Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_htc_msm8960 / 8c45daaa716f3b93feca747bfd0ee895d55e8031^! / . / arch / arm / kernel / traps.c
commit8c45daaa716f3b93feca747bfd0ee895d55e8031[log] [tgz]
authorRussell King <rmk+kernel@arm.linux.org.uk>Tue Jul 23 18:37:00 2013 +0100
committerJoonwoo Park <joonwoop@codeaurora.org>Thu Dec 05 10:20:47 2013 -0800
tree2478577f6b47b4e7ca82be64efc233bfcb9cdb2d
parent8aab1b7aabd1a39b95adc7374d0e6941c11acfe8 [diff] [blame]
ARM: allow kuser helpers to be removed from the vector page

Provide a kernel configuration option to allow the kernel user helpers
to be removed from the vector page, thereby preventing their use with
ROP (return orientated programming) attacks.  This option is only
visible for CPU architectures which natively support all the operations
which kernel user helpers would normally provide, and must be enabled
with caution.

Change-Id: Ic118b6951f4abca53ceb22b5a768ddad2ceb22b6
Cc: <stable@vger.kernel.org>
Acked-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Git-commit: f6f91b0d9fd971c630cef908dde8fe8795aefbf8
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
[joonwoop@codeaurora.org: fixed merge conflict]
CRs-fixed: 561044
Signed-off-by: Joonwoo Park <joonwoop@codeaurora.org>

diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
index d9eeeb1..da8bdeb 100644
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c

@@ -812,23 +812,32 @@
 	return;
 }
 
-static void __init kuser_get_tls_init(unsigned long vectors)
+#ifdef CONFIG_KUSER_HELPERS
+static void __init kuser_init(void *vectors)
 {
+	extern char __kuser_helper_start[], __kuser_helper_end[];
+	int kuser_sz = __kuser_helper_end - __kuser_helper_start;
+
+	memcpy(vectors + 0x1000 - kuser_sz, __kuser_helper_start, kuser_sz);
+
 	/*
 	 * vectors + 0xfe0 = __kuser_get_tls
 	 * vectors + 0xfe8 = hardware TLS instruction at 0xffff0fe8
 	 */
 	if (tls_emu || has_tls_reg)
-		memcpy((void *)vectors + 0xfe0, (void *)vectors + 0xfe8, 4);
+		memcpy(vectors + 0xfe0, vectors + 0xfe8, 4);
 }
+#else
+static void __init kuser_init(void *vectors)
+{
+}
+#endif
 
 void __init early_trap_init(void *vectors_base)
 {
 	unsigned long vectors = (unsigned long)vectors_base;
 	extern char __stubs_start[], __stubs_end[];
 	extern char __vectors_start[], __vectors_end[];
-	extern char __kuser_helper_start[], __kuser_helper_end[];
-	int kuser_sz = __kuser_helper_end - __kuser_helper_start;
 	unsigned i;
 
 	vectors_page = vectors_base;
@@ -849,12 +858,8 @@
 	 */
 	memcpy((void *)vectors, __vectors_start, __vectors_end - __vectors_start);
 	memcpy((void *)vectors + 0x1000, __stubs_start, __stubs_end - __stubs_start);
-	memcpy((void *)vectors + 0x1000 - kuser_sz, __kuser_helper_start, kuser_sz);
 
-	/*
-	 * Do processor specific fixups for the kuser helpers
-	 */
-	kuser_get_tls_init(vectors);
+	kuser_init(vectors_base);
 
 	flush_icache_range(vectors, vectors + PAGE_SIZE * 2);
 	modify_domain(DOMAIN_USER, DOMAIN_CLIENT);