Received: by 10.192.165.148 with SMTP id m20csp451611imm;
        Wed, 25 Apr 2018 02:11:17 -0700 (PDT)
X-Google-Smtp-Source: AIpwx48qLr5xzhaUneDuGzP2OBt5aeByYwR6ThXKc/91LAhNg7LlqCkp7MT8wFj2oy2ygIVb2gqX
X-Received: by 10.99.188.9 with SMTP id q9mr22842083pge.381.1524647477930;
        Wed, 25 Apr 2018 02:11:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524647477; cv=none;
        d=google.com; s=arc-20160816;
        b=fJYJtgkNPyEZGZAcIPiXCu9CiTtB/sMz9eOscRpp+xAuHdPjTEANmDlb7qhEGuBekg
         roSLuz3ddAwAW/gSHG9sHqgUjIIc1nCkaf16fkDkfBIMwK1Can0hO3TqIrgMA3UhXFmr
         tr+gpdz2KQOiOSAXjRcBIA359pqOf/E+plZPqtRsXlJHwKddpGZ82ufnl6wJ99ltWgAA
         Ut/4hWflRHztng97k6sxjHMUGwJFUO9Mz0lhFb6w+tIFxJKx85B4aoZAsTY1mMDeAGG7
         HTtV0z36eUSM3p/fAl9hBv4ylxR7II0qhVcid7q2ch/K9DYH6C+SHC2p19/X6x5nCuvh
         WDGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-disposition
         :content-transfer-encoding:mime-version:robot-unsubscribe:robot-id
         :git-commit-id:subject:to:references:in-reply-to:reply-to:cc
         :message-id:from:date:arc-authentication-results;
        bh=D2KnatHkP60H55ylGOSunKcmpyjXMevFQObnHxh9/pI=;
        b=AQ9p7uespmN3XvNeqqWhZhyCpDBEOAy7xCr6xVGeE7TMhd7k+MkJ6idi2Hq5W8heNS
         LiUCydHaCWBmDI4zeXnYTFL0WtKOQp4XiRzUL03kSEaWsnf4nWrllMvmXGKDEeLvFfxu
         qsdcrGiL+UJQ9WYBHkTWTNwKaoZmpr5up9AtcKd8ZmFrXaPsS3zRXJUZoY+GPK/K+foD
         HKLr4KWKJTxMngUECIR6DkW0OfbCkHQiBQFXe/VLzNcJ/ZqdNRJXgrY5Mng0g8ploTNu
         NaaH6SzqDqD4xzpkhXsB4KiSXHWRba7ALSpI93BKjy2lf75QgKGA94QD6dDkXHrVes7n
         eQiA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v32-v6si15899497plb.575.2018.04.25.02.11.03;
        Wed, 25 Apr 2018 02:11:17 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751804AbeDYJJl (ORCPT <rfc822;ruroungkernel@gmail.com>
        + 99 others); Wed, 25 Apr 2018 05:09:41 -0400
Received: from terminus.zytor.com ([198.137.202.136]:41161 "EHLO
        terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751274AbeDYJJf (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 25 Apr 2018 05:09:35 -0400
Received: from terminus.zytor.com (localhost [127.0.0.1])
        by terminus.zytor.com (8.15.2/8.15.2) with ESMTP id w3P98biM1423877;
        Wed, 25 Apr 2018 02:08:37 -0700
Received: (from tipbot@localhost)
        by terminus.zytor.com (8.15.2/8.15.2/Submit) id w3P98bQQ1423874;
        Wed, 25 Apr 2018 02:08:37 -0700
Date:   Wed, 25 Apr 2018 02:08:37 -0700
X-Authentication-Warning: terminus.zytor.com: tipbot set sender to tipbot@zytor.com using -f
From:   tip-bot for Dave Hansen <tipbot@zytor.com>
Message-ID: <tip-b7c21bc56fbedf4a61b628c6b11e0d7048746cc1@git.kernel.org>
Cc:     jgross@suse.com, mingo@kernel.org, arjan@linux.intel.com,
        peterz@infradead.org, keescook@google.com, namit@vmware.com,
        aarcange@redhat.com, gregkh@linuxfoundation.org,
        tglx@linutronix.de, jpoimboe@redhat.com, luto@kernel.org,
        hughd@google.com, bp@alien8.de, vbabka@suse.cz,
        dave.hansen@linux.intel.com, dwmw2@infradead.org,
        linux-kernel@vger.kernel.org, torvalds@linux-foundation.org,
        hpa@zytor.com, dan.j.williams@intel.com
Reply-To: tglx@linutronix.de, jpoimboe@redhat.com, luto@kernel.org,
          dwmw2@infradead.org, linux-kernel@vger.kernel.org,
          torvalds@linux-foundation.org, hpa@zytor.com,
          dan.j.williams@intel.com, hughd@google.com, bp@alien8.de,
          dave.hansen@linux.intel.com, vbabka@suse.cz, keescook@google.com,
          namit@vmware.com, jgross@suse.com, mingo@kernel.org,
          arjan@linux.intel.com, peterz@infradead.org,
          gregkh@linuxfoundation.org, aarcange@redhat.com
In-Reply-To: <20180420222026.D0B4AAC9@viggo.jf.intel.com>
References: <20180420222026.D0B4AAC9@viggo.jf.intel.com>
To:     linux-tip-commits@vger.kernel.org
Subject: [tip:x86/pti] x86/pti: Disallow global kernel text with RANDSTRUCT
Git-Commit-ID: b7c21bc56fbedf4a61b628c6b11e0d7048746cc1
X-Mailer: tip-git-log-daemon
Robot-ID: <tip-bot.git.kernel.org>
Robot-Unsubscribe: Contact <mailto:hpa@kernel.org> to get blacklisted from
 these emails
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
        autolearn=ham autolearn_force=no version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on terminus.zytor.com
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Commit-ID:  b7c21bc56fbedf4a61b628c6b11e0d7048746cc1
Gitweb:     https://git.kernel.org/tip/b7c21bc56fbedf4a61b628c6b11e0d7048746cc1
Author:     Dave Hansen <dave.hansen@linux.intel.com>
AuthorDate: Fri, 20 Apr 2018 15:20:26 -0700
Committer:  Thomas Gleixner <tglx@linutronix.de>
CommitDate: Wed, 25 Apr 2018 11:02:51 +0200

