From: Dave Hansen <dave.hansen@linux.intel.com>
To: linux-kernel@vger.kernel.org
Cc: linux-mm@kvack.org,Dave Hansen
<dave.hansen@linux.intel.com>,keescook@google.com,aarcange@redhat.com,luto@kernel.org,arjan@linux.intel.com,bp@alien8.de,dan.j.williams@intel.com,dwmw2@infradead.org,gregkh@linuxfoundation.org,hughd@google.com,jpoimboe@redhat.com,jgross@suse.com,torvalds@linux-foundation.org,namit@vmware.com,peterz@infradead.org,tglx@linutronix.de,vbabka@suse.cz
Subject: [PATCH 4/5] x86, pti: disallow global kernel text with RANDSTRUCT
Date: Fri, 20 Apr 2018 15:20:26 -0700 [thread overview]
Message-ID: <20180420222026.D0B4AAC9@viggo.jf.intel.com> (raw)
In-Reply-To: <20180420222018.E7646EE1@viggo.jf.intel.com>
I believe this was originally reported by the grsecurity team who
tweeted about it (link below).
RANDSTRUCT derives its hardening benefits from the attacker's lack of
knowledge about the layout of kernel data structures. Keep the kernel
image non-global in cases where RANDSTRUCT is in use to help keep the
layout a secret.
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reported-by: Kees Cook <keescook@google.com>
Link: https://twitter.com/grsecurity/status/985678720630476800
Fixes: 8c06c7740 (x86/pti: Leave kernel text global for !PCID)
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Kees Cook <keescook@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Nadav Amit <namit@vmware.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: linux-mm@kvack.org
---
b/arch/x86/mm/pti.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff -puN arch/x86/mm/pti.c~pti-glb-disable-with-compile-options arch/x86/mm/pti.c
--- a/arch/x86/mm/pti.c~pti-glb-disable-with-compile-options 2018-04-20 14:10:02.702749165 -0700
+++ b/arch/x86/mm/pti.c 2018-04-20 14:10:02.706749165 -0700
@@ -421,6 +421,16 @@ static inline bool pti_kernel_image_glob
if (boot_cpu_has(X86_FEATURE_K8))
return false;
+ /*
+ * RANDSTRUCT derives its hardening benefits from the
+ * attacker's lack of knowledge about the layout of kernel
+ * data structures. Keep the kernel image non-global in
+ * cases where RANDSTRUCT is in use to help keep the layout a
+ * secret.
+ */
+ if (IS_ENABLED(CONFIG_GCC_PLUGIN_RANDSTRUCT))
+ return false;
+
return true;
}
_
WARNING: multiple messages have this Message-ID (diff)
From: Dave Hansen <dave.hansen@linux.intel.com>
To: linux-kernel@vger.kernel.org
Cc: linux-mm@kvack.org, Dave Hansen <dave.hansen@linux.intel.com>,
keescook@google.com, aarcange@redhat.com, luto@kernel.org,
arjan@linux.intel.com, bp@alien8.de, dan.j.williams@intel.com,
dwmw2@infradead.org, gregkh@linuxfoundation.org,
hughd@google.com, jpoimboe@redhat.com, jgross@suse.com,
torvalds@linux-foundation.org, namit@vmware.com,
peterz@infradead.org, tglx@linutronix.de, vbabka@suse.cz
Subject: [PATCH 4/5] x86, pti: disallow global kernel text with RANDSTRUCT
Date: Fri, 20 Apr 2018 15:20:26 -0700 [thread overview]
Message-ID: <20180420222026.D0B4AAC9@viggo.jf.intel.com> (raw)
In-Reply-To: <20180420222018.E7646EE1@viggo.jf.intel.com>
I believe this was originally reported by the grsecurity team who
tweeted about it (link below).
RANDSTRUCT derives its hardening benefits from the attacker's lack of
knowledge about the layout of kernel data structures. Keep the kernel
image non-global in cases where RANDSTRUCT is in use to help keep the
layout a secret.
