joel16/android_kernel_sony_msm8994
1
0
Fork 0
mirror of https://github.com/joel16/android_kernel_sony_msm8994.git synced 2024-11-23 12:10:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
428d82f4c2
android_kernel_sony_msm8994/arch
History
Kees Cook adf80ea9a0
mm: Tighten x86 /dev/mem with zeroing reads 
commit a4866aa812518ed1a37d8ea0c881dc946409de94 upstream.

Under CONFIG_STRICT_DEVMEM, reading System RAM through /dev/mem is
disallowed. However, on x86, the first 1MB was always allowed for BIOS
and similar things, regardless of it actually being System RAM. It was
possible for heap to end up getting allocated in low 1MB RAM, and then
read by things like x86info or dd, which would trip hardened usercopy:

usercopy: kernel memory exposure attempt detected from ffff880000090000 (dma-kmalloc-256) (4096 bytes)

This changes the x86 exception for the low 1MB by reading back zeros for
System RAM areas instead of blindly allowing them. More work is needed to
extend this to mmap, but currently mmap doesn't go through usercopy, so
hardened usercopy won't Oops the kernel.

Change-Id: I19f91639b3c52027034b4742b8d3c001e6890fe7
Reported-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Tested-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Brad Spengler <spender@grsecurity.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-09-02 18:04:14 +02:00
..
alpha This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
arc This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
arm Merge remote-tracking branch 'caf/LA.BF64.1.2.3_rb1.15' into HEAD 2017-09-02 17:48:55 +02:00
arm64 Merge remote-tracking branch 'caf/LA.BF64.1.2.3_rb1.12' into HEAD 2017-04-30 23:22:10 +02:00
avr32 This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
blackfin
c6x This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
cris module: remove mod arg from module_free, rename module_memfree(). 2016-09-29 03:09:02 -07:00
frv This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
h8300
hexagon arch: mm: pass userspace fault flag to generic fault handler 2014-11-21 09:22:56 -08:00
ia64 This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
m32r This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
m68k This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
metag This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
microblaze This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
mips BACKPORT: FROMLIST: mm: ASLR: use get_random_long() 2016-05-10 13:23:51 +05:30
mn10300 This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
openrisc This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
parisc This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
powerpc module: remove mod arg from module_free, rename module_memfree(). 2016-09-29 03:09:02 -07:00
s390 This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
score This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
sh This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
sparc module: remove mod arg from module_free, rename module_memfree(). 2016-09-29 03:09:02 -07:00
tile module: remove mod arg from module_free, rename module_memfree(). 2016-09-29 03:09:02 -07:00
um This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
unicore32 This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
x86 mm: Tighten x86 /dev/mem with zeroing reads 2017-09-02 18:04:14 +02:00
xtensa This is the 3.10.84 stable release 2015-08-13 14:38:09 -07:00
.gitignore
Kconfig FROMLIST: mm: mmap: Add new /proc tunable for mmap_base ASLR. 2016-05-10 13:15:41 +05:30