Re: [PATCH v9 02/29] x86/boot: Relocate definition of the initial state of CR0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Borislav Petkov <bp@xxxxxxx>
Subject: Re: [PATCH v9 02/29] x86/boot: Relocate definition of the initial state of CR0
From: Ricardo Neri <ricardo.neri-calderon@xxxxxxxxxxxxxxx>
Date: Fri, 27 Oct 2017 12:02:19 -0700
Cc: Andy Lutomirski <luto@xxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Brian Gerst <brgerst@xxxxxxxxx>, Chris Metcalf <cmetcalf@xxxxxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Masami Hiramatsu <mhiramat@xxxxxxxxxx>, Huang Rui <ray.huang@xxxxxxx>, Jiri Slaby <jslaby@xxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, "Michael S. Tsirkin" <mst@xxxxxxxxxx>, Paul Gortmaker <paul.gortmaker@xxxxxxxxxxxxx>, Vlastimil Babka <vbabka@xxxxxxx>, Chen Yucong <slaoub@xxxxxxxxx>, "Ravi V. Shankar" <ravi.v.shankar@xxxxxxxxx>, Shuah Khan <shuah@xxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, X86 ML <x86@xxxxxxxxxx>, "Neri, Ricardo" <ricardo.neri@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxx>, Denys Vlasenko <dvlasenk@xxxxxxxxxx>, Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, linux-arch <linux-arch@xxxxxxxxxxxxxxx>, "linux-mm@xxxxxxxxx" <linux-mm@xxxxxxxxx>
In-reply-to: <20171026125513.GB12068@nazgul.tnic>
References: <1507089272-32733-1-git-send-email-ricardo.neri-calderon@linux.intel.com> <1507089272-32733-3-git-send-email-ricardo.neri-calderon@linux.intel.com> <CALCETrUced9TVsMQ=cjFfDuDfLQsZWu0GOoRCmHn4PsSwrfOdw@mail.gmail.com> <20171026090045.GA6438@nazgul.tnic> <CALCETrXw2r-HD+9SwT0ndRVX2YR-_g6BKEfDd6i0ci5q_Z4S4Q@mail.gmail.com> <20171026125513.GB12068@nazgul.tnic>
User-agent: Mutt/1.5.24 (2015-08-30)

On Thu, Oct 26, 2017 at 02:55:13PM +0200, Borislav Petkov wrote:
> On Thu, Oct 26, 2017 at 02:02:02AM -0700, Andy Lutomirski wrote:
> > I'm assuming that UMIP_REPORTED_CR0 will never change.  If CR0 gets a
> > new field that we set some day, then I assume that CR0_STATE would add
> > that bit but UMIP_REPORTED_CR0 would not.
> 
> Yeah, let's do that when it is actually needed.

Thanks Andy! I reasoned that for UMIP could report CR0_STATE a value that
is already revealed in the source code. Thus, if CR0 ever changes at run
time, an attacker could only see what is set programmatically.

BR,

Ricardo

References:
- [PATCH v9 02/29] x86/boot: Relocate definition of the initial state of CR0
  - From: Ricardo Neri
- Re: [PATCH v9 02/29] x86/boot: Relocate definition of the initial state of CR0
  - From: Andy Lutomirski
- Re: [PATCH v9 02/29] x86/boot: Relocate definition of the initial state of CR0
  - From: Borislav Petkov
- Re: [PATCH v9 02/29] x86/boot: Relocate definition of the initial state of CR0
  - From: Andy Lutomirski
- Re: [PATCH v9 02/29] x86/boot: Relocate definition of the initial state of CR0
  - From: Borislav Petkov

Prev by Date: Re: [PATCH v4 20/28] arm64/sve: Add prctl controls for userspace vector length management
Next by Date: [PATCH v10 02/18] x86/boot: Relocate definition of the initial state of CR0
Previous by thread: Re: [PATCH v9 02/29] x86/boot: Relocate definition of the initial state of CR0
Next by thread: [PATCH tip/core/rcu 1/3] membarrier: Provide register expedited private command
Index(es):
- Date
- Thread

[Index of Archives] [Linux Kernel] [Kernel Newbies] [x86 Platform Driver] [Netdev] [Linux Wireless] [Netfilter] [Bugtraq] [Linux Filesystems] [Yosemite Discussion] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Device Mapper]