|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-devel] grsecurity +XEN w/o HVM
Thanks very much, It appears to have done the trick, at least on x86_64. I wish I could get the i386 grsec kernel too boot so I could test it there too! :-). John A. -----Original Message----- From: Keir Fraser [mailto:Keir.Fraser@xxxxxxxxxxxx] Sent: Tuesday, June 27, 2006 2:02 AM To: John Anderson Cc: xen-devel@xxxxxxxxxxxxxxxxxxx Subject: Re: [Xen-devel] grsecurity +XEN w/o HVM > I surrounded the tss_struct declaration and the > tss->esp0/current->thread.esp0 assignments with #ifdef > CONFIG_X86_NO_TSS lines to get the kernel to compile. That completely > defeats the purpose of this function which is to randomize the kernel > stack. What is available in Xen that is comparable to the capacity > that struct tss_struct is used in if CONFIG_X86_NO_TSS is defined? > > Any ideas would be greatly appreciated. > Only the declaration and uses of the 'tss' local variable should be CONFIG_X86_NO_TSS. You'll still need to modify current->thread.esp0, and then execute HYPERVISOR_stack_switch(KERNEL_DS, current->thread.esp0). -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |