Re: [kernel-hardening] Re: [PATCH] x86: make IDT read-only

From: H. Peter Anvin
Date: Tue Apr 09 2013 - 14:57:09 EST

Next message: Tejun Heo: "Re: dm-crypt parallelization patches"
Previous message: Arnd Bergmann: "Re: [PATCH 6/8] dmaengine: ste_dma40: Move LCPA allocation and real-time config"
In reply to: H. Peter Anvin: "Re: [Xen-devel] Readonly GDT"
Next in thread: Kees Cook: "Re: [kernel-hardening] Re: [PATCH] x86: make IDT read-only"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 04/09/2013 11:46 AM, Kees Cook wrote:
>
> Ah-ha! Yes, I see now when comparing the debug/kernel_page_tables
> reports. It's just the High Kernel Mapping that we care about.
> Addresses outside that range are less of a leak. Excellent, then GDT
> may not be a problem. Whew.
>

It does beg the question if we need to randomize kmalloc... which could
have issues by itself.

-hpa

--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel. I don't speak on their behalf.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tejun Heo: "Re: dm-crypt parallelization patches"
Previous message: Arnd Bergmann: "Re: [PATCH 6/8] dmaengine: ste_dma40: Move LCPA allocation and real-time config"
In reply to: H. Peter Anvin: "Re: [Xen-devel] Readonly GDT"
Next in thread: Kees Cook: "Re: [kernel-hardening] Re: [PATCH] x86: make IDT read-only"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]