From patchwork Tue Feb 26 23:36:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10830933 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A62061390 for ; Tue, 26 Feb 2019 23:37:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 919012D734 for ; Tue, 26 Feb 2019 23:37:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 84E8B2D739; Tue, 26 Feb 2019 23:37:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id C36462D734 for ; Tue, 26 Feb 2019 23:37:27 +0000 (UTC) Received: (qmail 32362 invoked by uid 550); 26 Feb 2019 23:37:10 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 32129 invoked from network); 26 Feb 2019 23:37:08 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id; bh=jSZgJudrM5m8qRDb6mLMsIQpowkW9zj+Jyi847C46W4=; b=NTI4zYljQwhgGhws5FsjIhRy0mTJhBCzvvkBhh5rFJkV7hzk3M2e5L8CItzwMPXX4K oozTdwF/aPXCevV0LKHDXUFbeZ3zYVNUsQdYjXlEQNv9tZOvQZbgJ6/YP0vCCmZs43Bz Aj8wWAjAYKVxnwtkDmmrEtr3Y7lhhFU1JKPcE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=jSZgJudrM5m8qRDb6mLMsIQpowkW9zj+Jyi847C46W4=; b=J1zHLpNack++YHW3pMoJHYhzlpAFhaJYSwmq8YKf4IXis6cW1YHTvLswI7YRG4bFm5 f9wLyMB4wOnizHyg5DKRFxnDJwRYW6uvsVdLwd6rr804SXUqlpMaj8aq2/xLJ9dakG6n aK5e09+F4TzmwbRMMpd/DjsovG4qQoVZMpzSupJPj/gXy9b+ROKstnyYF+iWJWUXll+a kC0jr65ijlP4sbrRzr+O1u/ZKgtahhgl4cx8LGVGIq0TTcZKUqYTCGl9Ori6bAgc3BW4 +X9TiXlXLYTl0xWzWboTo6ZW3bY/knx/HAhy+8XDU3ha+p6TUJQrEMkNpr3gPI6LXxO3 /N4w== X-Gm-Message-State: AHQUAubNBsgSphQCsgi10qEq07BvksiDnI0lbQ6WNIMrLRNhK16zvn4W Mi2tmYC5k3JE67GjUdeeyI38wA== X-Google-Smtp-Source: AHgI3IagwOi8d8Yc8CqzB7DHOUxlkrn6Z+QYE6ghnOkDZ8+auNgE01cZdXF4ItbK4kd5cp66yJfmPA== X-Received: by 2002:a17:902:2aaa:: with SMTP id j39mr29433062plb.335.1551224216261; Tue, 26 Feb 2019 15:36:56 -0800 (PST) From: Kees Cook To: Thomas Gleixner Cc: Kees Cook , Peter Zijlstra , Jann Horn , Sean Christopherson , Dominik Brodowski , Kernel Hardening , linux-kernel@vger.kernel.org Subject: [PATCH 0/3] x86/asm: More pinning Date: Tue, 26 Feb 2019 15:36:44 -0800 Message-Id: <20190226233647.28547-1-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 X-Virus-Scanned: ClamAV using ClamSMTP This adds CR0 pinning (for WP), and cleans up the CR4 pin to avoid taking an exception from WARN before fixing up the desired pin. Additionally adds lkdtm test (which depends on the CR4 patch, otherwise I'd send it via Greg's tree). Thanks! -Kees Kees Cook (3): x86/asm: Pin sensitive CR0 bits x86/asm: Avoid taking an exception before cr4 restore lkdtm: Check for SMEP clearing protections arch/x86/include/asm/special_insns.h | 33 +++++++++++++-- drivers/misc/lkdtm/bugs.c | 60 ++++++++++++++++++++++++++++ drivers/misc/lkdtm/core.c | 1 + drivers/misc/lkdtm/lkdtm.h | 1 + 4 files changed, 91 insertions(+), 4 deletions(-)