich --- Main question here is whether to limit this to 64-bit (or at least !CONFIG_VM86) for the time being, or to disable it

[PATCH] x86: add UMIP support

This is a small aid to security, hiding in particular the kernel address information otherwise available through SGDT/SIDT. Signed-off-by: Jan Beulich --- Main question here is whether to limit this to 64-bit (or at least !CONFIG_VM86) for the time being, or to disable it while running VM86 mode