x86/pti: Disallow global kernel text with RANDSTRUCT

commit 26d35ca6c3776784f8156e1d6f80cc60d9a2a915

RANDSTRUCT derives its hardening benefits from the attacker's lack of
knowledge about the layout of kernel data structures.  Keep the kernel
image non-global in cases where RANDSTRUCT is in use to help keep the
layout a secret.

Fixes: 8c06c7740 (x86/pti: Leave kernel text global for !PCID)
Reported-by: Kees Cook <keescook@google.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: linux-mm@kvack.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Nadav Amit <namit@vmware.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Link: https://lkml.kernel.org/r/20180420222026.D0B4AAC9@viggo.jf.intel.com


---
 arch/x86/mm/pti.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index ae3eb4f5d53b..4d418e705878 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -421,6 +421,16 @@ static inline bool pti_kernel_image_global_ok(void)
 	if (boot_cpu_has(X86_FEATURE_K8))
 		return false;
 
+	/*
+	 * RANDSTRUCT derives its hardening benefits from the
+	 * attacker's lack of knowledge about the layout of kernel
+	 * data structures.  Keep the kernel image non-global in
+	 * cases where RANDSTRUCT is in use to help keep the layout a
+	 * secret.
+	 */
+	if (IS_ENABLED(CONFIG_GCC_PLUGIN_RANDSTRUCT))
+		return false;
+
 	return true;
 }