Prev: [PATCH 2/4] x86: clear XD_DISABLED flag on Intel to regain NX
Next: [PATCH 1/4] x86: rename verify_cpu_64.S to verify_cpu.S
From: Kees Cook on 19 Jun 2010 02:00
This will clear the MSR_IA32_MISC_ENABLE_XD_DISABLE bit so that NX cannot
be inappropriately controlled by the BIOS on Intel CPUs. If NX actually
needs to be disabled, "noexec=off" can be used.

Based on feedback from HPA, this was reworked to extend the existing
"verify_cpu" routines, and to more tightly confine which CPUs will call
MSR_IA32_MISC_ENABLE. Since it includes some re-arrangements of files, I
tried to break the patches up into their logical steps.

-Kees

--
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 | 
Pages: 1
Prev: [PATCH 2/4] x86: clear XD_DISABLED flag on Intel to regain NX
Next: [PATCH 1/4] x86: rename verify_cpu_64.S to verify_cpu.S