Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20200817213750.GA25556@openwall.com>
Date: Mon, 17 Aug 2020 23:37:50 +0200
From: Solar Designer <solar@...nwall.com>
To: lkrg-users@...ts.openwall.com
Cc: Thomas Gleixner <tglx@...utronix.de>, Borislav Petkov <bp@...e.de>,
	Kees Cook <keescook@...omium.org>
Subject: Re: lkrg: Fix build LKRG for kernel 5.8+

On Wed, Aug 05, 2020 at 08:48:00PM +0200, Solar Designer wrote:
> On Wed, Aug 05, 2020 at 07:46:48PM +0200, Mikhail Morfikov wrote:
> > DKMS make.log for lkrg-0.8.1+git20200805 for kernel 5.8.0-amd64 (x86_64)
> [...]
> > ERROR: modpost: "native_write_cr4" [/var/lib/dkms/lkrg/0.8.1+git20200805/build/p_lkrg.ko] undefined!
> 
> Here's what this is about:
> 
> commit 21953ee5013d6632bee90ec89f2df59c69050db0
> Author: Thomas Gleixner <tglx@...utronix.de>
> Date:   Sun Apr 26 18:55:15 2020 +0200
> 
>     x86/cpu: Export native_write_cr4() only when CONFIG_LKTDM=m
>     
>     Modules have no business poking into this but fixing this is for later.
>     
>      [ bp: Carve out from an earlier patch. ]
>     
>     Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
>     Signed-off-by: Borislav Petkov <bp@...e.de>
>     Link: https://lkml.kernel.org/r/20200421092558.939985695@linutronix.de
> 
> where LKTDM is "Linux Kernel Dump Test Module".
> 
> We use native_write_cr4() via its wrapper __write_cr4() (in a kernel
> header file) to restore SMEP and/or SMAP if these are unexpectedly
> disabled yet kernel panic on this event is not enabled in LKRG
> configuration (by default it is enabled).
> 
> We'll need to find a way around this.

We believe we've worked around the issue:

https://github.com/openwall/lkrg/issues/1

(And yes, we're just starting to use GitHub issues now that we've moved
the project to GitHub.)

Mikhail (or/and anyone else), can you please test and confirm?

> Perhaps will just access the register directly from our own inline asm.

We ended up looking up the address of native_write_cr4 in a hackish way,
not to introduce extra CR4-writing gadgets.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.