Received: by 2002:ac0:8845:0:0:0:0:0 with SMTP id g63csp1164668img; Tue, 26 Feb 2019 15:38:34 -0800 (PST) X-Google-Smtp-Source: AHgI3IZ6i1xGOF7QIFA6RTJVZMD/hYuOA3oS9fEhksrzHNcoHR7hluVY2Xa2GGYCPpLgMGCqpuLH X-Received: by 2002:a65:624a:: with SMTP id q10mr2897544pgv.377.1551224314576; Tue, 26 Feb 2019 15:38:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551224314; cv=none; d=google.com; s=arc-20160816; b=Q6+gtixVksCzIw48E5cLAcLaXaff7qDIIsvUhwpVk4MxPxlxlGQ4fWcdknM9MNoNpJ O38v/bebACQNYX1N6Kfzoala2qVuA1iKB8dTV0BbaNufzP5xODII05dnrZwlpj7VjDjL J/D5iH79ltMF1F0BNdq6Kr31AvqyfPIW0woJODzlDCGoz4SGhFLZJfSpgkxEzTzNvvLl vQCx4NIfl6r3mI5RQ9mGSvMl/yHo16KKUjV8XfHZo0yYCux1CId2O8mP52PtM6t0DgUk Y6UPWbiTkB7S5/b3GDKsTnMNIQALOS9nM2eYRKaelrpzlCSRqEs5a4gNjEKZlwLU7Yq3 y5uA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=jSZgJudrM5m8qRDb6mLMsIQpowkW9zj+Jyi847C46W4=; b=0xtdintW9yy85a5GzeRFoh3Z+UZEEt9IoijCEwSYKeAhTlL3ApPu8yVRoqyqDFv7pe pKB3RVU3FGNo4bYL+AfZQbTbUrpiyl0YMsfYNogmQY6MbEIpatzBHFcoH/3lOhMxiBOQ PP89rVMrHPSiKbLT99Iixx3MGUugrufEMsHh92zKN0hv5OpFJ130Gkiz3b3riCRyW/UL +w/7oj5nJjnhb6KdkhBIQvjlPKTSYsRYeGFlgqKJ1A+Z/NGt7UtGCqcvfY+PKPQP1mnU AIIAHTX+pu77/lgiYSbTi8DGrcsE1q1ZhdEvWHiAsFZMCIpJDevU+p5Bl1MHz1FbmNww mXSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=NTI4zYlj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o4si13344923pgc.345.2019.02.26.15.38.19; Tue, 26 Feb 2019 15:38:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=NTI4zYlj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729550AbfBZXhV (ORCPT + 99 others); Tue, 26 Feb 2019 18:37:21 -0500 Received: from mail-pl1-f193.google.com ([209.85.214.193]:45245 "EHLO mail-pl1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729234AbfBZXg4 (ORCPT ); Tue, 26 Feb 2019 18:36:56 -0500 Received: by mail-pl1-f193.google.com with SMTP id r14so6988083pls.12 for ; Tue, 26 Feb 2019 15:36:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id; bh=jSZgJudrM5m8qRDb6mLMsIQpowkW9zj+Jyi847C46W4=; b=NTI4zYljQwhgGhws5FsjIhRy0mTJhBCzvvkBhh5rFJkV7hzk3M2e5L8CItzwMPXX4K oozTdwF/aPXCevV0LKHDXUFbeZ3zYVNUsQdYjXlEQNv9tZOvQZbgJ6/YP0vCCmZs43Bz Aj8wWAjAYKVxnwtkDmmrEtr3Y7lhhFU1JKPcE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=jSZgJudrM5m8qRDb6mLMsIQpowkW9zj+Jyi847C46W4=; b=mnpMU8zozbZkp5uwqoXqeixgZBywTIbKLIlgWPqSxXZmEvdlQcblRr2Ehm3SXrNec2 otCk4emhO9B6lSbdOM/aJz8jaWrdsRrYV/eKzyqZXm6dk8+ZIVwcB2gAVY3lTwzdabvu uslDClfs5+9K3CjjepsTY3U0TsOOAfuCOeye2gstH3lfTTesP3tyf4huS5N731pZIXYc uECbt1T7DaUT/nsYE7xBhVlBTyfaWje2RIFvy9BBt225c7U1aASVtMxGgbxFdcPngDY5 sqiWdboyEUUmO3jDDEEgkKvWBJnRcf1+jl9RGvROEY+XrGGAy03d/huR0L03wXhjcdqL 7N0A== X-Gm-Message-State: AHQUAuZ0XmSNwum6OSr9CbWn7jmvWbgAB+2017TzxBY9lnoBpcZK6wWm 1lxAlQThjTQKExAVuPRoatOJaO+6170= X-Received: by 2002:a17:902:2aaa:: with SMTP id j39mr29433062plb.335.1551224216261; Tue, 26 Feb 2019 15:36:56 -0800 (PST) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id j24sm21222445pgl.58.2019.02.26.15.36.54 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 26 Feb 2019 15:36:54 -0800 (PST) From: Kees Cook To: Thomas Gleixner Cc: Kees Cook , Peter Zijlstra , Jann Horn , Sean Christopherson , Dominik Brodowski , Kernel Hardening , linux-kernel@vger.kernel.org Subject: [PATCH 0/3] x86/asm: More pinning Date: Tue, 26 Feb 2019 15:36:44 -0800 Message-Id: <20190226233647.28547-1-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This adds CR0 pinning (for WP), and cleans up the CR4 pin to avoid taking an exception from WARN before fixing up the desired pin. Additionally adds lkdtm test (which depends on the CR4 patch, otherwise I'd send it via Greg's tree). Thanks! -Kees Kees Cook (3): x86/asm: Pin sensitive CR0 bits x86/asm: Avoid taking an exception before cr4 restore lkdtm: Check for SMEP clearing protections arch/x86/include/asm/special_insns.h | 33 +++++++++++++-- drivers/misc/lkdtm/bugs.c | 60 ++++++++++++++++++++++++++++ drivers/misc/lkdtm/core.c | 1 + drivers/misc/lkdtm/lkdtm.h | 1 + 4 files changed, 91 insertions(+), 4 deletions(-) -- 2.17.1