| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1348256595-29119-1-git-send-email-hpa@linux.intel.com>
Date: Fri, 21 Sep 2012 12:43:04 -0700
From: "H. Peter Anvin" <hpa@...ux.intel.com>
To: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
"H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Kees Cook <keescook@...omium.org>,
Linda Wang <lwang@...hat.com>,
Matt Fleming <matt.fleming@...el.com>,
"H. Peter Anvin" <hpa@...ux.intel.com>
Subject: [PATCH 00/11] x86: Supervisor Mode Access Prevention
Supervisor Mode Access Prevention (SMAP) is a new security feature
disclosed by Intel in revision 014 of the IntelĀ® Architecture
Instruction Set Extensions Programming Reference:
http://software.intel.com/sites/default/files/319433-014.pdf
When SMAP is active, the kernel cannot normally access pages that are
user space (U=1). Since the kernel does have the need to access user
space pages under specific circumstances, an override is provided: the
kernel can access user space pages if EFLAGS.AC=1. For system data
structures, e.g. descriptor tables, that are accessed by the processor
directly, SMAP is active even in CPL 3 regardless of EFLAGS.AC.
SMAP also includes two new instructions, STAC and CLAC, to flip the AC
flag more quickly.
Note: patch 01/11 is already in tip:x86/cpufeature.
List of patches:
x86, cpufeature: Add feature bit for SMAP
x86-32, mm: The WP test should be done on a kernel page
x86, smap: Add CR4 bit for SMAP
x86, alternative: Use .pushsection/.popsection
x86, alternative: Add header guards to <asm/alternative-asm.h>
x86, smap: Add a header file with macros for STAC/CLAC
x86, uaccess: Merge prototypes for clear_user/__clear_user
x86, smap: Add STAC and CLAC instructions to control user space access
x86, smap: Turn on Supervisor Mode Access Prevention
x86, smap: A page fault due to SMAP is an oops
x86, smap: Reduce the SMAP overhead for signal handling
Diff stat:
Documentation/kernel-parameters.txt | 6 ++-
arch/x86/Kconfig | 11 ++++
arch/x86/ia32/ia32_signal.c | 12 +++--
arch/x86/ia32/ia32entry.S | 6 ++
arch/x86/include/asm/alternative-asm.h | 9 +++-
arch/x86/include/asm/alternative.h | 32 ++++++------
arch/x86/include/asm/cpufeature.h | 1 +
arch/x86/include/asm/fpu-internal.h | 10 ++--
arch/x86/include/asm/futex.h | 19 +++++--
arch/x86/include/asm/processor-flags.h | 1 +
arch/x86/include/asm/smap.h | 91 ++++++++++++++++++++++++++++++++
arch/x86/include/asm/uaccess.h | 28 ++++++----
arch/x86/include/asm/uaccess_32.h | 3 -
arch/x86/include/asm/uaccess_64.h | 3 -
arch/x86/include/asm/xsave.h | 10 ++--
arch/x86/kernel/cpu/common.c | 29 ++++++++++-
arch/x86/kernel/entry_64.S | 11 ++++-
arch/x86/kernel/signal.c | 24 +++++----
arch/x86/lib/copy_user_64.S | 7 +++
arch/x86/lib/copy_user_nocache_64.S | 3 +
arch/x86/lib/getuser.S | 10 ++++
arch/x86/lib/putuser.S | 8 +++-
arch/x86/lib/usercopy_32.c | 13 ++++-
arch/x86/lib/usercopy_64.c | 3 +
arch/x86/mm/fault.c | 18 ++++++
arch/x86/mm/init_32.c | 2 +-
26 files changed, 301 insertions(+), 69 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists