redonkable/remarkable-linux
redonkable/remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/drivers
History
Kees Cook 06b32fdb03 lkdtm: Check for SMEP clearing protections 
This adds an x86-specific test for pinned cr4 bits. A successful test
will validate pinning and check the ROP-style call-middle-of-function
defense, if needed. For example, in the case of native_write_cr4()
looking like this:

ffffffff8171bce0 <native_write_cr4>:
ffffffff8171bce0:       48 8b 35 79 46 f2 00    mov    0xf24679(%rip),%rsi
ffffffff8171bce7:       48 09 f7                or     %rsi,%rdi
ffffffff8171bcea:       0f 22 e7                mov    %rdi,%cr4
...
ffffffff8171bd5a:       c3                      retq

The UNSET_SMEP test will jump to ffffffff8171bcea (the mov to cr4)
instead of ffffffff8171bce0 (native_write_cr4() entry) to simulate a
direct-call bypass attempt.

Expected successful results:

  # echo UNSET_SMEP > /sys/kernel/debug/provoke-crash/DIRECT
  # dmesg
  [   79.594433] lkdtm: Performing direct entry UNSET_SMEP
  [   79.596459] lkdtm: trying to clear SMEP normally
  [   79.598406] lkdtm: ok: SMEP did not get cleared
  [   79.599981] lkdtm: trying to clear SMEP with call gadget
  [   79.601810] ------------[ cut here ]------------
  [   79.603421] Attempt to unpin cr4 bits: 100000; bypass attack?!
  ...
  [   79.650170] ---[ end trace 2452ca0f6126242e ]---
  [   79.650937] lkdtm: ok: SMEP removal was reverted

