On Thu, Jan 5, 2017 at 3:05 PM, Linus Torvalds <torva...@linux-foundation.org> wrote: > On Thu, Jan 5, 2017 at 12:18 PM, Andy Lutomirski <l...@kernel.org> wrote: >> >> Hmm. I bet that if we preset the accessed bits in all the segments >> then we don't need it to be writable in general. > > I'm not sure that this is architecturally safe. > > IIRC, we do mark the IDT read-only - but that one we started doing due > to the f00f bug, so we knew it was ok. I'm not sure you can do the > same with the GDT/LDT. >
I started testing a variant that make the GDT remapping read-only by default and writeable only for LTR. Everything works fine, even hibernation. I need to do more testing though on different architectures. To be on the safe side, I could separate the read-only part in a separate patch so we can easily remove it if extended testing show something. > Linus -- Thomas
