mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-15 23:25:07 +00:00
c482feefe1
The TSS is a fairly juicy target for exploits, and, now that the TSS is in the cpu_entry_area, it's no longer protected by kASLR. Make it read-only on x86_64. On x86_32, it can't be RO because it's written by the CPU during task switches, and we use a task gate for double faults. I'd also be nervous about errata if we tried to make it RO even on configurations without double fault handling. [ tglx: AMD confirmed that there is no problem on 64-bit with TSS RO. So it's probably safe to assume that it's a non issue, though Intel might have been creative in that area. Still waiting for confirmation. ] Signed-off-by: Andy Lutomirski <luto@kernel.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Borislav Petkov <bpetkov@suse.de> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: David Laight <David.Laight@aculab.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: Eduardo Valentin <eduval@amazon.com> Cc: Greg KH <gregkh@linuxfoundation.org> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Juergen Gross <jgross@suse.com> Cc: Kees Cook <keescook@chromium.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Rik van Riel <riel@redhat.com> Cc: Will Deacon <will.deacon@arm.com> Cc: aliguori@amazon.com Cc: daniel.gruss@iaik.tugraz.at Cc: hughd@google.com Cc: keescook@google.com Link: https://lkml.kernel.org/r/20171204150606.733700132@linutronix.de Signed-off-by: Ingo Molnar <mingo@kernel.org>
102 lines
3.1 KiB
C
102 lines
3.1 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* Generate definitions needed by assembly language modules.
|
|
* This code generates raw asm output which is post-processed to extract
|
|
* and format the required data.
|
|
*/
|
|
#define COMPILE_OFFSETS
|
|
|
|
#include <linux/crypto.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/stddef.h>
|
|
#include <linux/hardirq.h>
|
|
#include <linux/suspend.h>
|
|
#include <linux/kbuild.h>
|
|
#include <asm/processor.h>
|
|
#include <asm/thread_info.h>
|
|
#include <asm/sigframe.h>
|
|
#include <asm/bootparam.h>
|
|
#include <asm/suspend.h>
|
|
|
|
#ifdef CONFIG_XEN
|
|
#include <xen/interface/xen.h>
|
|
#endif
|
|
|
|
#ifdef CONFIG_X86_32
|
|
# include "asm-offsets_32.c"
|
|
#else
|
|
# include "asm-offsets_64.c"
|
|
#endif
|
|
|
|
void common(void) {
|
|
BLANK();
|
|
OFFSET(TASK_threadsp, task_struct, thread.sp);
|
|
#ifdef CONFIG_CC_STACKPROTECTOR
|
|
OFFSET(TASK_stack_canary, task_struct, stack_canary);
|
|
#endif
|
|
|
|
BLANK();
|
|
OFFSET(TASK_TI_flags, task_struct, thread_info.flags);
|
|
OFFSET(TASK_addr_limit, task_struct, thread.addr_limit);
|
|
|
|
BLANK();
|
|
OFFSET(crypto_tfm_ctx_offset, crypto_tfm, __crt_ctx);
|
|
|
|
BLANK();
|
|
OFFSET(pbe_address, pbe, address);
|
|
OFFSET(pbe_orig_address, pbe, orig_address);
|
|
OFFSET(pbe_next, pbe, next);
|
|
|
|
#if defined(CONFIG_X86_32) || defined(CONFIG_IA32_EMULATION)
|
|
BLANK();
|
|
OFFSET(IA32_SIGCONTEXT_ax, sigcontext_32, ax);
|
|
OFFSET(IA32_SIGCONTEXT_bx, sigcontext_32, bx);
|
|
OFFSET(IA32_SIGCONTEXT_cx, sigcontext_32, cx);
|
|
OFFSET(IA32_SIGCONTEXT_dx, sigcontext_32, dx);
|
|
OFFSET(IA32_SIGCONTEXT_si, sigcontext_32, si);
|
|
OFFSET(IA32_SIGCONTEXT_di, sigcontext_32, di);
|
|
OFFSET(IA32_SIGCONTEXT_bp, sigcontext_32, bp);
|
|
OFFSET(IA32_SIGCONTEXT_sp, sigcontext_32, sp);
|
|
OFFSET(IA32_SIGCONTEXT_ip, sigcontext_32, ip);
|
|
|
|
BLANK();
|
|
OFFSET(IA32_RT_SIGFRAME_sigcontext, rt_sigframe_ia32, uc.uc_mcontext);
|
|
#endif
|
|
|
|
#ifdef CONFIG_PARAVIRT
|
|
BLANK();
|
|
OFFSET(PARAVIRT_PATCH_pv_cpu_ops, paravirt_patch_template, pv_cpu_ops);
|
|
OFFSET(PARAVIRT_PATCH_pv_irq_ops, paravirt_patch_template, pv_irq_ops);
|
|
OFFSET(PV_IRQ_irq_disable, pv_irq_ops, irq_disable);
|
|
OFFSET(PV_IRQ_irq_enable, pv_irq_ops, irq_enable);
|
|
OFFSET(PV_CPU_iret, pv_cpu_ops, iret);
|
|
OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0);
|
|
OFFSET(PV_MMU_read_cr2, pv_mmu_ops, read_cr2);
|
|
#endif
|
|
|
|
#ifdef CONFIG_XEN
|
|
BLANK();
|
|
OFFSET(XEN_vcpu_info_mask, vcpu_info, evtchn_upcall_mask);
|
|
OFFSET(XEN_vcpu_info_pending, vcpu_info, evtchn_upcall_pending);
|
|
#endif
|
|
|
|
BLANK();
|
|
OFFSET(BP_scratch, boot_params, scratch);
|
|
OFFSET(BP_secure_boot, boot_params, secure_boot);
|
|
OFFSET(BP_loadflags, boot_params, hdr.loadflags);
|
|
OFFSET(BP_hardware_subarch, boot_params, hdr.hardware_subarch);
|
|
OFFSET(BP_version, boot_params, hdr.version);
|
|
OFFSET(BP_kernel_alignment, boot_params, hdr.kernel_alignment);
|
|
OFFSET(BP_init_size, boot_params, hdr.init_size);
|
|
OFFSET(BP_pref_address, boot_params, hdr.pref_address);
|
|
OFFSET(BP_code32_start, boot_params, hdr.code32_start);
|
|
|
|
BLANK();
|
|
DEFINE(PTREGS_SIZE, sizeof(struct pt_regs));
|
|
|
|
/* Layout info for cpu_entry_area */
|
|
OFFSET(CPU_ENTRY_AREA_tss, cpu_entry_area, tss);
|
|
OFFSET(CPU_ENTRY_AREA_entry_trampoline, cpu_entry_area, entry_trampoline);
|
|
OFFSET(CPU_ENTRY_AREA_SYSENTER_stack, cpu_entry_area, SYSENTER_stack_page);
|
|
DEFINE(SIZEOF_SYSENTER_stack, sizeof(struct SYSENTER_stack));
|
|
}
|