2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-24 05:04:00 +08:00
linux-next/drivers/misc
Kees Cook 06b32fdb03 lkdtm: Check for SMEP clearing protections
This adds an x86-specific test for pinned cr4 bits. A successful test
will validate pinning and check the ROP-style call-middle-of-function
defense, if needed. For example, in the case of native_write_cr4()
looking like this:

ffffffff8171bce0 <native_write_cr4>:
ffffffff8171bce0:       48 8b 35 79 46 f2 00    mov    0xf24679(%rip),%rsi
ffffffff8171bce7:       48 09 f7                or     %rsi,%rdi
ffffffff8171bcea:       0f 22 e7                mov    %rdi,%cr4
...
ffffffff8171bd5a:       c3                      retq

The UNSET_SMEP test will jump to ffffffff8171bcea (the mov to cr4)
instead of ffffffff8171bce0 (native_write_cr4() entry) to simulate a
direct-call bypass attempt.

Expected successful results:

  # echo UNSET_SMEP > /sys/kernel/debug/provoke-crash/DIRECT
  # dmesg
  [   79.594433] lkdtm: Performing direct entry UNSET_SMEP
  [   79.596459] lkdtm: trying to clear SMEP normally
  [   79.598406] lkdtm: ok: SMEP did not get cleared
  [   79.599981] lkdtm: trying to clear SMEP with call gadget
  [   79.601810] ------------[ cut here ]------------
  [   79.603421] Attempt to unpin cr4 bits: 100000; bypass attack?!
  ...
  [   79.650170] ---[ end trace 2452ca0f6126242e ]---
  [   79.650937] lkdtm: ok: SMEP removal was reverted

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-06-23 07:05:56 +02:00
..
altera-stapl Merge 5.2-rc4 into char-misc-next 2019-06-09 09:11:21 +02:00
c2port Merge 5.2-rc4 into char-misc-next 2019-06-09 09:11:21 +02:00
cardreader treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 17 2019-05-21 11:28:46 +02:00
cb710 Merge 5.2-rc4 into char-misc-next 2019-06-09 09:11:21 +02:00
cxl Merge 5.2-rc4 into char-misc-next 2019-06-09 09:11:21 +02:00
echo Merge 5.2-rc4 into char-misc-next 2019-06-09 09:11:21 +02:00
eeprom eeprom: idt_89hpesx: remove unneeded csr_file variable 2019-06-19 19:39:28 +02:00
genwqe Merge 5.2-rc4 into char-misc-next 2019-06-09 09:11:21 +02:00
habanalabs Char/Misc driver fixes for 5.2-rc4 2019-06-08 12:50:36 -07:00
ibmasm treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
lis3lv02d Merge 5.2-rc4 into char-misc-next 2019-06-09 09:11:21 +02:00
lkdtm lkdtm: Check for SMEP clearing protections 2019-06-23 07:05:56 +02:00
mei mei: docs: add hdcp documentation 2019-06-06 15:16:00 +02:00
mic misc: mic: scif: fix potential double free of scif_dev 2019-06-10 18:44:22 +02:00
ocxl Merge 5.2-rc4 into char-misc-next 2019-06-09 09:11:21 +02:00
sgi-gru treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
sgi-xp misc: sgi-xp: Properly initialize buf in xpc_get_rsvd_page_pa 2019-05-24 19:00:54 +02:00
ti-st treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
vmw_vmci VMCI: Fix integer overflow in VMCI handle arrays 2019-06-21 16:04:05 +02:00
ad525x_dpot-i2c.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 149 2019-05-30 11:25:18 -07:00
ad525x_dpot-spi.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 149 2019-05-30 11:25:18 -07:00
ad525x_dpot.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 149 2019-05-30 11:25:18 -07:00
ad525x_dpot.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 149 2019-05-30 11:25:18 -07:00
apds990x.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336 2019-06-05 17:37:07 +02:00
apds9802als.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 167 2019-05-30 11:26:39 -07:00
atmel_tclib.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
atmel-ssc.c misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data 2018-11-11 09:13:19 -08:00
bh1770glc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336 2019-06-05 17:37:07 +02:00
cs5535-mfgpt.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
ds1682.c misc: ds1682: Ignore update-in-progress ETC reads 2018-01-09 17:03:57 +01:00
dummy-irq.c
enclosure.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 176 2019-05-30 11:29:19 -07:00
fastrpc.c Merge 5.1-rc6 into char-misc-next 2019-04-21 23:14:47 +02:00
fsa9480.c misc: fsa9480: simplify getting the adapter of a client 2019-06-10 17:29:50 +02:00
hmc6352.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 167 2019-05-30 11:26:39 -07:00
hpilo.c misc: hpilo: Do not claim unsupported hardware 2019-02-27 16:00:21 +01:00
hpilo.h misc: hpilo: Use SPDX-License-Identifier 2017-12-07 18:45:31 +01:00
ibmvmc.c misc: ibmvsm: Fix potential NULL pointer dereference 2019-01-18 14:14:14 +01:00
ibmvmc.h misc: IBM Virtual Management Channel Driver (VMC) 2018-05-14 16:35:42 +02:00
ics932s401.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
ioc4.c drivers: Remove explicit invocations of mmiowb() 2019-04-08 12:01:02 +01:00
isl29003.c misc: isl29003: simplify getting the adapter of a client 2019-06-10 17:29:49 +02:00
isl29020.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 167 2019-05-30 11:26:39 -07:00
Kconfig misc: xilinx-sdfec: add core driver 2019-06-21 16:12:05 +02:00
kgdbts.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
lattice-ecp3-config.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
Makefile misc: xilinx-sdfec: add core driver 2019-06-21 16:12:05 +02:00
pch_phub.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 167 2019-05-30 11:26:39 -07:00
pci_endpoint_test.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 341 2019-06-05 17:37:07 +02:00
phantom.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
pti.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
pvpanic.c misc: pvpanic: fix warning implicit declaration 2019-01-18 16:42:05 +01:00
qcom-coincell.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284 2019-06-05 17:36:37 +02:00
spear13xx_pcie_gadget.c
sram-exec.c
sram.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 1 2019-05-21 11:28:39 +02:00
sram.h
tifm_7xx1.c drivers: Remove explicit invocations of mmiowb() 2019-04-08 12:01:02 +01:00
tifm_core.c
tsl2550.c misc: tsl2550: simplify getting the adapter of a client 2019-06-10 17:29:50 +02:00
vexpress-syscfg.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
vmw_balloon.c vmw_balloon: Split refused pages 2019-05-24 20:19:17 +02:00
xilinx_sdfec.c misc: xilinx_sdfec: Add CCF support 2019-06-21 16:12:53 +02:00