On Thu, Jan 26, 2017 at 10:52 AM, Andy Lutomirski <l...@amacapital.net> wrote: > On Thu, Jan 26, 2017 at 8:59 AM, Thomas Garnier <thgar...@google.com> wrote: >> Each processor holds a GDT in its per-cpu structure. The sgdt >> instruction gives the base address of the current GDT. This address can >> be used to bypass KASLR memory randomization. With another bug, an >> attacker could target other per-cpu structures or deduce the base of >> the main memory section (PAGE_OFFSET). >> >> This patch relocates the GDT table for each processor inside the >> Fixmap section. The space is reserved based on number of supported >> processors. >> >> For consistency, the remapping is done by default on 32 and 64 bit. >> >> Each processor switches to its remapped GDT at the end of >> initialization. For hibernation, the main processor returns with the >> original GDT and switches back to the remapping at completion. >> >> This patch was tested on both architectures. Hibernation and KVM were >> both tested specially for their usage of the GDT. > > I like this version much better. Thanks!
Thanks for the feedback! I like this version better too. > > --Andy -- Thomas _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel