On Thu, Jan 26, 2017 at 8:59 AM, Thomas Garnier <thgar...@google.com> wrote: > Each processor holds a GDT in its per-cpu structure. The sgdt > instruction gives the base address of the current GDT. This address can > be used to bypass KASLR memory randomization. With another bug, an > attacker could target other per-cpu structures or deduce the base of > the main memory section (PAGE_OFFSET). > > This patch relocates the GDT table for each processor inside the > Fixmap section. The space is reserved based on number of supported > processors. > > For consistency, the remapping is done by default on 32 and 64 bit. > > Each processor switches to its remapped GDT at the end of > initialization. For hibernation, the main processor returns with the > original GDT and switches back to the remapping at completion. > > This patch was tested on both architectures. Hibernation and KVM were > both tested specially for their usage of the GDT.
I like this version much better. Thanks! --Andy _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
