• Thomas Garnier's avatar
    x86: Remap GDT tables in the fixmap section · 69218e47
    Thomas Garnier authored
    Each processor holds a GDT in its per-cpu structure. The sgdt
    instruction gives the base address of the current GDT. This address can
    be used to bypass KASLR memory randomization. With another bug, an
    attacker could target other per-cpu structures or deduce the base of
    the main memory section (PAGE_OFFSET).
    
    This patch relocates the GDT table for each processor inside the
    fixmap section. The space is reserved based on number of supported
    processors.
    
    For consistency, the remapping is done by default on 32 and 64-bit.
    
    Each processor switches to its remapped GDT at the end of
    initialization. For hibernation, the main processor returns with the
    original GDT and switches back to the remapping at completion.
    
    This patch was tested on both architectures. Hibernation and KVM were
    both tested specially for their usage of the GDT.
    
    Thanks to Boris Ostrovsky <boris.ostrovsky@oracle.com> for testing and
    recommending changes for Xen support.
    Signed-off-by: default avatarThomas Garnier <thgarnie@google.com>
    Cc: Alexander Potapenko <glider@google.com>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
    Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    Cc: Borislav Petkov <bp@suse.de>
    Cc: Chris Wilson <chris@chris-wilson.co.uk>
    Cc: Christian Borntraeger <borntraeger@de.ibm.com>
    Cc: Dmitry Vyukov <dvyukov@google.com>
    Cc: Frederic Weisbecker <fweisbec@gmail.com>
    Cc: Jiri Kosina <jikos@kernel.org>
    Cc: Joerg Roedel <joro@8bytes.org>
    Cc: Jonathan Corbet <corbet@lwn.net>
    Cc: Josh Poimboeuf <jpoimboe@redhat.com>
    Cc: Juergen Gross <jgross@suse.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Len Brown <len.brown@intel.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Lorenzo Stoakes <lstoakes@gmail.com>
    Cc: Luis R . Rodriguez <mcgrof@kernel.org>
    Cc: Matt Fleming <matt@codeblueprint.co.uk>
    Cc: Michal Hocko <mhocko@suse.com>
    Cc: Paolo Bonzini <pbonzini@redhat.com>
    Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
    Cc: Pavel Machek <pavel@ucw.cz>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Radim Krčmář <rkrcmar@redhat.com>
    Cc: Rafael J . Wysocki <rjw@rjwysocki.net>
    Cc: Rusty Russell <rusty@rustcorp.com.au>
    Cc: Stanislaw Gruszka <sgruszka@redhat.com>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Tim Chen <tim.c.chen@linux.intel.com>
    Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
    Cc: kasan-dev@googlegroups.com
    Cc: kernel-hardening@lists.openwall.com
    Cc: kvm@vger.kernel.org
    Cc: lguest@lists.ozlabs.org
    Cc: linux-doc@vger.kernel.org
    Cc: linux-efi@vger.kernel.org
    Cc: linux-mm@kvack.org
    Cc: linux-pm@vger.kernel.org
    Cc: xen-devel@lists.xenproject.org
    Cc: zijun_hu <zijun_hu@htc.com>
    Link: http://lkml.kernel.org/r/20170314170508.100882-2-thgarnie@google.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
    69218e47
vma.c 9.26 KB