mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-03-25 20:55:24 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
06b32fdb030989c45bb9dad685b794bf2395d53a
linux/drivers
History
Kees Cook 06b32fdb03 lkdtm: Check for SMEP clearing protections 
This adds an x86-specific test for pinned cr4 bits. A successful test
will validate pinning and check the ROP-style call-middle-of-function
defense, if needed. For example, in the case of native_write_cr4()
looking like this:

ffffffff8171bce0 <native_write_cr4>:
ffffffff8171bce0:       48 8b 35 79 46 f2 00    mov    0xf24679(%rip),%rsi
ffffffff8171bce7:       48 09 f7                or     %rsi,%rdi
ffffffff8171bcea:       0f 22 e7                mov    %rdi,%cr4
...
ffffffff8171bd5a:       c3                      retq

The UNSET_SMEP test will jump to ffffffff8171bcea (the mov to cr4)
instead of ffffffff8171bce0 (native_write_cr4() entry) to simulate a
direct-call bypass attempt.

Expected successful results:

  # echo UNSET_SMEP > /sys/kernel/debug/provoke-crash/DIRECT
  # dmesg
  [   79.594433] lkdtm: Performing direct entry UNSET_SMEP
  [   79.596459] lkdtm: trying to clear SMEP normally
  [   79.598406] lkdtm: ok: SMEP did not get cleared
  [   79.599981] lkdtm: trying to clear SMEP with call gadget
  [   79.601810] ------------[ cut here ]------------
  [   79.603421] Attempt to unpin cr4 bits: 100000; bypass attack?!
  ...
  [   79.650170] ---[ end trace 2452ca0f6126242e ]---
  [   79.650937] lkdtm: ok: SMEP removal was reverted

