On Mon, 8 Apr 2013, H. Peter Anvin wrote:
> On 04/08/2013 03:43 PM, Kees Cook wrote:
> > This makes the IDT unconditionally read-only. This primarily removes
> > the IDT from being a target for arbitrary memory write attacks. It has
> > an added benefit of also not leaking (via the "sidt" instruction) the
> > kernel base offset, if it has been relocated.
> >
> > Signed-off-by: Kees Cook <keesc...@chromium.org>
> > Cc: Eric Northup <digitale...@google.com>
>
> Also, tglx: does this interfere with your per-cpu IDT efforts?
I don't think so. And it's on the backburner at the moment.
Thanks,
tglx
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
