On 04/08/2013 03:43 PM, Kees Cook wrote: > This makes the IDT unconditionally read-only. This primarily removes > the IDT from being a target for arbitrary memory write attacks. It has > an added benefit of also not leaking (via the "sidt" instruction) the > kernel base offset, if it has been relocated. > > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > Cc: Eric Northup <digitaleric@xxxxxxxxxx> This isn't quite what this patch does, though, right? There is still a writable IDT mapping at all times, which is different from a true readonly IDT, no? -hpa _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
