Kees posted that one too.
Andi Kleen wrote:
>Ingo Molnar writes:
>>
>> This looks very nice to me now. Peter, any objections?
>
>it seems pointless without randomized main kernel text location,
>because
>the IDT will be still at a known per kernel fixed writable location in
>the direct mapping.
Ingo Molnar writes:
>
> This looks very nice to me now. Peter, any objections?
it seems pointless without randomized main kernel text location, because
the IDT will be still at a known per kernel fixed writable location in
the direct mapping.
As long as such randomization is not there it just wa
* Kees Cook wrote:
> Make a copy of the IDT (as seen via the "sidt" instruction) read-only.
> This primarily removes the IDT from being a target for arbitrary memory
> write attacks, and has the added benefit of also not leaking the kernel
> base offset, if it has been relocated.
>
> We already
3 matches
Mail list logo
