lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Jun 2019 16:44:22 -0700 From: Kees Cook <keescook@...omium.org> To: Thomas Gleixner <tglx@...utronix.de> Cc: Kees Cook <keescook@...omium.org>, Linus Torvalds <torvalds@...ux-foundation.org>, x86@...nel.org, Peter Zijlstra <peterz@...radead.org>, Dave Hansen <dave.hansen@...el.com>, linux-kernel@...r.kernel.org Subject: [PATCH v2 2/2] x86/asm: Pin sensitive CR0 bits With sensitive CR4 bits pinned now, it's possible that the WP bit for CR0 might become a target as well. Following the same reasoning for the CR4 pinning, this pins CR0's WP bit (but this can be done with a static value). Suggested-by: Peter Zijlstra <peterz@...radead.org> Signed-off-by: Kees Cook <keescook@...omium.org> --- arch/x86/include/asm/special_insns.h | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/special_insns.h b/arch/x86/include/asm/special_insns.h index 284a77d52fea..9c9fd3760079 100644 --- a/arch/x86/include/asm/special_insns.h +++ b/arch/x86/include/asm/special_insns.h @@ -31,7 +31,22 @@ static inline unsigned long native_read_cr0(void) static inline void native_write_cr0(unsigned long val) { - asm volatile("mov %0,%%cr0": : "r" (val), "m" (__force_order)); + unsigned long bits_missing = 0; + +set_register: + if (static_branch_likely(&cr_pinning)) + val |= X86_CR0_WP; + + asm volatile("mov %0,%%cr0": "+r" (val), "+m" (__force_order)); + + if (static_branch_likely(&cr_pinning)) { + if (unlikely((val & X86_CR0_WP) != X86_CR0_WP)) { + bits_missing = X86_CR0_WP; + goto set_register; + } + /* Warn after we've set the missing bits. */ + WARN_ONCE(bits_missing, "CR0 WP bit went missing!?\n"); + } } static inline unsigned long native_read_cr2(void) -- 2.17.1
Powered by blists - more mailing lists