[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [kernel-hardening] Re: [PATCH] x86: make IDT read-only
On Tue, Apr 9, 2013 at 11:46 AM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > On Tue, Apr 9, 2013 at 11:39 AM, H. Peter Anvin <hpa@xxxxxxxxx> wrote: >> On 04/09/2013 11:31 AM, Kees Cook wrote: >>>>> ... >>>>> 0xffff880001e00000-0xffff88001fe00000 480M RW PSE GLB >>>>> NX pmd >>>>> >>>> >>>> That is the 1:1 memory map area... >>> >>> Meaning what? >>> >>> -Kees >>> >> >> That's the area in which we just map 1:1 to memory. Anything allocated >> with e.g. kmalloc() ends up with those addresses. > > Ah-ha! Yes, I see now when comparing the debug/kernel_page_tables > reports. It's just the High Kernel Mapping that we care about. > Addresses outside that range are less of a leak. Excellent, then GDT > may not be a problem. Whew. The GDT is a problem if the address returned by 'sgdt' is kernel-writable - it doesn't necessarily reveal the random offset, but I'm pretty sure that writing to the GDT could cause privilege escalation. > > Does the v2 IDT patch look okay, BTW? > > -Kees > > -- > Kees Cook > Chrome OS Security _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |