Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function

From: Dave Hansen
Date: Fri Jun 07 2019 - 12:44:00 EST

Next message: Linus Torvalds: "Re: [GIT PULL] apparmor bug fixes for v5.3-rc4"
Previous message: Nadav Amit: "Re: [bug report][stable] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)"
In reply to: Andy Lutomirski: "Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function"
Next in thread: Yu-cheng Yu: "Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/7/19 9:35 AM, Andy Lutomirski wrote:
> One might reasonably wonder why this state is privileged in the first
> place and, given that, why weâre allowing it to be written like
> this.

I think it's generally a good architectural practice to make things like
this privileged. They're infrequent so can survive the cost of a trip
in/out of the kernel and are a great choke point to make sure the OS is
involved. I wish we had the same for MPX or pkeys per-task "setup".

Next message: Linus Torvalds: "Re: [GIT PULL] apparmor bug fixes for v5.3-rc4"
Previous message: Nadav Amit: "Re: [bug report][stable] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)"
In reply to: Andy Lutomirski: "Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function"
Next in thread: Yu-cheng Yu: "Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]