git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

KAISER: Kernel Address Isolation

This patch introduces our implementation of KAISER (Kernel Address Isolation to
have Side-channels Efficiently Removed), a kernel isolation technique to close
hardware side channels on kernel address information.

More information about the patch can be found on:

https://github.com/IAIK/KAISER

From: Richard Fellner <richard.fellner@student.tugraz.at>
From: Daniel Gruss <daniel.gruss@iaik.tugraz.at>
X-Subject: [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode
Date: Thu, 4 May 2017 14:26:50 +0200
Link: http://marc.info/?l=linux-kernel&m=149390087310405&w=2
Kaiser-4.10-SHA1: c4b1831d44c6144d3762ccc72f0c4e71a0c713e5

To: <linux-kernel@vger.kernel.org>
To: <kernel-hardening@lists.openwall.com>
Cc: <clementine.maurice@iaik.tugraz.at>
Cc: <moritz.lipp@iaik.tugraz.at>
Cc: Michael Schwarz <michael.schwarz@iaik.tugraz.at>
Cc: Richard Fellner <richard.fellner@student.tugraz.at>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: <kirill.shutemov@linux.intel.com>
Cc: <anders.fogh@gdata-adan.de>
After several recent works [1,2,3] KASLR on x86_64 was basically
considered dead by many researchers. We have been working on an
efficient but effective fix for this problem and found that not mapping
the kernel space when running in user mode is the solution to this
problem [4] (the corresponding paper [5] will be presented at ESSoS17).

With this RFC patch we allow anybody to configure their kernel with the
flag CONFIG_KAISER to add our defense mechanism.

If there are any questions we would love to answer them.
We also appreciate any comments!

Cheers,
Daniel (+ the KAISER team from Graz University of Technology)

[1] http://www.ieee-security.org/TC/SP2013/papers/4977a191.pdf
[2] https://www.blackhat.com/docs/us-16/materials/us-16-Fogh-Using-Undocumented-CPU-Behaviour-To-See-Into-Kernel-Mode-And-Break-KASLR-In-The-Process.pdf
[3] https://www.blackhat.com/docs/us-16/materials/us-16-Jang-Breaking-Kernel-Address-Space-Layout-Randomization-KASLR-With-Intel-TSX.pdf
[4] https://github.com/IAIK/KAISER
[5] https://gruss.cc/files/kaiser.pdf

Acked-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
CVE-2017-5754
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

author	Richard Fellner <richard.fellner@student.tugraz.at>
	Thu, 4 May 2017 12:26:50 +0000 (14:26 +0200)
committer	Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	Fri, 5 Jan 2018 18:42:15 +0000 (19:42 +0100)
commit	9ea385dcf1a08e3952b1a6f14e5a3d1be1a7b4ef
tree	d2a299d97ebc4db59d74e85addfa2c49b0477a5b	tree
parent	bbe135ff2f1a05ff4f028a413d6dd843f8212ac2	commit \| diff

arch/x86/entry/entry_64.S		diff \| blob \| blame \| history
arch/x86/entry/entry_64_compat.S		diff \| blob \| blame \| history
arch/x86/include/asm/hw_irq.h		diff \| blob \| blame \| history
arch/x86/include/asm/kaiser.h	[new file with mode: 0644]	blob
arch/x86/include/asm/pgtable.h		diff \| blob \| blame \| history
arch/x86/include/asm/pgtable_64.h		diff \| blob \| blame \| history
arch/x86/include/asm/pgtable_types.h		diff \| blob \| blame \| history
arch/x86/include/asm/processor.h		diff \| blob \| blame \| history
arch/x86/kernel/cpu/common.c		diff \| blob \| blame \| history
arch/x86/kernel/espfix_64.c		diff \| blob \| blame \| history
arch/x86/kernel/head_64.S		diff \| blob \| blame \| history
arch/x86/kernel/irqinit.c		diff \| blob \| blame \| history
arch/x86/kernel/process.c		diff \| blob \| blame \| history
arch/x86/mm/Makefile		diff \| blob \| blame \| history
arch/x86/mm/kaiser.c	[new file with mode: 0644]	blob
arch/x86/mm/pageattr.c		diff \| blob \| blame \| history
arch/x86/mm/pgtable.c		diff \| blob \| blame \| history
include/asm-generic/vmlinux.lds.h		diff \| blob \| blame \| history
include/linux/percpu-defs.h		diff \| blob \| blame \| history
init/main.c		diff \| blob \| blame \| history
kernel/fork.c		diff \| blob \| blame \| history
security/Kconfig		diff \| blob \| blame \| history