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reported-by: Kees Cook <keescook@google.com>
Link: https://twitter.com/grsecurity/status/985678720630476800
Fixes: 8c06c7740 (x86/pti: Leave kernel text global for !PCID)
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Kees Cook <keescook@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Nadav Amit <namit@vmware.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: linux-mm@kvack.org
---
b/arch/x86/mm/pti.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff -puN arch/x86/mm/pti.c~pti-glb-disable-with-compile-options arch/x86/mm/pti.c
--- a/arch/x86/mm/pti.c~pti-glb-disable-with-compile-options 2018-04-20 14:10:02.702749165 -0700
+++ b/arch/x86/mm/pti.c 2018-04-20 14:10:02.706749165 -0700
@@ -421,6 +421,16 @@ static inline bool pti_kernel_image_glob
if (boot_cpu_has(X86_FEATURE_K8))
return false;
+ /*
+ * RANDSTRUCT derives its hardening benefits from the
+ * attacker's lack of knowledge about the layout of kernel
+ * data structures. Keep the kernel image non-global in
+ * cases where RANDSTRUCT is in use to help keep the layout a
+ * secret.
+ */
+ if (IS_ENABLED(CONFIG_GCC_PLUGIN_RANDSTRUCT))
+ return false;
+
return true;
}
_
next prev parent reply other threads:[~2018-04-20 22:20 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-20 22:20 [PATCH 0/5] x86, mm: PTI Global page fixes for 4.17 Dave Hansen
2018-04-20 22:20 ` Dave Hansen
2018-04-20 22:20 ` [PATCH 1/5] x86, pti: fix boot problems from Global-bit setting Dave Hansen
2018-04-20 22:20 ` Dave Hansen
2018-04-23 10:50 ` Aaro Koskinen
2018-04-23 10:50 ` Aaro Koskinen
2018-04-24 8:06 ` [tip:x86/pti] x86/pti: Fix " tip-bot for Dave Hansen
2018-04-25 9:06 ` tip-bot for Dave Hansen
2018-04-20 22:20 ` [PATCH 2/5] x86, pti: fix boot warning " Dave Hansen
2018-04-20 22:20 ` Dave Hansen
2018-04-23 10:51 ` Aaro Koskinen
2018-04-23 10:51 ` Aaro Koskinen
2018-04-24 8:07 ` [tip:x86/pti] x86/pti: Fix " tip-bot for Dave Hansen
2018-04-25 9:07 ` tip-bot for Dave Hansen
2018-04-20 22:20 ` [PATCH 3/5] x86, pti: reduce amount of kernel text allowed to be Global Dave Hansen
2018-04-20 22:20 ` Dave Hansen
2018-04-24 8:08 ` [tip:x86/pti] x86, pti: Reduce " tip-bot for Dave Hansen
2018-04-25 9:08 ` [tip:x86/pti] x86/pti: " tip-bot for Dave Hansen
2018-04-20 22:20 ` Dave Hansen [this message]
2018-04-20 22:20 ` [PATCH 4/5] x86, pti: disallow global kernel text with RANDSTRUCT Dave Hansen
2018-04-24 8:08 ` [tip:x86/pti] x86/pti: Disallow " tip-bot for Dave Hansen
2018-04-25 9:08 ` tip-bot for Dave Hansen
2018-04-20 22:20 ` [PATCH 5/5] x86, pti: filter at vma->vm_page_prot population Dave Hansen
2018-04-20 22:20 ` Dave Hansen
2018-04-21 1:21 ` Nadav Amit
2018-04-23 11:37 ` Dave Hansen
2018-04-23 11:37 ` Dave Hansen
2018-04-24 8:09 ` [tip:x86/pti] x86, pti: Filter " tip-bot for Dave Hansen
2018-04-25 9:09 ` [tip:x86/pti] x86/pti: " tip-bot for Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180420222026.D0B4AAC9@viggo.jf.intel.com \
--to=dave.hansen@linux.intel.com \
--cc=aarcange@redhat.com \
--cc=arjan@linux.intel.com \
--cc=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=dwmw2@infradead.org \
--cc=gregkh@linuxfoundation.org \
--cc=hughd@google.com \
--cc=jgross@suse.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=namit@vmware.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.