1. 05 May, 2014 1 commit
  2. 07 Apr, 2014 1 commit
  3. 13 Mar, 2014 1 commit
  4. 27 Feb, 2014 1 commit
  5. 24 Jan, 2014 1 commit
  6. 31 May, 2013 1 commit
  7. 12 Apr, 2013 1 commit
  8. 11 Apr, 2013 1 commit
    • Kees Cook's avatar
      x86: Use a read-only IDT alias on all CPUs · 4eefbe79
      Kees Cook authored
      
      
      Make a copy of the IDT (as seen via the "sidt" instruction) read-only.
      This primarily removes the IDT from being a target for arbitrary memory
      write attacks, and has the added benefit of also not leaking the kernel
      base offset, if it has been relocated.
      
      We already did this on vendor == Intel and family == 5 because of the
      F0 0F bug -- regardless of if a particular CPU had the F0 0F bug or
      not.  Since the workaround was so cheap, there simply was no reason to
      be very specific.  This patch extends the readonly alias to all CPUs,
      but does not activate the #PF to #UD conversion code needed to deliver
      the proper exception in the F0 0F case except on Intel family 5
      processors.
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Link: http://lkml.kernel.org/r/20130410192422.GA17344@www.outflux.net
      
      
      Cc: Eric Northup <digitaleric@google.com>
      Signed-off-by: default avatarH. Peter Anvin <hpa@linux.intel.com>
      4eefbe79
  9. 28 Nov, 2012 1 commit
  10. 18 Dec, 2011 1 commit
  11. 05 Jun, 2011 1 commit
    • Andy Lutomirski's avatar
      x86-64: Give vvars their own page · 9fd67b4e
      Andy Lutomirski authored
      
      
      Move vvars out of the vsyscall page into their own page and mark
      it NX.
      
      Without this patch, an attacker who can force a daemon to call
      some fixed address could wait until the time contains, say,
      0xCD80, and then execute the current time.
      Signed-off-by: default avatarAndy Lutomirski <luto@mit.edu>
      Cc: Jesper Juhl <jj@chaosbits.net>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Arjan van de Ven <arjan@infradead.org>
      Cc: Jan Beulich <JBeulich@novell.com>
      Cc: richard -rw- weinberger <richard.weinberger@gmail.com>
      Cc: Mikael Pettersson <mikpe@it.uu.se>
      Cc: Andi Kleen <andi@firstfloor.org>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Louis Rilling <Louis.Rilling@kerlabs.com>
      Cc: Valdis.Kletnieks@vt.edu
      Cc: pageexec@freemail.hu
      Link: http://lkml.kernel.org/r/b1460f81dc4463d66ea3f2b5ce240f58d48effec.1307292171.git.luto@mit.edu
      
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      9fd67b4e
  12. 11 Jan, 2011 1 commit
  13. 24 Nov, 2010 1 commit
  14. 11 Nov, 2010 1 commit
  15. 08 Oct, 2010 1 commit
    • Feng Tang's avatar
      x86: Add two helper macros for fixed address mapping · 5a47c7da
      Feng Tang authored
      
      
      Sometimes fixmap will be used to map an physical address which
      is not PAGE align, so to use it we need first map it and then
      add the address offset to the mapped fixed address. These 2 new
      helpers are suggested by Ingo Molnar to make the process
      simpler.
      
      For a physicall address like "phys", a directly usable virtual
      address can be get by
      	virt = (void *)set_fixmap_offset(fixed_idx, phys);
      or
      	virt = (void *)set_fixmap_offset_nocache(fixed_idx, phys);
      (depends on whether the physical address is cachable or not).
      Signed-off-by: default avatarFeng Tang <feng.tang@intel.com>
      Cc: alan@linux.intel.com
      Cc: greg@kroah.com
      Cc: x86@kernel.org
      LKML-Reference: <1284361736-23011-3-git-send-email-feng.tang@intel.com>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      5a47c7da
  16. 16 Mar, 2010 1 commit
  17. 30 Dec, 2009 1 commit
    • Jan Beulich's avatar
      x86: Lift restriction on the location of FIX_BTMAP_* · 499a5f1e
      Jan Beulich authored
      The early ioremap fixmap entries cover half (or for 32-bit
      non-PAE, a quarter) of a page table, yet they got
      uncondtitionally aligned so far to a 256-entry boundary. This is
      not necessary if the range of page table entries anyway falls
      into a single page table.
      
      This buys back, for (theoretically) 50% of all configurations
      (25% of all non-PAE ones), at least some of the lowmem
      necessarily lost with commit e621bd18
      
      .
      Signed-off-by: default avatarJan Beulich <jbeulich@novell.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      LKML-Reference: <4B2BB66F0200007800026AD6@vpn.id2.novell.com>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      499a5f1e
  18. 21 Jul, 2009 1 commit
    • Joseph Cihula's avatar
      x86, intel_txt: Intel TXT boot support · 31625340
      Joseph Cihula authored
      This patch adds kernel configuration and boot support for Intel Trusted
      Execution Technology (Intel TXT).
      
      Intel's technology for safer computing, Intel Trusted Execution
      Technology (Intel TXT), defines platform-level enhancements that
      provide the building blocks for creating trusted platforms.
      
