1. 05 May, 2019 2 commits
  2. 04 May, 2019 1 commit
  3. 03 Jul, 2019 25 commits
  4. 01 Jul, 2019 2 commits
  5. 26 Jun, 2019 7 commits
  6. 23 Jun, 2019 2 commits
    • Greg Kroah-Hartman's avatar
      Merge 5.2-rc6 into char-misc-next · 8083f3d7
      Greg Kroah-Hartman authored
      We need the char-misc fixes in here as well.
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      8083f3d7
    • Kees Cook's avatar
      lkdtm: Check for SMEP clearing protections · 06b32fdb
      Kees Cook authored
      This adds an x86-specific test for pinned cr4 bits. A successful test
      will validate pinning and check the ROP-style call-middle-of-function
      defense, if needed. For example, in the case of native_write_cr4()
      looking like this:
      
      ffffffff8171bce0 <native_write_cr4>:
      ffffffff8171bce0:       48 8b 35 79 46 f2 00    mov    0xf24679(%rip),%rsi
      ffffffff8171bce7:       48 09 f7                or     %rsi,%rdi
      ffffffff8171bcea:       0f 22 e7                mov    %rdi,%cr4
      ...
      ffffffff8171bd5a:       c3                      retq
      
      The UNSET_SMEP test will jump to ffffffff8171bcea (the mov to cr4)
      instead of ffffffff8171bce0 (native_write_cr4() entry) to simulate a
      direct-call bypass attempt.
      
      Expected successful results:
      
        # echo UNSET_SMEP > /sys/kernel/debug/provoke-crash/DIRECT
        # dmesg
        [   79.594433] lkdtm: Performing direct entry UNSET_SMEP
        [   79.596459] lkdtm: trying to clear SMEP normally
        [   79.598406] lkdtm: ok: SMEP did not get cleared
        [   79.599981] lkdtm: trying to clear SMEP with call gadget
        [   79.601810] ------------[ cut here ]------------
        [   79.603421] Attempt to unpin cr4 bits: 100000; bypass attack?!
        ...
        [   79.650170] ---[ end trace 2452ca0f6126242e ]---
        [   79.650937] lkdtm: ok: SMEP removal was reverted
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      06b32fdb
  7. 22 Jun, 2019 1 commit