On Thu, Feb 26, 2015 at 9:16 PM, Wang Nan <wangn...@huawei.com> wrote: > On 2015/2/27 2:31, Andy Lutomirski wrote: >> On Thu, Feb 26, 2015 at 8:45 AM, Kees Cook <keesc...@chromium.org> wrote: >>> On Thu, Feb 26, 2015 at 7:17 AM, Andy Lutomirski <l...@amacapital.net> >>> wrote: >>>> On Wed, Feb 25, 2015 at 11:06 PM, Wang Nan <wangn...@huawei.com> wrote: >>>>> The reason why mapping idt_table to fixmap area should also be applied >>>>> to debug_idt_table and trace_idt_table. This patch does same thing for >>>>> all IDTs. >>>>> >>>>> Signed-off-by: Wang Nan <wangn...@huawei.com> >>>>> --- >>>>> >>>>> I believe trace_idt_table and debug_idt_table should be symmetrical with >>>>> idt_table. However, Like my previous patch 'x86, traps: install gates >>>>> using IST after cpu_init()', I'm not sure whether this is a practical >>>>> fix. >>>> >>>> It shouldn't matter, since we should never enter userspace with these >>>> IDTs loaded. >>>> >>>> --Andy >>>> >>>> [patch kept below for Kees' benefit] >>> >>> Is there a reason to use fixmap entries for these IDTs? Or rather, is >>> there a situation where these IDTs are ever visible to userspace? (The >>> reason to use the fixmap is to hide their "true" location from >>> userspace.) >> >> There's also the F00F workaround, which IIRC we get for free by using >> the fixmap, but that also shouldn't matter here. >> > > What about a flaw module triggering the F00F bug in kernel space? Instead of > kernel panic, the system will hang. I think tis should be a case for which > my patch can help. However, the trigger condition is critical.
If it solves a real problem, I have no objection. I just wanted to be sure we weren't trivially using up a fixmap entry. -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