      Intel TXT was formerly known by the code name LaGrande Technology (LT).
      
      Intel TXT in Brief:
      o  Provides dynamic root of trust for measurement (DRTM)
      o  Data protection in case of improper shutdown
      o  Measurement and verification of launched environment
      
      Intel TXT is part of the vPro(TM) brand and is also available some
      non-vPro systems.  It is currently available on desktop systems based on
      the Q35, X38, Q45, and Q43 Express chipsets (e.g. Dell Optiplex 755, HP
      dc7800, etc.) and mobile systems based on the GM45, PM45, and GS45
      Express chipsets.
      
      For more information, see http://www.intel.com/technology/security/
      
      .
      This site also has a link to the Intel TXT MLE Developers Manual, which
      has been updated for the new released platforms.
      
      A much more complete description of how these patches support TXT, how to
      configure a system for it, etc. is in the Documentation/intel_txt.txt file
      in this patch.
      
      This patch provides the TXT support routines for complete functionality,
      documentation for TXT support and for the changes to the boot_params structure,
      and boot detection of a TXT launch.  Attempts to shutdown (reboot, Sx) the system
      will result in platform resets; subsequent patches will support these shutdown modes
      properly.
      
       Documentation/intel_txt.txt      |  210 +++++++++++++++++++++
       Documentation/x86/zero-page.txt  |    1
       arch/x86/include/asm/bootparam.h |    3
       arch/x86/include/asm/fixmap.h    |    3
       arch/x86/include/asm/tboot.h     |  197 ++++++++++++++++++++
       arch/x86/kernel/Makefile         |    1
       arch/x86/kernel/setup.c          |    4
       arch/x86/kernel/tboot.c          |  379 +++++++++++++++++++++++++++++++++++++++
       security/Kconfig                 |   30 +++
       9 files changed, 827 insertions(+), 1 deletion(-)
      Signed-off-by: default avatarJoseph Cihula <joseph.cihula@intel.com>
      Signed-off-by: default avatarShane Wang <shane.wang@intel.com>
      Signed-off-by: default avatarGang Wei <gang.wei@intel.com>
      Signed-off-by: default avatarH. Peter Anvin <hpa@zytor.com>
      31625340
  19. 03 Jul, 2009 1 commit
    • Mathieu Desnoyers's avatar
      x86: Fix fixmap page order for FIX_TEXT_POKE0,1 · 12b9d7cc
      Mathieu Desnoyers authored
      
      
      Masami reported:
      
      > Since the fixmap pages are assigned higher address to lower,
      > text_poke() has to use it with inverted order (FIX_TEXT_POKE1
      > to FIX_TEXT_POKE0).
      
      I prefer to just invert the order of the fixmap declaration.
      It's simpler and more straightforward.
      
      Backward fixmaps seems to be used by both x86 32 and 64.
      
      It's really rare but a nasty bug, because it only hurts when
      instructions to patch are crossing a page boundary. If this
      happens, the fixmap write accesses will spill on the following
      fixmap, which may very well crash the system. And this does not
      crash the system, it could leave illegal instructions in place.
      Thanks Masami for finding this.
      
      It seems to have crept into the 2.6.30-rc series, so this calls
      for a -stable inclusion.
      Signed-off-by: default avatarMathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
      Acked-by: default avatarMasami Hiramatsu <mhiramat@redhat.com>
      Cc: <stable@kernel.org>
      LKML-Reference: <20090701213722.GH19926@Krystal>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      12b9d7cc
  20. 30 Jun, 2009 1 commit
    • Jan Beulich's avatar
      x86: Fix fixmap ordering · 789d03f5
      Jan Beulich authored
      
      
      The merge of the 32- and 64-bit fixmap headers made a latent
      bug on x86-64 a real one: with the right config settings
      it is possible for FIX_OHCI1394_BASE to overlap the FIX_BTMAP_*
      range.
      Signed-off-by: default avatarJan Beulich <jbeulich@novell.com>
      Cc: <stable@kernel.org> # for 2.6.30.x
      LKML-Reference: <4A4A0A8702000078000082E8@vpn.id2.novell.com>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      789d03f5
  21. 10 Apr, 2009 1 commit
  22. 09 Apr, 2009 1 commit
  23. 06 Mar, 2009 1 commit
  24. 28 Feb, 2009 1 commit
  25. 31 Oct, 2008 1 commit
  26. 23 Oct, 2008 2 commits
  27. 22 Jul, 2008 1 commit
    • Vegard Nossum's avatar
      x86: consolidate header guards · 77ef50a5
      Vegard Nossum authored
      
      
      This patch is the result of an automatic script that consolidates the
      format of all the headers in include/asm-x86/.
      
      The format:
      
      1. No leading underscore. Names with leading underscores are reserved.
      2. Pathname components are separated by two underscores. So we can
         distinguish between mm_types.h and mm/types.h.
      3. Everything except letters and numbers are turned into single
         underscores.
      Signed-off-by: default avatarVegard Nossum <vegard.nossum@gmail.com>
      77ef50a5
  28. 20 Jun, 2008 3 commits
  29. 25 Apr, 2008 1 commit
  30. 11 Oct, 2007 1 commit