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-06-23 07:05:56 +02:00
..
accessibility
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 70
2019-05-24 17:36:47 +02:00
acpi
coresight: acpi: Support for AMBA components
2019-06-20 07:56:14 +02:00
amba
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282
2019-06-05 17:36:37 +02:00
android
binder: fix memory leak in error path
2019-06-22 11:49:16 +02:00
ata
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428
2019-06-05 17:37:16 +02:00
atm
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174
2019-05-30 11:26:41 -07:00
auxdisplay
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
base
Merge tag 'pm-5.2-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
2019-05-15 08:46:44 -07:00
bcma
block
Merge tag 'for-linus-5.2b-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
2019-06-08 13:16:05 -07:00
bluetooth
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333
2019-06-05 17:37:06 +02:00
bus
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174
2019-05-30 11:26:41 -07:00
cdrom
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 1
2019-05-21 11:28:39 +02:00
char
Merge 5.2-rc4 into char-misc-next
2019-06-09 09:11:21 +02:00
clk
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 445
2019-06-05 17:37:18 +02:00
clocksource
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 341
2019-06-05 17:37:07 +02:00
connector
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
counter
Merge 5.2-rc4 into char-misc-next
2019-06-09 09:11:21 +02:00
cpufreq
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
cpuidle
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428
2019-06-05 17:37:16 +02:00
crypto
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 442
2019-06-05 17:37:17 +02:00
dax
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295
2019-06-05 17:36:38 +02:00
dca
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 33
2019-05-24 17:27:11 +02:00
devfreq
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288
2019-06-05 17:36:37 +02:00
dio
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
dma
Merge tag 'spdx-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2019-06-08 12:52:42 -07:00
dma-buf
Merge tag 'spdx-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2019-06-08 12:52:42 -07:00
edac
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
eisa
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 210
2019-05-30 11:29:53 -07:00
extcon
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282
2019-06-05 17:36:37 +02:00
firewire
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
firmware
Merge 5.2-rc4 into char-misc-next
2019-06-09 09:11:21 +02:00
fmc
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 60
2019-05-24 17:36:45 +02:00
fpga
drivers: fpga: Kconfig: pedantic cleanups
2019-06-20 10:41:37 +02:00
fsi
fsi: cf-fsi-fw: Use the correct style for SPDX License Identifier
2019-06-19 19:35:51 +02:00
gnss
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
gpio
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
gpu
Merge tag 'spdx-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2019-06-08 12:52:42 -07:00
hid
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
hsi
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336
2019-06-05 17:37:07 +02:00
hv
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 320
2019-06-05 17:37:05 +02:00
hwmon
Merge tag 'spdx-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2019-06-08 12:52:42 -07:00
hwspinlock
hwtracing
coresight: replicator: Add terminate entry for acpi_device_id tables
2019-06-20 08:06:56 +02:00
i2c
Merge tag 'spdx-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2019-06-08 12:52:42 -07:00
i3c
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
ide
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333
2019-06-05 17:37:06 +02:00
idle
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 335
2019-06-05 17:37:06 +02:00
iio
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446
2019-06-05 17:37:18 +02:00
infiniband
Merge tag 'spdx-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2019-06-08 12:52:42 -07:00
input
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
interconnect
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
iommu
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 335
2019-06-05 17:37:06 +02:00
ipack
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
irqchip
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333
2019-06-05 17:37:06 +02:00
isdn
Merge tag 'spdx-5.2-rc3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2019-05-31 08:34:32 -07:00
leds
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
lightnvm
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 410
2019-06-05 17:37:14 +02:00
macintosh
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 375
2019-06-05 17:37:10 +02:00
mailbox
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288
2019-06-05 17:36:37 +02:00
mcb
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
md
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428
2019-06-05 17:37:16 +02:00
media
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 448
2019-06-05 17:37:18 +02:00
memory
memory: jz4780_nemc: Add support for the JZ4740
2019-06-21 16:08:19 +02:00
memstick
memstick: mspro_block: Fix an error code in mspro_block_issue_req()
2019-05-28 09:53:54 +02:00
message
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
mfd
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 450
2019-06-05 17:37:18 +02:00
misc
lkdtm: Check for SMEP clearing protections
2019-06-23 07:05:56 +02:00
mmc
Merge tag 'spdx-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2019-06-08 12:52:42 -07:00
mtd
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
mux
mux: mmio: add generic regmap bitfield-based multiplexer
2019-06-21 15:59:53 +02:00
net
Merge tag 'spdx-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2019-06-08 12:52:42 -07:00
nfc
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 417
2019-06-05 17:37:15 +02:00
ntb
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288
2019-06-05 17:36:37 +02:00
nubus
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
nvdimm
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295
2019-06-05 17:36:38 +02:00
nvme
Merge branch 'nvme-5.2-rc-next' of git://git.infradead.org/nvme into for-linus
2019-06-07 14:04:28 -06:00
nvmem
nvmem: Broaden the selection of NVMEM_SNVS_LPGPR
2019-06-19 19:35:51 +02:00
of
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428
2019-06-05 17:37:16 +02:00
opp
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
oprofile
parisc
Merge tag 'spdx-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2019-06-08 12:52:42 -07:00
parport
Merge tag 'char-misc-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2019-06-08 12:50:36 -07:00
pci
PCI: PM: Avoid possible suspend-to-idle issue
2019-05-27 10:55:08 +02:00
pcmcia
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 256
2019-06-05 17:30:27 +02:00
perf
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284
2019-06-05 17:36:37 +02:00
phy
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446
2019-06-05 17:37:18 +02:00
pinctrl
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446
2019-06-05 17:37:18 +02:00
platform
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
pnp
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 150
2019-05-30 11:25:19 -07:00
power
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 450
2019-06-05 17:37:18 +02:00
powercap
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 309
2019-06-05 17:37:04 +02:00
pps
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61
2019-05-24 17:36:45 +02:00
ps3
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 167
2019-05-30 11:26:39 -07:00
ptp
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 167
2019-05-30 11:26:39 -07:00
pwm
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 372
2019-06-05 17:37:10 +02:00
rapidio
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
ras
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
regulator
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 450
2019-06-05 17:37:18 +02:00
remoteproc
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282
2019-06-05 17:36:37 +02:00
reset
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 422
2019-06-05 17:37:15 +02:00
rpmsg
rtc
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
s390
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-06-07 09:29:14 -07:00
sbus
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61
2019-05-24 17:36:45 +02:00
scsi
Merge tag 'spdx-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2019-06-08 12:52:42 -07:00
sfi
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
sh
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
siox
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
slimbus
slimbus: core: generate uevent for non-dt only
2019-06-20 10:45:22 +02:00
sn
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
soc
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 409
2019-06-05 17:37:14 +02:00
soundwire
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
spi
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446
2019-06-05 17:37:18 +02:00
spmi
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284
2019-06-05 17:36:37 +02:00
ssb
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
staging
Merge tag 'staging-5.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
2019-05-31 08:31:45 -07:00
target
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 335
2019-06-05 17:37:06 +02:00
tc
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
tee
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282
2019-06-05 17:36:37 +02:00
thermal
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 422
2019-06-05 17:37:15 +02:00
thunderbolt
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
tty
vt/fbcon: deinitialize resources in visual_init() after failed memory allocation
2019-05-24 17:08:18 +02:00
uio
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333
2019-06-05 17:37:06 +02:00
usb
usbip: usbip_host: fix stub_dev lock context imbalance regression
2019-05-29 13:26:32 -07:00
uwb
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 268
2019-06-05 17:30:29 +02:00
vfio
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 201
2019-05-30 11:29:52 -07:00
vhost
vhost: scsi: add weight support
2019-05-27 11:08:23 -04:00
video
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446
2019-06-05 17:37:18 +02:00
virt
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
virtio
virtio: Fix indentation of VIRTIO_MMIO
2019-05-27 11:08:22 -04:00
visorbus
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
vlynq
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 102
2019-05-24 17:39:00 +02:00
vme
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
w1
Merge 5.2-rc4 into char-misc-next
2019-06-09 09:11:21 +02:00
watchdog
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446
2019-06-05 17:37:18 +02:00
xen
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 320
2019-06-05 17:37:05 +02:00
zorro
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
Kconfig
counter: Introduce the Generic Counter interface
2019-04-25 21:33:37 +02:00
Makefile
counter: Introduce the Generic Counter interface
2019-04-25 21:33:37 +02:00