On 04/08/2013 03:43 PM, Kees Cook wrote: > This makes the IDT unconditionally read-only. This primarily removes > the IDT from being a target for arbitrary memory write attacks. It has > an added benefit of also not leaking (via the "sidt" instruction) the > kernel base offset, if it has been relocated. > > Signed-off-by: Kees Cook <keesc...@chromium.org> > Cc: Eric Northup <digitale...@google.com>
Also, tglx: does this interfere with your per-cpu IDT efforts? -hpa _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization