AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
1882e562d3
kernel_optimize_test/arch/x86
History
Kees Cook a4866aa812 mm: Tighten x86 /dev/mem with zeroing reads 
Under CONFIG_STRICT_DEVMEM, reading System RAM through /dev/mem is
disallowed. However, on x86, the first 1MB was always allowed for BIOS
and similar things, regardless of it actually being System RAM. It was
possible for heap to end up getting allocated in low 1MB RAM, and then
read by things like x86info or dd, which would trip hardened usercopy:

usercopy: kernel memory exposure attempt detected from ffff880000090000 (dma-kmalloc-256) (4096 bytes)

This changes the x86 exception for the low 1MB by reading back zeros for
System RAM areas instead of blindly allowing them. More work is needed to
extend this to mmap, but currently mmap doesn't go through usercopy, so
hardened usercopy won't Oops the kernel.

Reported-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Tested-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
2017-04-12 11:40:23 -07:00
..
boot x86/boot: Include missing header file 2017-03-31 10:43:42 +02:00
configs x86/build/x86_64_defconfig: Enable CONFIG_R8169 2017-03-06 11:47:43 +01:00
crypto
entry Merge branch 'rebased-statx' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-03-03 11:38:56 -08:00
events sched/clock, x86/perf: Fix "perf test tsc" 2017-03-23 07:31:49 +01:00
hyperv x86/hyperv: Hide unused label 2017-03-01 10:51:40 +01:00
ia32 sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h> 2017-03-02 08:42:36 +01:00
include Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-04-02 09:27:02 -07:00
kernel Merge branch 'ras-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-04-03 08:36:24 -07:00
kvm KVM: nVMX: initialize PML fields in vmcs02 2017-04-04 16:24:43 +02:00
lguest
lib x86/mce: Fix copy/paste error in exception table entries 2017-03-22 08:43:25 +01:00
math-emu
mm mm: Tighten x86 /dev/mem with zeroing reads 2017-04-12 11:40:23 -07:00
net bpf: fix unlocking of jited image when module ronx not set 2017-02-21 13:30:14 -05:00
oprofile
pci features and fixes for 4.11 rc1 2017-03-09 12:23:30 -08:00
platform x86/platform/intel-mid: Add power button support for Merrifield 2017-03-13 22:08:28 +01:00
power
purgatory kasan: do not sanitize kexec purgatory 2017-03-31 17:13:30 -07:00
ras
realmode
tools
um sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
video
xen sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
.gitignore
Kbuild
Kconfig The usual collection of new drivers, non-critical fixes, and updates 2017-02-25 14:28:06 -08:00
Kconfig.cpu
Kconfig.debug mm: add arch-independent testcases for RODATA 2017-02-27 18:43:48 -08:00
Makefile x86/build: Mostly disable '-maccumulate-outgoing-args' 2017-03-30 11:53:04 +02:00
Makefile_32.cpu x86/build: Mostly disable '-maccumulate-outgoing-args' 2017-03-30 11:53:04 +02:00
Makefile.um