Kees posted that one too.
Andi Kleen wrote:
>Ingo Molnar writes:
>>
>> This looks very nice to me now. Peter, any objections?
>
>it seems pointless without randomized main kernel text location,
>because
>the IDT will be still at a known per kernel fixed writable location in
>the direct
Ingo Molnar writes:
>
> This looks very nice to me now. Peter, any objections?
it seems pointless without randomized main kernel text location, because
the IDT will be still at a known per kernel fixed writable location in
the direct mapping.
As long as such randomization is not there it just
* Kees Cook wrote:
> Make a copy of the IDT (as seen via the "sidt" instruction) read-only.
> This primarily removes the IDT from being a target for arbitrary memory
> write attacks, and has the added benefit of also not leaking the kernel
> base offset, if it has been relocated.
>
> We
* Kees Cook keesc...@chromium.org wrote:
Make a copy of the IDT (as seen via the sidt instruction) read-only.
This primarily removes the IDT from being a target for arbitrary memory
write attacks, and has the added benefit of also not leaking the kernel
base offset, if it has been relocated.
Ingo Molnar mi...@kernel.org writes:
This looks very nice to me now. Peter, any objections?
it seems pointless without randomized main kernel text location, because
the IDT will be still at a known per kernel fixed writable location in
the direct mapping.
As long as such randomization is not
Kees posted that one too.
Andi Kleen a...@firstfloor.org wrote:
Ingo Molnar mi...@kernel.org writes:
This looks very nice to me now. Peter, any objections?
it seems pointless without randomized main kernel text location,
because
the IDT will be still at a known per kernel fixed writable
Make a copy of the IDT (as seen via the "sidt" instruction) read-only.
This primarily removes the IDT from being a target for arbitrary memory
write attacks, and has the added benefit of also not leaking the kernel
base offset, if it has been relocated.
We already did this on vendor == Intel and
Make a copy of the IDT (as seen via the sidt instruction) read-only.
This primarily removes the IDT from being a target for arbitrary memory
write attacks, and has the added benefit of also not leaking the kernel
base offset, if it has been relocated.
We already did this on vendor == Intel and
8 matches
Mail list logo