Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 25 Jul 2017 10:57:34 +0300
From: Hans Liljestrand <liljestrandh@...il.com>
To: Kees Cook <keescook@...omium.org>
Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>,
	"Reshetova, Elena" <elena.reshetova@...el.com>,
	Dave Hansen <dave.hansen@...el.com>,
	"H. Peter Anvin" <hpa@...or.com>
Subject: Re: [RFC PATCH 4/5] x86: MPXK base

On Mon, Jul 24, 2017 at 07:48:03PM -0700, Kees Cook wrote:
>On Mon, Jul 24, 2017 at 6:38 AM, Hans Liljestrand
><liljestrandh@...il.com> wrote:
>> Enable and add needed support functionality for ring 0 MPX. MPXK is
>> enabled in init/main.c by setting the BNDCFGS MSR registers. This also
>> includes the mpxk_load_bounds implementation and error handling code for
>> MPX errors, i.e. bound violations.
>
>Maybe I missed it somewhere else, but this seems like there is no CPU
>feature flag testing. I'd expect runtime alternatives or something to
>disable this dynamically if the CPU didn't support it.

No, it seems I missed it :)

(although I am sure I had a test in there at some point)

Thanks for catching this!

-hans

>
>-Kees
>
>-- 
>Kees Cook
>Pixel Security

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.