leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
abf73988a7
linux/arch/arm64/kernel
History
Dave Martin abf73988a7 arm64: signal: Verify extra data is user-readable in sys_rt_sigreturn 
Currently sys_rt_sigreturn() verifies that the base sigframe is
readable, but no similar check is performed on the extra data to
which an extra_context record points.

This matters because the extra data will be read with the
unprotected user accessors.  However, this is not a problem at
present because the extra data base address is required to be
exactly at the end of the base sigframe.  So, there would need to
be a non-user-readable kernel address within about 59K
(SIGFRAME_MAXSZ - sizeof(struct rt_sigframe)) of some address for
which access_ok(VERIFY_READ) returns true, in order for sigreturn
to be able to read kernel memory that should be inaccessible to the
user task.  This is currently impossible due to the untranslatable
address hole between the TTBR0 and TTBR1 address ranges.

Disappearance of the hole between the TTBR0 and TTBR1 mapping
ranges would require the VA size for TTBR0 and TTBR1 to grow to at
least 55 bits, and either the disabling of tagged pointers for
userspace or enabling of tagged pointers for kernel space; none of
which is currently envisaged.

Even so, it is wrong to use the unprotected user accessors without
an accompanying access_ok() check.

To avoid the potential for future surprises, this patch does an
explicit access_ok() check on the extra data space when parsing an
extra_context record.

