From: Dave Jones <davej@redhat.com>
To: Andi Kleen <andi@firstfloor.org>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>,
Hajime Inoue <hinoue@ccsl.carleton.ca>,
linux-kernel@vger.kernel.org
Subject: Re: System call interposition/unprotecting the table
Date: Fri, 17 Aug 2007 10:19:00 -0400 [thread overview]
Message-ID: <20070817141900.GA7223@redhat.com> (raw)
In-Reply-To: <20070814224835.GJ23308@one.firstfloor.org>
On Wed, Aug 15, 2007 at 12:48:35AM +0200, Andi Kleen wrote:
> > > In general the .data protection is only considered a debugging
> > > feature. I don't know why Fedora enables it in their production
> > > kernels.
> >
> > That would be because we think you are wrong 8)
>
> Well, it might at best buy you a few weeks/months in
> terms of the exploit arms race, but thrash your user's TLBs
> forever.
Show me a single situation where this matters.
When we first enabled, we tried both benchmarks and real-world
loads, and it didn't matter at all. Unless something fundamental
has changed since then, the story should still be the same.
Dave
--
http://www.codemonkey.org.uk
next prev parent reply other threads:[~2007-08-17 14:19 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-13 22:05 System call interposition/unprotecting the table hinoue
2007-08-13 23:09 ` Alan Cox
2007-08-14 5:12 ` Avi Kivity
2007-08-14 11:34 ` Alan Cox
2007-08-14 14:22 ` James Morris
2007-08-14 17:27 ` Hajime Inoue
2007-08-14 17:48 ` Alan Cox
2007-08-14 17:57 ` Arjan van de Ven
2007-08-14 19:50 ` Andi Kleen
2007-08-14 21:09 ` Jan Engelhardt
2007-08-14 22:42 ` Alan Cox
2007-08-14 22:48 ` Andi Kleen
2007-08-17 14:19 ` Dave Jones [this message]
2007-08-18 10:37 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070817141900.GA7223@redhat.com \
--to=davej@redhat.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=andi@firstfloor.org \
--cc=hinoue@ccsl.carleton.ca \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox