On 09/24/2012 01:43 PM, Kees Cook wrote:
>
> How about this...
>
> mem protection : nx smap smep
>
> Maybe the "why" of a cpu feature being missing from the "mem
> protection" line can stay in printk?
>
Come to think about it, since we use setup_set/clear_cpu_cap we aready
don't list the feat
On Mon, Sep 24, 2012 at 1:31 PM, H. Peter Anvin wrote:
> On 09/22/2012 04:32 AM, Ingo Molnar wrote:
>>
>> * H. Peter Anvin wrote:
>>
>>> On 09/21/2012 03:08 PM, Dave Jones wrote:
Perhaps add a printk somewhere to show that it's actually been enabled
maybe ?
Also, would i
On 09/22/2012 04:32 AM, Ingo Molnar wrote:
>
> * H. Peter Anvin wrote:
>
>> On 09/21/2012 03:08 PM, Dave Jones wrote:
>>>
>>> Perhaps add a printk somewhere to show that it's actually been enabled
>>> maybe ?
>>>
>>> Also, would it be feasible to add something like we have for test_nx ?
>>> If
* H. Peter Anvin wrote:
> On 09/21/2012 03:08 PM, Dave Jones wrote:
> >
> > Perhaps add a printk somewhere to show that it's actually been enabled
> > maybe ?
> >
> > Also, would it be feasible to add something like we have for test_nx ?
> > If this feature regresses in some way in the future
"H. Peter Anvin" writes:
> On 09/21/2012 03:07 PM, Eric W. Biederman wrote:
>>
>> Have you tested kexec in this environment?
>>
>> This is the kind of cpu feature that when we enable it, frequently we
>> have to do something on the kexec path.
>>
>> At a quick skim it looks like the kexec path
On 09/21/2012 03:07 PM, Eric W. Biederman wrote:
>
> Have you tested kexec in this environment?
>
> This is the kind of cpu feature that when we enable it, frequently we
> have to do something on the kexec path.
>
> At a quick skim it looks like the kexec path is using kernel page table
> entrie
On 09/21/2012 03:08 PM, Dave Jones wrote:
>
> Perhaps add a printk somewhere to show that it's actually been enabled maybe ?
>
> Also, would it be feasible to add something like we have for test_nx ?
> If this feature regresses in some way in the future, I suspect we'd like
> to know about it soo
On Fri, Sep 21, 2012 at 12:43:04PM -0700, H. Peter Anvin wrote:
> Supervisor Mode Access Prevention (SMAP) is a new security feature
> disclosed by Intel in revision 014 of the Intel® Architecture
> Instruction Set Extensions Programming Reference:
>
> http://software.intel.com/sites/default/
"H. Peter Anvin" writes:
> Supervisor Mode Access Prevention (SMAP) is a new security feature
> disclosed by Intel in revision 014 of the Intel® Architecture
> Instruction Set Extensions Programming Reference:
>
> http://software.intel.com/sites/default/files/319433-014.pdf
>
> When SMAP is activ
On 09/21/2012 02:09 PM, Linus Torvalds wrote:
> On Fri, Sep 21, 2012 at 2:03 PM, H. Peter Anvin wrote:
>>
>> A while ago I also did a mockup patch which switched %cr3 to
>> swapper_pg_dir while entering the kernel (basically where the CLAC
>> instructions go, plus the SYSCALL path; a restore was o
On Fri, Sep 21, 2012 at 2:03 PM, H. Peter Anvin wrote:
>
> A while ago I also did a mockup patch which switched %cr3 to
> swapper_pg_dir while entering the kernel (basically where the CLAC
> instructions go, plus the SYSCALL path; a restore was obviously needed,
> too.) The performance was atroci
On 09/21/2012 01:08 PM, Ingo Molnar wrote:
>
> * Linus Torvalds wrote:
>
>> On Fri, Sep 21, 2012 at 12:43 PM, H. Peter Anvin
>> wrote:
>>
>>> Supervisor Mode Access Prevention (SMAP) is a new security
>>> feature disclosed by Intel in revision 014 of the Intel®
>>> Architecture Instruction S
* Linus Torvalds wrote:
> On Fri, Sep 21, 2012 at 12:43 PM, H. Peter Anvin wrote:
>
> > Supervisor Mode Access Prevention (SMAP) is a new security
> > feature disclosed by Intel in revision 014 of the Intel®
> > Architecture Instruction Set Extensions Programming
> > Reference:
>
> Looks go
On 09/21/2012 12:54 PM, Linus Torvalds wrote:
> On Fri, Sep 21, 2012 at 12:43 PM, H. Peter Anvin wrote:
>> Supervisor Mode Access Prevention (SMAP) is a new security feature
>> disclosed by Intel in revision 014 of the Intel® Architecture
>> Instruction Set Extensions Programming Reference:
>
> L
On Fri, Sep 21, 2012 at 12:43 PM, H. Peter Anvin wrote:
> Supervisor Mode Access Prevention (SMAP) is a new security feature
> disclosed by Intel in revision 014 of the Intel® Architecture
> Instruction Set Extensions Programming Reference:
Looks good.
Did this find any bugs, btw? We've had a fe
Supervisor Mode Access Prevention (SMAP) is a new security feature
disclosed by Intel in revision 014 of the Intel® Architecture
Instruction Set Extensions Programming Reference:
http://software.intel.com/sites/default/files/319433-014.pdf
When SMAP is active, the kernel cannot normally access pa
16 matches
Mail list logo