Re: [patch 23/60] x86/entry/64: Make cpu_entry_area.tss read-only

Mon, 04 Dec 2017 12:26:25 -0800 

On Mon, Dec 04, 2017 at 03:07:29PM +0100, Thomas Gleixner wrote:
> From: Andy Lutomirski <[email protected]>
> 
> The TSS is a fairly juicy target for exploits, and, now that the TSS
> is in the cpu_entry_area, it's no longer protected by kASLR.  Make it
> read-only on x86_64.
> 
> On x86_32, it can't be RO because it's written by the CPU during task
> switches, and we use a task gate for double faults.  I'd also be
> nervous about errata if we tried to make it RO even on configurations
> without double fault handling.
> 
> [ tglx: AMD confirmed that there is no problem on 64bit with TSS RO.  So
>       it's probably safe to assume that it's a non issue, though Intel
>       might have been creative in that area. Still waiting for
>       confirmation. ]
> 
> Signed-off-by: Andy Lutomirski <[email protected]>
> Signed-off-by: Thomas Gleixner <[email protected]>
> Cc: Kees Cook <[email protected]>
> Cc: Peter Zijlstra <[email protected]>
> Cc: Brian Gerst <[email protected]>
> Cc: David Laight <[email protected]>
> Cc: Borislav Petkov <[email protected]>
> Link: 
> https://lkml.kernel.org/r/7d2f65f86a46e3489ba996932554485c3d345632.1512109321.git.l...@kernel.org
> 
> ---
>  arch/x86/entry/entry_32.S          |    4 ++--
>  arch/x86/entry/entry_64.S          |    8 ++++----
>  arch/x86/include/asm/fixmap.h      |   13 +++++++++----
>  arch/x86/include/asm/processor.h   |   17 ++++++++---------
>  arch/x86/include/asm/switch_to.h   |    4 ++--
>  arch/x86/include/asm/thread_info.h |    2 +-
>  arch/x86/kernel/asm-offsets.c      |    5 ++---
>  arch/x86/kernel/asm-offsets_32.c   |    4 ++--
>  arch/x86/kernel/cpu/common.c       |   29 +++++++++++++++++++----------
>  arch/x86/kernel/ioport.c           |    2 +-
>  arch/x86/kernel/process.c          |    6 +++---
>  arch/x86/kernel/process_32.c       |    2 +-
>  arch/x86/kernel/process_64.c       |    2 +-
>  arch/x86/kernel/traps.c            |    4 ++--
>  arch/x86/lib/delay.c               |    4 ++--
>  arch/x86/xen/enlighten_pv.c        |    2 +-
>  16 files changed, 60 insertions(+), 48 deletions(-)

Reviewed-by: Borislav Petkov <[email protected]>

-- 
Regards/Gruss,
    Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 
(AG Nürnberg)
--

Reply via email to