Re: [RFC] x86/mm/KASLR: Remap GDTs at fixed location

From: Thomas Garnier
Date: Thu Jan 05 2017 - 18:24:30 EST

Next message: Raj, Ashok: "Re: Dell XPS13: MCE (Hardware Error) reported"
Previous message: Jerome Glisse: "Re: Enabling peer to peer device transactions for PCIe devices"
In reply to: Linus Torvalds: "Re: [RFC] x86/mm/KASLR: Remap GDTs at fixed location"
Next in thread: Andy Lutomirski: "Re: [RFC] x86/mm/KASLR: Remap GDTs at fixed location"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 5, 2017 at 3:05 PM, Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Thu, Jan 5, 2017 at 12:18 PM, Andy Lutomirski <luto@xxxxxxxxxx> wrote:
>>
>> Hmm. I bet that if we preset the accessed bits in all the segments
>> then we don't need it to be writable in general.
>
> I'm not sure that this is architecturally safe.
>
> IIRC, we do mark the IDT read-only - but that one we started doing due
> to the f00f bug, so we knew it was ok. I'm not sure you can do the
> same with the GDT/LDT.
>

I started testing a variant that make the GDT remapping read-only by
default and writeable only for LTR. Everything works fine, even
hibernation. I need to do more testing though on different
architectures.

To be on the safe side, I could separate the read-only part in a
separate patch so we can easily remove it if extended testing show
something.

> Linus

--
Thomas

Next message: Raj, Ashok: "Re: Dell XPS13: MCE (Hardware Error) reported"
Previous message: Jerome Glisse: "Re: Enabling peer to peer device transactions for PCIe devices"
In reply to: Linus Torvalds: "Re: [RFC] x86/mm/KASLR: Remap GDTs at fixed location"
Next in thread: Andy Lutomirski: "Re: [RFC] x86/mm/KASLR: Remap GDTs at fixed location"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]