On Tue, Apr 9, 2013 at 11:39 AM, H. Peter Anvin <[email protected]> wrote: > On 04/09/2013 11:31 AM, Kees Cook wrote: >>>> ... >>>> 0xffff880001e00000-0xffff88001fe00000 480M RW PSE GLB >>>> NX pmd >>>> >>> >>> That is the 1:1 memory map area... >> >> Meaning what? >> >> -Kees >> > > That's the area in which we just map 1:1 to memory. Anything allocated > with e.g. kmalloc() ends up with those addresses.
Ah-ha! Yes, I see now when comparing the debug/kernel_page_tables reports. It's just the High Kernel Mapping that we care about. Addresses outside that range are less of a leak. Excellent, then GDT may not be a problem. Whew. Does the v2 IDT patch look okay, BTW? -Kees -- Kees Cook Chrome OS Security _______________________________________________ Virtualization mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/virtualization
