leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a4866aa812
linux/arch
History
Kees Cook a4866aa812 mm: Tighten x86 /dev/mem with zeroing reads 
Under CONFIG_STRICT_DEVMEM, reading System RAM through /dev/mem is
disallowed. However, on x86, the first 1MB was always allowed for BIOS
and similar things, regardless of it actually being System RAM. It was
possible for heap to end up getting allocated in low 1MB RAM, and then
read by things like x86info or dd, which would trip hardened usercopy:

usercopy: kernel memory exposure attempt detected from ffff880000090000 (dma-kmalloc-256) (4096 bytes)

This changes the x86 exception for the low 1MB by reading back zeros for
System RAM areas instead of blindly allowing them. More work is needed to
extend this to mmap, but currently mmap doesn't go through usercopy, so
hardened usercopy won't Oops the kernel.

Reported-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Tested-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
2017-04-12 11:40:23 -07:00
..
alpha alpha: fix stack smashing in old_adjtimex(2) 2017-04-03 01:06:53 -04:00
arc ARC udpates for 4.11-rc5 2017-04-01 10:52:19 -07:00
arm Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm 2017-04-09 09:05:25 -07:00
arm64 Revert "Revert "arm64: hugetlb: partial revert of 66b3923a1a0f"" 2017-04-07 12:27:29 +01:00
avr32 arch, mm: convert all architectures to use 5level-fixup.h 2017-03-09 11:48:47 -08:00
blackfin sched/headers: Move task->mm handling methods to <linux/sched/mm.h> 2017-03-03 01:43:28 +01:00
c6x Merge branch 'regset' (PTRACE_SETREGSET data leakage) 2017-03-29 08:55:25 -07:00
cris Merge branch 'prep-for-5level' 2017-03-10 08:59:07 -08:00
frv arch, mm: convert all architectures to use 5level-fixup.h 2017-03-09 11:48:47 -08:00
h8300 Merge branch 'regset' (PTRACE_SETREGSET data leakage) 2017-03-29 08:55:25 -07:00
hexagon arch, mm: convert all architectures to use 5level-fixup.h 2017-03-09 11:48:47 -08:00
ia64 arch, mm: convert all architectures to use 5level-fixup.h 2017-03-09 11:48:47 -08:00
m32r sched/headers: Move task->mm handling methods to <linux/sched/mm.h> 2017-03-03 01:43:28 +01:00
m68k m68k: Wire up statx 2017-03-20 11:27:28 +01:00
metag metag/usercopy: Fault handling fixes 2017-04-07 10:11:53 -07:00
microblaze arch, mm: convert all architectures to use 5level-fixup.h 2017-03-09 11:48:47 -08:00
mips Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2017-04-06 13:16:34 -07:00
mn10300 arch, mm: convert all architectures to use 5level-fixup.h 2017-03-09 11:48:47 -08:00
nios2 nios2: reserve boot memory for device tree 2017-04-02 20:13:57 -07:00
openrisc openrisc: Export symbols needed by modules 2017-03-16 00:12:57 +09:00
parisc parisc: Avoid stalled CPU warnings after system shutdown 2017-03-29 21:50:38 +02:00
powerpc powerpc fixes for 4.11 #7 2017-04-08 11:06:12 -07:00
s390 KVM fixes for v4.11-rc6 2017-04-08 01:39:43 -07:00
score Fixup for arch/score after extable.h introduction 2017-03-11 14:16:50 -08:00
sh Merge branch 'prep-for-5level' 2017-03-10 08:59:07 -08:00
sparc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc 2017-04-08 01:42:05 -07:00
tile arch, mm: convert all architectures to use 5level-fixup.h 2017-03-09 11:48:47 -08:00
um arch, mm: convert all architectures to use 5level-fixup.h 2017-03-09 11:48:47 -08:00
unicore32 arch, mm: convert all architectures to use 5level-fixup.h 2017-03-09 11:48:47 -08:00
x86 mm: Tighten x86 /dev/mem with zeroing reads 2017-04-12 11:40:23 -07:00
xtensa xtensa: wire up statx system call 2017-03-31 16:26:21 -07:00
.gitignore
Kconfig scripts/spelling.txt: add "an user" pattern and fix typo instances 2017-02-27 18:43:46 -08:00