linux/drivers
Kees Cook a4866aa812 mm: Tighten x86 /dev/mem with zeroing reads
Under CONFIG_STRICT_DEVMEM, reading System RAM through /dev/mem is
disallowed. However, on x86, the first 1MB was always allowed for BIOS
and similar things, regardless of it actually being System RAM. It was
possible for heap to end up getting allocated in low 1MB RAM, and then
read by things like x86info or dd, which would trip hardened usercopy:

usercopy: kernel memory exposure attempt detected from ffff880000090000 (dma-kmalloc-256) (4096 bytes)

This changes the x86 exception for the low 1MB by reading back zeros for
System RAM areas instead of blindly allowing them. More work is needed to
extend this to mmap, but currently mmap doesn't go through usercopy, so
hardened usercopy won't Oops the kernel.

Reported-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Tested-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
2017-04-12 11:40:23 -07:00
..
accessibility
acpi Merge branch 'acpi-scan-fixes' 2017-04-07 13:48:26 +02:00
amba
android sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> 2017-03-02 08:42:29 +01:00
ata sata_via: Enable hotplug only on VT6421 2017-04-11 09:12:18 +09:00
atm sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
auxdisplay auxdisplay: img-ascii-lcd: add missing sentinel entry in img_ascii_lcd_matches 2017-03-16 16:59:55 +09:00
base drivers core: remove assert_held_device_hotplug() 2017-03-16 16:56:19 -07:00
bcma
block nbd: replace kill_bdev() with __invalidate_device() 2017-03-24 15:42:47 -06:00
bluetooth Bluetooth: btqcomsmd: fix compile-test dependency 2017-03-22 19:22:04 -07:00
bus ARM: SoC driver updates 2017-02-23 15:57:04 -08:00
cdrom Merge branch 'for-4.11/next' into for-4.11/linus-merge 2017-02-17 14:08:19 -07:00
char mm: Tighten x86 /dev/mem with zeroing reads 2017-04-12 11:40:23 -07:00
clk Allwinner clock fixes for 4.11 2017-03-23 16:08:46 -07:00
clocksource Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-04-02 09:22:03 -07:00
connector
cpufreq Merge branches 'pm-cpufreq-fixes' and 'pm-cpuidle-fixes' 2017-03-31 23:00:53 +02:00
cpuidle cpuidle: powernv: Pass correct drv->cpumask for registration 2017-03-29 22:55:36 +02:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-04-10 09:37:43 -07:00
dax device-dax: fix debug output typo 2017-03-10 19:56:56 -08:00
dca
devfreq scripts/spelling.txt: add "followings" pattern and fix typo instances 2017-02-27 18:43:47 -08:00
dio
dma dmaengine: Fix array index out of bounds warning in __get_unmap_pool() 2017-03-14 10:11:27 +05:30
dma-buf sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
edac EDAC, pnd2_edac: Fix reported DIMM number 2017-03-26 09:36:28 +02:00
eisa
extcon extcon: int3496: Set the id pin to direction-input if necessary 2017-03-22 18:29:48 +09:00
firewire Merge branch 'idr-4.11' of git://git.infradead.org/users/willy/linux-dax 2017-02-28 20:29:41 -08:00
firmware efi/esrt: Cleanup bad memory map log messages 2017-03-17 18:53:12 +00:00
fmc
fpga fpga zynq: Use the scatterlist interface 2017-02-10 15:20:44 +01:00
fsi drivers/fsi: add driver to device matches 2017-02-10 15:19:48 +01:00
gpio ACPI / gpio: do not fall back to parsing _CRS when we get a deferral 2017-03-30 11:08:46 +02:00
gpu Merge branch 'msm-fixes-4.11-rc6' of git://people.freedesktop.org/~robclark/linux into drm-fixes 2017-04-04 10:13:40 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2017-04-11 23:35:14 -07:00
hsi sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
hv Drivers: hv: vmbus: Don't leak memory when a channel is rescinded 2017-03-16 16:42:33 +09:00
hwmon hwmon: (asus_atk0110) fix uninitialized data access 2017-03-23 12:01:57 -07:00
hwspinlock
hwtracing intel_th: pci: Add Gemini Lake support 2017-03-15 14:55:18 +02:00
i2c i2c: mux: pca954x: Add missing pca9546 definition to chip_desc 2017-03-24 12:22:18 +01:00
ide sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h> 2017-03-02 08:42:36 +01:00
idle Power management turbostat utility updates for v4.11-rc1 2017-03-02 17:41:27 -08:00
iio iio: hid-sensor-attributes: Fix sensor property setting failure. 2017-04-02 11:44:03 +01:00
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-04-11 23:51:58 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2017-03-23 19:51:06 -07:00
iommu Merge branch 'for-joerg/arm-smmu/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/will/linux into iommu/fixes 2017-03-22 23:59:56 +01:00
ipack
irqchip irqchip fixes for 4.11-rc5 2017-03-31 16:54:48 +02:00
isdn isdn: kcapi: avoid uninitialized data 2017-03-28 17:59:33 -07:00
leds sched/headers: Prepare for new header dependencies before moving code to <linux/sched/loadavg.h> 2017-03-02 08:42:27 +01:00
