git.efficios.com Git - deliverable/linux.git/commit

author	Russell King <rmk+kernel@arm.linux.org.uk>
	Wed, 19 Aug 2015 19:40:41 +0000 (20:40 +0100)
committer	Russell King <rmk+kernel@arm.linux.org.uk>
	Wed, 26 Aug 2015 19:34:24 +0000 (20:34 +0100)
commit	a5e090acbf545c0a3b04080f8a488b17ec41fe02
tree	ae603e2e67bcac0564b2eba0a7771f8c5cebf352	tree \| snapshot
parent	2190fed67ba6f3e8129513929f2395843645e928	commit \| diff

ARM: software-based priviledged-no-access support

Provide a software-based implementation of the priviledged no access
support found in ARMv8.1.

Userspace pages are mapped using a different domain number from the
kernel and IO mappings.  If we switch the user domain to "no access"
when we enter the kernel, we can prevent the kernel from touching
userspace.

However, the kernel needs to be able to access userspace via the
various user accessor functions.  With the wrapping in the previous
patch, we can temporarily enable access when the kernel needs user
access, and re-disable it afterwards.

This allows us to trap non-intended accesses to userspace, eg, caused
by an inadvertent dereference of the LIST_POISON* values, which, with
appropriate user mappings setup, can be made to succeed.  This in turn
can allow use-after-free bugs to be further exploited than would
otherwise be possible.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

arch/arm/Kconfig		diff \| blob \| blame \| history
arch/arm/include/asm/assembler.h		diff \| blob \| blame \| history
arch/arm/include/asm/domain.h		diff \| blob \| blame \| history
arch/arm/include/asm/uaccess.h		diff \| blob \| blame \| history
arch/arm/kernel/process.c		diff \| blob \| blame \| history
arch/arm/kernel/swp_emulate.c		diff \| blob \| blame \| history
arch/arm/lib/csumpartialcopyuser.S		diff \| blob \| blame \| history