linux

History

Sven Schnelle 0b38b5e1d0 s390: prevent leaking kernel address in BEAR When userspace executes a syscall or gets interrupted, BEAR contains a kernel address when returning to userspace. This make it pretty easy to figure out where the kernel is mapped even with KASLR enabled. To fix this, add lpswe to lowcore and always execute it there, so userspace sees only the lowcore address of lpswe. For this we have to extend both critical_cleanup and the SWITCH_ASYNC macro to also check for lpswe addresses in lowcore. Fixes: `b2d24b97b2` ("s390/kernel: add support for kernel address space layout randomization (KASLR)") Cc: <stable@vger.kernel.org> # v5.2+ Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com> Signed-off-by: Sven Schnelle <svens@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>	2020-03-10 15:16:25 +01:00
..
asm	s390: prevent leaking kernel address in BEAR	2020-03-10 15:16:25 +01:00
uapi/asm	s390/pkey/zcrypt: Support EP11 AES secure keys	2020-01-30 13:07:56 +01:00

Sven Schnelle 0b38b5e1d0 s390: prevent leaking kernel address in BEAR

When userspace executes a syscall or gets interrupted,
BEAR contains a kernel address when returning to userspace.
This make it pretty easy to figure out where the kernel is
mapped even with KASLR enabled. To fix this, add lpswe to
lowcore and always execute it there, so userspace sees only
the lowcore address of lpswe. For this we have to extend
both critical_cleanup and the SWITCH_ASYNC macro to also check
for lpswe addresses in lowcore.

Fixes: b2d24b97b2 ("s390/kernel: add support for kernel address space layout randomization (KASLR)")
Cc: <stable@vger.kernel.org> # v5.2+
Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Sven Schnelle <svens@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>

2020-03-10 15:16:25 +01:00

asm s390: prevent leaking kernel address in BEAR 2020-03-10 15:16:25 +01:00

uapi/asm s390/pkey/zcrypt: Support EP11 AES secure keys 2020-01-30 13:07:56 +01:00