"H. Peter Anvin" <hpa@xxxxxxxxx> writes: > On 04/08/2013 03:43 PM, Kees Cook wrote: >> This makes the IDT unconditionally read-only. This primarily removes >> the IDT from being a target for arbitrary memory write attacks. It has >> an added benefit of also not leaking (via the "sidt" instruction) the >> kernel base offset, if it has been relocated. >> >> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> >> Cc: Eric Northup <digitaleric@xxxxxxxxxx> > > Also, tglx: does this interfere with your per-cpu IDT efforts? Given that we don't change any IDT entries why would anyone want a per-cpu IDT? The cache lines should easily be shared accross all processors. Or are there some giant NUMA machines that trigger cache misses when accessing the IDT and the penalty for pulling the cache line across the NUMA fabric is prohibitive? Eric _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