lguest sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
lightnvm lightnvm: set default lun range when no luns are specified 2017-02-15 08:27:21 -07:00
macintosh powerpc/pmac: Fix crash in dma-mapping.h with NULL dma_ops 2017-03-10 14:17:23 +11:00
mailbox sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
mcb
md Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2017-04-08 11:56:58 -07:00
media media fixes for v4.11-rc4 2017-03-24 13:34:16 -07:00
memory Linux 4.11-rc1 2017-03-06 08:37:53 -08:00
memstick Merge branch 'for-4.11/next' into for-4.11/linus-merge 2017-02-17 14:08:19 -07:00
message SCSI misc on 20170220 2017-02-21 11:51:42 -08:00
mfd staging/iio driver patches for 4.11-rc1 2017-02-22 12:14:01 -08:00
misc Char/Misc driver fixes for 4.11-rc4 2017-03-26 11:15:54 -07:00
mmc mmc: sdhci-of-at91: fix MMC_DDR_52 timing selection 2017-03-30 21:10:29 +02:00
mtd scripts/spelling.txt: add "disble(d)" pattern and fix typo instances 2017-03-09 17:01:09 -08:00
net nfp: fix potential use after free on xdp prog 2017-04-05 18:46:40 -07:00
nfc scripts/spelling.txt: add "omited" pattern and fix typo instances 2017-02-27 18:43:47 -08:00
ntb ntb: ntb_hw_intel: link_poll isn't clearing the pending status properly 2017-02-16 23:11:26 -05:00
nubus
nvdimm nfit, libnvdimm: fix interleave set cookie calculation 2017-03-01 00:49:42 -08:00
nvme nvmet: fix byte swap in nvmet_parse_io_cmd 2017-04-02 10:24:15 +03:00
nvmem
of DeviceTree updates for 4.11: 2017-02-22 19:23:14 -08:00
oprofile sched/headers: Prepare to move the get_task_struct()/put_task_struct() and related APIs from <linux/sched.h> to <linux/sched/task.h> 2017-03-02 08:42:40 +01:00
parisc Merge branch 'parisc-4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux 2017-03-03 16:20:06 -08:00
parport parport: fix attempt to write duplicate procfiles 2017-03-16 17:32:21 +09:00
pci PCI: dwc: Fix dw_pcie_ops NULL pointer dereference 2017-04-04 08:24:25 -05:00
pcmcia
perf sched/headers: Prepare for new header dependencies before moving code to <linux/sched/clock.h> 2017-03-02 08:42:27 +01:00
phy phy: qcom-usb-hs: Add depends on EXTCON 2017-03-09 15:29:57 +05:30
pinctrl pinctrl: core: Fix pinctrl_register_and_init() with pinctrl_enable() 2017-04-07 01:08:08 +02:00
platform platform-drivers-x86 for v4.11-2 2017-03-13 13:23:43 -07:00
pnp
power scripts/spelling.txt: add "intialization" pattern and fix typo instances 2017-02-27 18:43:47 -08:00
powercap
pps
ps3 sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> 2017-03-02 08:42:29 +01:00
ptp PTP: fix ptr_ret.cocci warnings 2017-03-20 16:25:06 +01:00
pwm pwm: Changes for v4.11-rc1 2017-03-01 09:46:02 -08:00
rapidio drivers/rapidio/devices/tsi721.c: make module parameter variable name unique 2017-03-31 17:13:30 -07:00
ras
regulator regulator: Updates for v4.11 2017-02-20 17:23:57 -08:00
remoteproc remoteproc: qcom: fix QCOM_SMD dependencies 2017-03-20 14:45:44 -07:00
reset ARM: SoC driver updates 2017-02-23 15:57:04 -08:00
rpmsg virtio, vhost: optimizations, fixes 2017-03-02 13:53:13 -08:00
rtc sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-04-05 20:17:38 -07:00
sbus
scsi Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2017-04-08 11:56:58 -07:00
sfi
sh
sn
soc sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
spi sched/headers: Prepare for new header dependencies before moving code to <uapi/linux/sched/types.h> 2017-03-02 08:42:27 +01:00
spmi
ssb
staging staging: android: ashmem: lseek failed due to no FMODE_LSEEK. 2017-04-08 12:13:11 +02:00
target tcmu: Skip Data-Out blocks before gathering Data-In buffer for BIDI case 2017-04-02 16:18:51 -07:00
tc
thermal thermal: cpu_cooling: Check OPP for errors 2017-03-13 10:06:55 +08:00
thunderbolt
tty Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-04-02 09:25:10 -07:00
uio sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
usb Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-04-11 23:51:58 -07:00
uwb uwb: i1480-dfu: fix NULL-deref at probe 2017-03-14 17:07:31 +08:00
vfio VFIO fixes for v4.11-rc4 2017-03-24 14:39:36 -07:00
vhost vhost-vsock: add pkt cancel capability 2017-03-21 14:41:46 -07:00
video sched/headers: Remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-03 01:45:16 +01:00
virt
virtio virtio_balloon: prevent uninitialized variable use 2017-03-28 20:41:28 +03:00
vlynq
vme
w1 sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> 2017-03-02 08:42:29 +01:00
watchdog watchdog: retu: restore MFD dependency 2017-03-01 06:15:10 -08:00
xen xenbus: remove transaction holder from list before freeing 2017-04-04 10:11:06 -04:00
zorro
Kconfig drivers/fsi: Add empty fsi bus definitions 2017-02-10 15:19:48 +01:00
Makefile pci-v4.11-changes 2017-02-23 11:53:22 -08:00