On Mon, May 04, 2020 at 12:41:29PM +0200, Borislav Petkov wrote: > On Tue, Apr 28, 2020 at 05:16:22PM +0200, Joerg Roedel wrote: > > + /* Reload CS so IRET returns to a CS actually in the GDT */ > > + pushq $__KERNEL_CS > > + leaq .Lon_kernel_cs(%rip), %rax > > + pushq %rax > > + lretq > > + > > +.Lon_kernel_cs: > > + > > /* > > * paging_prepare() sets up the trampoline and checks if we need to > > * enable 5-level paging. > > -- > > So I'm thinking I should take this one even now on the grounds that > it sanitizes CS to something known-good than what was there before and > who knows what set it and loaded the kernel...? > > And that is a good thing in itself. Right, sure. CS is basically undefined at this point and depends on what loaded the kernel (EFI, legacy boot code, some container runtime...), so setting it to something known is definitly good. Regards, Joerg _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