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-06-23 07:05:56 +02:00
..
accessibility treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 70 2019-05-24 17:36:47 +02:00
acpi coresight: acpi: Support for AMBA components 2019-06-20 07:56:14 +02:00
amba treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
android binder: fix memory leak in error path 2019-06-22 11:49:16 +02:00
ata treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428 2019-06-05 17:37:16 +02:00
atm treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
auxdisplay treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
base More power management updates for 5.2-rc1 2019-05-15 08:46:44 -07:00
bcma
block xen: fix for 5.2-rc4 2019-06-08 13:16:05 -07:00
bluetooth treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
bus treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
cdrom treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 1 2019-05-21 11:28:39 +02:00
char Merge 5.2-rc4 into char-misc-next 2019-06-09 09:11:21 +02:00
clk treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 445 2019-06-05 17:37:18 +02:00
clocksource treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 341 2019-06-05 17:37:07 +02:00
connector treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
counter Merge 5.2-rc4 into char-misc-next 2019-06-09 09:11:21 +02:00
cpufreq treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
cpuidle treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428 2019-06-05 17:37:16 +02:00
crypto treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 442 2019-06-05 17:37:17 +02:00
dax treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 2019-06-05 17:36:38 +02:00
dca treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 33 2019-05-24 17:27:11 +02:00
devfreq treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288 2019-06-05 17:36:37 +02:00
dio treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
dma SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
dma-buf SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
edac treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
eisa treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 210 2019-05-30 11:29:53 -07:00
extcon treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
firewire treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
firmware Merge 5.2-rc4 into char-misc-next 2019-06-09 09:11:21 +02:00
fmc treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 60 2019-05-24 17:36:45 +02:00
fpga drivers: fpga: Kconfig: pedantic cleanups 2019-06-20 10:41:37 +02:00
fsi fsi: cf-fsi-fw: Use the correct style for SPDX License Identifier 2019-06-19 19:35:51 +02:00
gnss treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
gpio treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
gpu SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
hid treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
hsi treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336 2019-06-05 17:37:07 +02:00
hv treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 320 2019-06-05 17:37:05 +02:00
hwmon SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
hwspinlock
hwtracing coresight: replicator: Add terminate entry for acpi_device_id tables 2019-06-20 08:06:56 +02:00
i2c SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
i3c treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
ide treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
idle treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 335 2019-06-05 17:37:06 +02:00
iio treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446 2019-06-05 17:37:18 +02:00
infiniband SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
input treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
interconnect treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
iommu treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 335 2019-06-05 17:37:06 +02:00
ipack treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
irqchip treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
isdn SPDX update for 5.2-rc3, round 1 2019-05-31 08:34:32 -07:00
leds treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
lightnvm treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 410 2019-06-05 17:37:14 +02:00
macintosh treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 375 2019-06-05 17:37:10 +02:00
mailbox treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288 2019-06-05 17:36:37 +02:00
mcb treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
md treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428 2019-06-05 17:37:16 +02:00
media treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 448 2019-06-05 17:37:18 +02:00
memory memory: jz4780_nemc: Add support for the JZ4740 2019-06-21 16:08:19 +02:00
memstick memstick: mspro_block: Fix an error code in mspro_block_issue_req() 2019-05-28 09:53:54 +02:00
message treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
mfd treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 450 2019-06-05 17:37:18 +02:00
misc lkdtm: Check for SMEP clearing protections 2019-06-23 07:05:56 +02:00
mmc SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
mtd treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
mux mux: mmio: add generic regmap bitfield-based multiplexer 2019-06-21 15:59:53 +02:00
net SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
nfc treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 417 2019-06-05 17:37:15 +02:00
ntb treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288 2019-06-05 17:36:37 +02:00
nubus treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
nvdimm treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 2019-06-05 17:36:38 +02:00
nvme Merge branch 'nvme-5.2-rc-next' of git://git.infradead.org/nvme into for-linus 2019-06-07 14:04:28 -06:00
nvmem nvmem: Broaden the selection of NVMEM_SNVS_LPGPR 2019-06-19 19:35:51 +02:00
of treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428 2019-06-05 17:37:16 +02:00
opp treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
oprofile
parisc SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
parport Char/Misc driver fixes for 5.2-rc4 2019-06-08 12:50:36 -07:00
pci PCI: PM: Avoid possible suspend-to-idle issue 2019-05-27 10:55:08 +02:00
pcmcia treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 256 2019-06-05 17:30:27 +02:00
perf treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284 2019-06-05 17:36:37 +02:00
phy treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446 2019-06-05 17:37:18 +02:00
pinctrl treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446 2019-06-05 17:37:18 +02:00
platform treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
pnp treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 150 2019-05-30 11:25:19 -07:00
power treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 450 2019-06-05 17:37:18 +02:00
powercap treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 309 2019-06-05 17:37:04 +02:00
pps treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61 2019-05-24 17:36:45 +02:00
ps3 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 167 2019-05-30 11:26:39 -07:00
ptp treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 167 2019-05-30 11:26:39 -07:00
pwm treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 372 2019-06-05 17:37:10 +02:00
rapidio treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
ras treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
regulator treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 450 2019-06-05 17:37:18 +02:00
remoteproc treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
reset treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 422 2019-06-05 17:37:15 +02:00
rpmsg
rtc treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-07 09:29:14 -07:00
sbus treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61 2019-05-24 17:36:45 +02:00
scsi SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
sfi treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
sh treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
siox treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
slimbus slimbus: core: generate uevent for non-dt only 2019-06-20 10:45:22 +02:00
sn treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
soc treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 409 2019-06-05 17:37:14 +02:00
soundwire treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
spi treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446 2019-06-05 17:37:18 +02:00
spmi treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284 2019-06-05 17:36:37 +02:00
ssb treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
staging Staging/IIO driver fixes for 5.2-rc3 2019-05-31 08:31:45 -07:00
target treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 335 2019-06-05 17:37:06 +02:00
tc treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
tee treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
thermal treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 422 2019-06-05 17:37:15 +02:00
thunderbolt treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
tty vt/fbcon: deinitialize resources in visual_init() after failed memory allocation 2019-05-24 17:08:18 +02:00
uio treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
usb usbip: usbip_host: fix stub_dev lock context imbalance regression 2019-05-29 13:26:32 -07:00
uwb treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 268 2019-06-05 17:30:29 +02:00
vfio treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 201 2019-05-30 11:29:52 -07:00
vhost vhost: scsi: add weight support 2019-05-27 11:08:23 -04:00
video treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446 2019-06-05 17:37:18 +02:00
virt treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
virtio virtio: Fix indentation of VIRTIO_MMIO 2019-05-27 11:08:22 -04:00
visorbus treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
vlynq treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 102 2019-05-24 17:39:00 +02:00
vme treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
w1 Merge 5.2-rc4 into char-misc-next 2019-06-09 09:11:21 +02:00
watchdog treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446 2019-06-05 17:37:18 +02:00
xen treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 320 2019-06-05 17:37:05 +02:00
zorro treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Kconfig
Makefile