Cook: Security things in Linux v5.3

Kees Cook catchesup with the security improvements in the 5.3 kernel."In recent exploits, one of the steps for making the attacker's lifeeasier is to disable CPU protections like Supervisor Mode Access (andExecute) Prevention (SMAP and SMEP) by finding a way to write to CPUcontrol registers to disable these features. For example, CR4 controls SMAPand SMEP, where disabling those would let an attacker access and executeuserspace memory from kernel code again, opening up the attack to muchgreater flexibility. CR0 controls Write Protect (WP), which when disabledwould allow an attacker to write to read-only memory like the kernel codeitself. Attacks have been using the kernel's CR4 and CR0 writing functionsto make these changes (since it's easier to gain that level of executecontrol), but now the kernel will attempt to 'pin' sensitive bits in CR4and CR0 to avoid them getting disabled. This forces attacks to do more workto enact such register changes going forward."