Fixes: 33f082614c ("arm64: signal: Allow expansion of the signal frame")
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2017-11-03 15:24:11 +00:00
..
probes arm64: introduce separated bits for mm_context_t flags 2017-08-22 18:13:04 +01:00
vdso arm64: vdso: fix clock_getres for 4GiB-aligned res 2017-10-31 09:49:33 +00:00
.gitignore
acpi_numa.c arm64/numa: avoid inconsistent information to be printed 2016-09-09 14:59:08 +01:00
acpi_parking_protocol.c arm64: fix endianness annotation in acpi_parking_protocol.c 2017-06-29 11:33:15 +01:00
acpi.c ACPI / boot: Correct address space of __acpi_map_table() 2017-07-24 22:47:56 +02:00
alternative.c arm64: fix endianness annotation for __apply_alternatives()/get_alt_insn() 2017-06-29 16:32:43 +01:00
arm64ksyms.c arm64: switch to RAW_COPY_USER 2017-03-28 18:23:24 -04:00
armv8_deprecated.c arm64: Fix single stepping in kernel traps 2017-10-25 11:57:33 +01:00
asm-offsets.c arm64: unwind: reference pt_regs via embedded stack frame 2017-08-09 14:07:13 +01:00
cacheinfo.c arm64: cacheinfo: Remove CCSIDR-based cache information probing 2017-03-20 16:16:54 +00:00
cpu_errata.c arm64: Add workaround for Cavium Thunder erratum 30115 2017-06-15 09:45:04 +01:00
cpu_ops.c arm64: Convert to using %pOF instead of full_name 2017-07-20 10:28:41 +01:00
cpu-reset.h arm64: Use __pa_symbol for kernel symbols 2017-01-12 15:05:39 +00:00
cpu-reset.S arm64: Add back cpu reset routines 2016-06-27 16:31:25 +01:00
cpufeature.c arm64: Fix single stepping in kernel traps 2017-10-25 11:57:33 +01:00
cpuidle.c arm64: kernel: Update kerneldoc for cpu_suspend() rename 2017-03-10 18:06:24 +00:00
cpuinfo.c arm64: Expose support for optional ARMv8-A features 2017-10-11 15:28:40 +01:00
crash_dump.c arm64: kdump: provide /proc/vmcore file 2017-04-05 18:31:38 +01:00
debug-monitors.c arm64: introduce an order for exceptions 2017-11-02 15:55:41 +00:00
efi-entry.S arm64: efi-entry.S: avoid open-coded adr_l 2017-01-17 17:41:14 +00:00
efi-header.S arm64: efi: split Image code and data into separate PE/COFF sections 2017-04-04 17:50:59 +01:00
efi.c efi/arm: Enable DMI/SMBIOS 2017-06-05 17:50:44 +02:00
entry32.S arm64: entry32: remove pointless register assignment 2015-07-10 16:47:13 +01:00
entry-fpsimd.S arm64: neon: Remove support for nested or hardirq kernel-mode NEON 2017-08-04 15:00:57 +01:00
entry-ftrace.S arm64: Fix static use of function graph 2017-11-03 12:05:23 +00:00
entry.S arm64: entry.S: move SError handling into a C function for future expansion 2017-11-02 15:55:41 +00:00
fpsimd.c arm64: fpsimd: Correctly annotate exception helpers called from asm 2017-11-03 15:24:11 +00:00
ftrace-mod.S arm64: ftrace: add support for far branches to dynamic ftrace 2017-06-07 11:52:02 +01:00
ftrace.c arm64: ftrace: fix !CONFIG_ARM64_MODULE_PLTS kernels 2017-06-23 18:21:13 +01:00
head.S arm64: head: Init PMSCR_EL2.{PA,PCT} when entered at EL2 without VHE 2017-10-18 12:53:32 +01:00
hibernate-asm.S arm64: Introduce raw_{d,i}cache_line_size 2016-09-09 15:03:29 +01:00
hibernate.c arm64: explicitly mask all exceptions 2017-11-02 15:55:40 +00:00
hw_breakpoint.c arm64: hw_breakpoint: fix watchpoint matching for tagged pointers 2017-05-09 17:26:40 +01:00
hyp-stub.S arm64: hyp-stub: Zero x0 on successful stub handling 2017-04-09 07:49:35 -07:00
image.h arm64 updates for 4.7: 2016-05-16 17:17:24 -07:00
insn.c arm64 updates for 4.13: 2017-07-05 17:09:27 -07:00
io.c arm64: Avoid aligning normal memory pointers in __memcpy_{to,from}io 2017-10-24 16:23:07 +01:00
irq.c arm64: add basic VMAP_STACK support 2017-08-15 18:36:04 +01:00
jump_label.c jump_label: Rename JUMP_LABEL_{EN,DIS}ABLE to JUMP_LABEL_{JMP,NOP} 2015-08-03 11:34:12 +02:00
kaslr.c arm64: kaslr: Adjust the offset to avoid Image across alignment boundary 2017-08-22 18:15:42 +01:00
kgdb.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h> 2017-03-02 08:42:36 +01:00
kuser32.S
machine_kexec.c arm64: explicitly mask all exceptions 2017-11-02 15:55:40 +00:00
Makefile arm64: remove unneeded copy to init_utsname()->machine 2017-10-02 10:13:05 +01:00
module-plts.c arm64: module: split core and init PLT sections 2017-04-26 12:31:00 +01:00
module.c arm64: fix endianness annotation for reloc_insn_movw() & reloc_insn_imm() 2017-06-29 11:09:39 +01:00
module.lds arm64: module: split core and init PLT sections 2017-04-26 12:31:00 +01:00
paravirt.c arm64: introduce CONFIG_PARAVIRT, PARAVIRT_TIME_ACCOUNTING and pv_time_ops 2015-12-21 14:40:54 +00:00
pci.c PCI: Add a generic weak pcibios_align_resource() 2017-08-02 14:53:16 -05:00
perf_callchain.c arm64: unwind: remove sp from struct stackframe 2017-08-09 14:10:29 +01:00
perf_event.c arm64: perf: add support for Cortex-A35 2017-08-10 17:46:49 +01:00
perf_regs.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h> 2017-03-02 08:42:36 +01:00
process.c arm64: traps: Pretty-print pstate in register dumps 2017-10-27 16:26:58 +01:00
psci.c arm64: Use __pa_symbol for kernel symbols 2017-01-12 15:05:39 +00:00
ptrace.c Merge branch 'arm64/vmap-stack' of git://git.kernel.org/pub/scm/linux/kernel/git/mark/linux into for-next/core 2017-08-15 18:40:58 +01:00
reloc_test_core.c arm64: relocation testing module 2017-04-04 17:03:32 +01:00
reloc_test_syms.S arm64: relocation testing module 2017-04-04 17:03:32 +01:00
relocate_kernel.S arm64: Introduce raw_{d,i}cache_line_size 2016-09-09 15:03:29 +01:00
return_address.c arm64: unwind: remove sp from struct stackframe 2017-08-09 14:10:29 +01:00
setup.c arm64: Move the async/fiq helpers to explicitly set process context flags 2017-11-02 15:55:41 +00:00
signal32.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2017-09-11 18:34:47 -07:00
signal.c arm64: signal: Verify extra data is user-readable in sys_rt_sigreturn 2017-11-03 15:24:11 +00:00
sleep.S arm64: move sp_el0 and tpidr_el1 into cpu_suspend_ctx 2016-11-11 18:25:44 +00:00
smccc-call.S firmware: qcom: scm: Fix interrupted SCM calls 2017-02-03 18:46:33 +00:00
smp_spin_table.c arm64: Use __pa_symbol for kernel symbols 2017-01-12 15:05:39 +00:00
smp.c arm64: Move the async/fiq helpers to explicitly set process context flags 2017-11-02 15:55:41 +00:00
stacktrace.c arm64: stacktrace: avoid listing stacktrace functions in stacktrace 2017-09-13 18:53:16 -07:00
suspend.c arm64: explicitly mask all exceptions 2017-11-02 15:55:40 +00:00
sys32.c arm64: fix implementation of mmap2 compat syscall 2015-03-19 10:43:51 +00:00
sys_compat.c sched/headers: Prepare for the reduction of <linux/sched.h>'s signal API dependency 2017-03-02 08:42:37 +01:00
sys.c arm64: compat: Check for AArch32 state 2016-04-20 12:22:42 +01:00
time.c arm64: unwind: remove sp from struct stackframe 2017-08-09 14:10:29 +01:00
topology.c arm64: Convert to using %pOF instead of full_name 2017-07-20 10:28:41 +01:00
trace-events-emulation.h arm64: Trace emulation of AArch32 legacy instructions 2014-11-20 16:35:02 +00:00
traps.c arm64: entry.S: move SError handling into a C function for future expansion 2017-11-02 15:55:41 +00:00
vdso.c arm64/vdso: Support mremap() for vDSO 2017-08-09 12:16:28 +01:00
vmlinux.lds.S arm64: add basic VMAP_STACK support 2017-08-15 18:36:04 +01:00