On Thu, Jan 5, 2017 at 10:56 AM, Arjan van de Ven <ar...@linux.intel.com> wrote: > On 1/5/2017 8:40 AM, Thomas Garnier wrote: >> >> Well, it happens only when KASLR memory randomization is enabled. Do >> you think it should have a separate config option? > > > no I would want it a runtime option.... "sgdt from ring 3" is going away > with UMIP (and is already possibly gone in virtual machines, see > https://lwn.net/Articles/694385/) and for those cases it would be a shame > to lose the randomization >
That's correct. When UMIP is enabled, we should disable fixed location for both GDT and IDT. Glad to do that when UMIP support is added. -- Thomas
