| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 May 2020 14:51:02 +0000
From: Lai Jiangshan <laijs@...ux.alibaba.com>
To: linux-kernel@...r.kernel.org
Cc: Lai Jiangshan <laijs@...ux.alibaba.com>,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>, x86@...nel.org,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>,
Alexandre Chartre <alexandre.chartre@...cle.com>
Subject: [RFC PATCH 5/5] x86/hw_breakpoint: Prevent data breakpoints on debug_idt_table
A data breakpoint on the IDT is terrifying and should be avoided.
The IDT on CPU entry area is already protected. The debug IDT
should be also protected, although it is seldom used and only
used for short time.
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Peter Zijlstra (Intel) <peterz@...radead.org>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: x86@...nel.org
Signed-off-by: Lai Jiangshan <laijs@...ux.alibaba.com>
---
Please drop this patch when Peter's work to remove debug_idt_table
is merged.
arch/x86/kernel/hw_breakpoint.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/x86/kernel/hw_breakpoint.c b/arch/x86/kernel/hw_breakpoint.c
index 9579bd6fb589..83d8b1fcbc76 100644
--- a/arch/x86/kernel/hw_breakpoint.c
+++ b/arch/x86/kernel/hw_breakpoint.c
@@ -284,6 +284,11 @@ static inline bool within_cpu_entry(unsigned long addr, unsigned long end)
return true;
}
+ /* debug_idt_table is used when load_debug_idt() */
+ if (within_area(addr, end, (unsigned long)debug_idt_table,
+ sizeof(debug_idt_table[0]) * IDT_ENTRIES))
+ return true;
+
return false;
}
--
2.20.1
Powered by blists - more mailing lists