a5b9e5a2f1
The modify_ldt syscall exposes a large attack surface and is unnecessary for modern userspace. Make it optional. Signed-off-by: Andy Lutomirski <luto@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: Andrew Cooper <andrew.cooper3@citrix.com> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jan Beulich <jbeulich@suse.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Sasha Levin <sasha.levin@oracle.com> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: security@kernel.org <security@kernel.org> Cc: xen-devel <xen-devel@lists.xen.org> Link: http://lkml.kernel.org/r/a605166a771c343fd64802dece77a903507333bd.1438291540.git.luto@kernel.org [ Made MATH_EMULATION dependent on MODIFY_LDT_SYSCALL. ] Signed-off-by: Ingo Molnar <mingo@kernel.org>
36 lines
651 B
C
36 lines
651 B
C
#ifndef _ASM_X86_MMU_H
|
|
#define _ASM_X86_MMU_H
|
|
|
|
#include <linux/spinlock.h>
|
|
#include <linux/mutex.h>
|
|
|
|
/*
|
|
* The x86 doesn't have a mmu context, but
|
|
* we put the segment information here.
|
|
*/
|
|
typedef struct {
|
|
#ifdef CONFIG_MODIFY_LDT_SYSCALL
|
|
struct ldt_struct *ldt;
|
|
#endif
|
|
|
|
#ifdef CONFIG_X86_64
|
|
/* True if mm supports a task running in 32 bit compatibility mode. */
|
|
unsigned short ia32_compat;
|
|
#endif
|
|
|
|
struct mutex lock;
|
|
void __user *vdso;
|
|
|
|
atomic_t perf_rdpmc_allowed; /* nonzero if rdpmc is allowed */
|
|
} mm_context_t;
|
|
|
|
#ifdef CONFIG_SMP
|
|
void leave_mm(int cpu);
|
|
#else
|
|
static inline void leave_mm(int cpu)
|
|
{
|
|
}
|
|
#endif
|
|
|
|
#endif /* _ASM_X86_MMU_H */
|