Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 01c7cd0e authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'x86-kaslr-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 

Pull perparatory x86 kasrl changes from Ingo Molnar:
 "This contains changes from the ongoing KASLR work, by Kees Cook.

  The main changes are the use of a read-only IDT on x86 (which
  decouples the userspace visible virtual IDT address from the physical
  address), and a rework of ELF relocation support, in preparation of
  random, boot-time kernel image relocation."

* 'x86-kaslr-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86, relocs: Refactor the relocs tool to merge 32- and 64-bit ELF
  x86, relocs: Build separate 32/64-bit tools
  x86, relocs: Add 64-bit ELF support to relocs tool
  x86, relocs: Consolidate processing logic
  x86, relocs: Generalize ELF structure names
  x86: Use a read-only IDT alias on all CPUs
parents 39b2f865 c889ba80

arch/x86/include/asm/fixmap.h

+1 −3
Original line number Diff line number Diff line
@@ -104,9 +104,7 @@ enum fixed_addresses { 
	FIX_LI_PCIA,	/* Lithium PCI Bridge A */

	FIX_LI_PCIB,	/* Lithium PCI Bridge B */

#endif

#ifdef CONFIG_X86_F00F_BUG

	FIX_F00F_IDT,	/* Virtual mapping for IDT */

#endif

	FIX_RO_IDT,	/* Virtual mapping for read-only IDT */

#ifdef CONFIG_X86_CYCLONE_TIMER

	FIX_CYCLONE_TIMER, /*cyclone timer register*/

#endif

arch/x86/kernel/cpu/intel.c

+1 −17
Original line number Diff line number Diff line
@@ -176,20 +176,6 @@ int __cpuinit ppro_with_ram_bug(void) 
	return 0;

}



#ifdef CONFIG_X86_F00F_BUG

static void __cpuinit trap_init_f00f_bug(void)

{

	__set_fixmap(FIX_F00F_IDT, __pa_symbol(idt_table), PAGE_KERNEL_RO);



	/*

	 * Update the IDT descriptor and reload the IDT so that

	 * it uses the read-only mapped virtual address.

	 */

	idt_descr.address = fix_to_virt(FIX_F00F_IDT);

	load_idt(&idt_descr);

}

#endif



static void __cpuinit intel_smp_check(struct cpuinfo_x86 *c)

{

	/* calling is from identify_secondary_cpu() ? */
@@ -218,8 +204,7 @@ static void __cpuinit intel_workarounds(struct cpuinfo_x86 *c) 
	/*

	 * All current models of Pentium and Pentium with MMX technology CPUs

	 * have the F0 0F bug, which lets nonprivileged users lock up the

	 * system.

	 * Note that the workaround only should be initialized once...

	 * system. Announce that the fault handler will be checking for it.

	 */

	clear_cpu_bug(c, X86_BUG_F00F);

	if (!paravirt_enabled() && c->x86 == 5) {
@@ -227,7 +212,6 @@ static void __cpuinit intel_workarounds(struct cpuinfo_x86 *c) 


		set_cpu_bug(c, X86_BUG_F00F);

		if (!f00f_workaround_enabled) {

			trap_init_f00f_bug();

			printk(KERN_NOTICE "Intel Pentium with F0 0F bug - workaround enabled.\n");

			f00f_workaround_enabled = 1;

		}

arch/x86/kernel/traps.c

+9 −0
Original line number Diff line number Diff line
@@ -56,6 +56,7 @@ 
#include <asm/i387.h>

#include <asm/fpu-internal.h>

#include <asm/mce.h>

#include <asm/fixmap.h>

#include <asm/mach_traps.h>



#ifdef CONFIG_X86_64
@@ -768,6 +769,14 @@ void __init trap_init(void) 
	set_bit(SYSCALL_VECTOR, used_vectors);

#endif



	/*

	 * Set the IDT descriptor to a fixed read-only location, so that the

	 * "sidt" instruction will not leak the location of the kernel, and

	 * to defend the IDT against arbitrary memory write vulnerabilities.

	 * It will be reloaded in cpu_init() */

	__set_fixmap(FIX_RO_IDT, __pa_symbol(idt_table), PAGE_KERNEL_RO);

	idt_descr.address = fix_to_virt(FIX_RO_IDT);



	/*

	 * Should be a barrier for any external CPU state:

	 */

arch/x86/tools/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -39,4 +39,5 @@ $(obj)/insn_sanity.o: $(srctree)/arch/x86/lib/insn.c $(srctree)/arch/x86/lib/ina 


HOST_EXTRACFLAGS += -I$(srctree)/tools/include

hostprogs-y	+= relocs

relocs-objs     := relocs_32.o relocs_64.o relocs_common.o

relocs: $(obj)/relocs

arch/x86/tools/relocs.c

+501 −282

File changed.

Preview size limit exceeded, changes collapsed.