From patchwork Wed Feb 27 20:01:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10832283 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CBDAB139A for ; Wed, 27 Feb 2019 20:02:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BE4BC2E7E4 for ; Wed, 27 Feb 2019 20:02:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B15792E85B; Wed, 27 Feb 2019 20:02:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 028A22E7E4 for ; Wed, 27 Feb 2019 20:02:10 +0000 (UTC) Received: (qmail 3686 invoked by uid 550); 27 Feb 2019 20:01:54 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 3538 invoked from network); 27 Feb 2019 20:01:52 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id; bh=V0NeIBsPNBoRD2pFCiw1DUTUXltsyF4/p/mZyc9fLQI=; b=fp3+FJ57juo0JnLnuE7KZJA6ZZ7hs5R8nr3WerpWPi20S7jaQwuZHDD2MOpAocSV2C TMuwF2Nc1TjiyMLdjJU04wYTXorL+JgqSvOTUI7zJW2vEeRW/2mujAATPh4W7k0oxeeS TkSEjXfIhoLLnDz/IktzUySd1S7evA6srfAwU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=V0NeIBsPNBoRD2pFCiw1DUTUXltsyF4/p/mZyc9fLQI=; b=GKYC7lTs02LInnOzL3uZw56iJsiTOzPxu/NKjtg0AsrbCedApmXsIzECRl86WMMIUj qsn7TlubCQixR9UXV+0VwjjJszzmGa3/dBxpUr7TJvp6Q7OaOlsmypj8FLTtk2ePSoCG yyCdVTo1usqWe1mU8oc7Xv8v0cysUeOUJtrK8U50Y5zcQCtnKZw2QfysqnX1p4AGquii P/YuLuCbmtaCLo23D8gkjsn2w/TMSleBX7K9+fhHBXeDaOYSV0WLTV1IxibJQblkd4sm 6wjUFKlCGcCpeUuw5OIn5tDlcQDdQcj3+EiBihdtFSWs0WdlxPMiHJP/NZeb11lBVNdl ObBQ== X-Gm-Message-State: AHQUAuYW8KBNmsFQM7lvxP4disKmiaavX9wuxafAqIo3wVo1we9PL6kc ujHiXnbkjRFukUMyF6ZUWya8PA== X-Google-Smtp-Source: AHgI3Ia0vuHMX7/9qMBiXJ07EZD6cEdVCVqNy+e+uzZ8bxFQOUrzBf5N3KCcOPnd05IbXFAUfbB2fw== X-Received: by 2002:a62:1bd4:: with SMTP id b203mr3395835pfb.144.1551297700845; Wed, 27 Feb 2019 12:01:40 -0800 (PST) From: Kees Cook To: Thomas Gleixner Cc: Kees Cook , Peter Zijlstra , Solar Designer , Greg KH , Jann Horn , Sean Christopherson , Dominik Brodowski , linux-kernel@vger.kernel.org, Kernel Hardening Subject: [PATCH v2 0/3] x86/asm: More pinning Date: Wed, 27 Feb 2019 12:01:29 -0800 Message-Id: <20190227200132.24707-1-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 X-Virus-Scanned: ClamAV using ClamSMTP This adds CR0 pinning (for WP), and cleans up the CR4 pin to avoid taking an exception from WARN before fixing up the desired pin. Additionally adds lkdtm test (which depends on the CR4 patch, otherwise I'd send it via Greg's tree). v2: - include brown-paper-bag fix to lkdtm test in v1 - clean up comments Thanks! -Kees Kees Cook (3): x86/asm: Pin sensitive CR0 bits x86/asm: Avoid taking an exception before cr4 restore lkdtm: Check for SMEP clearing protections arch/x86/include/asm/special_insns.h | 37 ++++++++++++++--- drivers/misc/lkdtm/bugs.c | 61 ++++++++++++++++++++++++++++ drivers/misc/lkdtm/core.c | 1 + drivers/misc/lkdtm/lkdtm.h | 1 + 4 files changed, 95 insertions(+), 5 deletions(-)