* Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > That's the area in which we just map 1:1 to memory. Anything allocated with > > e.g. kmalloc() ends up with those addresses. > > Ah-ha! Yes, I see now when comparing the debug/kernel_page_tables reports. It's > just the High Kernel Mapping that we care about. Addresses outside that range > are less of a leak. Excellent, then GDT may not be a problem. Whew. It's still an infoleak to worry about: any function pointers nearby matter, and the x86 GDT is obviously full of useful and highly privilege-relevant function pointers ... I have no objections against read-only mapping the GDT as well. Thanks, Ingo _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
