Re: [RFC] x86/mm/KASLR: Remap GDTs at fixed location

From: Thomas Garnier
Date: Fri Jan 06 2017 - 13:04:04 EST


On Thu, Jan 5, 2017 at 10:49 PM, Ingo Molnar <mingo@xxxxxxxxxx> wrote:
>
> * Thomas Garnier <thgarnie@xxxxxxxxxx> wrote:
>
>> >> Not sure I fully understood and I don't want to miss an important point. Do
>> >> you mean making GDT (remapping and per-cpu) read-only and switch the
>> >> writeable flag only when we write to the per-cpu entry?
>> >
>> > What I mean is: write to the GDT through normal percpu access (or whatever the
>> > normal mapping is) but load a read-only alias into the GDT register. As long
>> > as nothing ever tries to write through the GDTR alias, no page faults will be
>> > generated. So we just need to make sure that nothing ever writes to it
>> > through GDTR. AFAIK the only reason the CPU ever writes to the address in
>> > GDTR is to set an accessed bit.
>>
>> A write is made when we use load_TR_desc (ltr). I didn't see any other yet.
>
> Is this write to the GDT, generated by the LTR instruction, done unconditionally
> by the hardware?
>

That was my experience. I didn't look into details. Do you think we
could change something so that ltr never writes to the GDT? (just mark
the TSS entry busy).

> Thanks,
>
> Ingo



--
Thomas