iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4eefbe792b
linux/arch/x86
History
Kees Cook 4eefbe792b x86: Use a read-only IDT alias on all CPUs 
Make a copy of the IDT (as seen via the "sidt" instruction) read-only.
This primarily removes the IDT from being a target for arbitrary memory
write attacks, and has the added benefit of also not leaking the kernel
base offset, if it has been relocated.

We already did this on vendor == Intel and family == 5 because of the
F0 0F bug -- regardless of if a particular CPU had the F0 0F bug or
not.  Since the workaround was so cheap, there simply was no reason to
be very specific.  This patch extends the readonly alias to all CPUs,
but does not activate the #PF to #UD conversion code needed to deliver
the proper exception in the F0 0F case except on Intel family 5
processors.

Signed-off-by: Kees Cook <keescook@chromium.org>
Link: http://lkml.kernel.org/r/20130410192422.GA17344@www.outflux.net
Cc: Eric Northup <digitaleric@google.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
2013-04-11 13:53:19 -07:00
..
boot x86: Fix rebuild with EFI_STUB enabled 2013-04-05 13:59:23 -07:00
configs x86: Default to ARCH=x86 to avoid overriding CONFIG_64BIT 2012-12-20 14:37:18 -08:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-02-25 15:56:15 -08:00
ia32 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2013-03-02 08:34:06 -08:00
include x86: Use a read-only IDT alias on all CPUs 2013-04-11 13:53:19 -07:00
kernel x86: Use a read-only IDT alias on all CPUs 2013-04-11 13:53:19 -07:00
kvm KVM: Allow cross page reads and writes from cached translations. 2013-04-07 13:05:35 +03:00
lguest Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-21 18:06:55 -08:00
lib x86-64: Fix the failure case in copy_user_handle_tail() 2013-03-18 11:32:03 -07:00
math-emu
mm x86: Do not try to sync identity map for non-mapped pages 2013-03-07 13:23:28 -08:00
net x86: bpf_jit_comp: add pkt_type support 2013-01-30 22:38:34 -05:00
oprofile oprofile, x86: Fix wrapping bug in op_x86_get_ctrl() 2012-10-15 14:38:24 +02:00
pci Bug-fixes: 2013-03-03 14:22:53 -08:00
platform Merge branch 'x86-efi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-27 16:17:42 -08:00
power perf,x86: fix kernel crash with PEBS/BTS after suspend/resume 2013-03-15 09:26:35 -07:00
realmode Merge remote-tracking branch 'origin/x86/mm' into x86/mm2 2013-02-01 02:28:36 -08:00
syscalls fix compat truncate/ftruncate 2013-02-25 09:24:55 -05:00
tools Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-05 07:57:09 +11:00
um Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2013-02-23 18:50:11 -08:00
vdso timers/x86/hpet: Use HPET_COUNTER to specify the hpet counter in vread_hpet() 2013-02-15 12:13:18 +01:00
video
xen x86: Use a read-only IDT alias on all CPUs 2013-04-11 13:53:19 -07:00
.gitignore
Kbuild
Kconfig Select VIRT_TO_BUS directly where needed 2013-03-12 11:16:40 -07:00
Kconfig.cpu x86, 386 removal: Document Nx586 as a 386 and thus unsupported 2012-11-29 13:28:39 -08:00
Kconfig.debug
Makefile Merge branch 'x86-build-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-19 19:12:03 -08:00
Makefile_32.cpu x86, 386 removal: Remove CONFIG_M386 from Kconfig 2012-11-29 13:23:01 -08:00
Makefile.um