git.baikalelectronics.ru Git - kernel.git/commit

author	Sven Schnelle <svens@linux.ibm.com>
	Wed, 22 Jan 2020 12:38:22 +0000 (13:38 +0100)
committer	Vasily Gorbik <gor@linux.ibm.com>
	Tue, 10 Mar 2020 14:16:25 +0000 (15:16 +0100)
commit	1d36ef57d3a6a0fe37b0329ab0665c7e789ee9d6
tree	e1694c41af0832e7dd737cd6f4ebea668375def9	tree \| snapshot
parent	5c13b8dd71fe547c212ba7b5d5f007bdaa3bb6a4	commit \| diff

s390: prevent leaking kernel address in BEAR

When userspace executes a syscall or gets interrupted,
BEAR contains a kernel address when returning to userspace.
This make it pretty easy to figure out where the kernel is
mapped even with KASLR enabled. To fix this, add lpswe to
lowcore and always execute it there, so userspace sees only
the lowcore address of lpswe. For this we have to extend
both critical_cleanup and the SWITCH_ASYNC macro to also check
for lpswe addresses in lowcore.

Fixes: 2296e9899f6f ("s390/kernel: add support for kernel address space layout randomization (KASLR)")
Cc: <stable@vger.kernel.org> # v5.2+
Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Sven Schnelle <svens@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>

arch/s390/include/asm/lowcore.h		diff \| blob \| history
arch/s390/include/asm/processor.h		diff \| blob \| history
arch/s390/include/asm/setup.h		diff \| blob \| history
arch/s390/kernel/asm-offsets.c		diff \| blob \| history
arch/s390/kernel/entry.S		diff \| blob \| history
arch/s390/kernel/process.c		diff \| blob \| history
arch/s390/kernel/setup.c		diff \| blob \| history
arch/s390/kernel/smp.c		diff \| blob \| history
arch/s390/mm/vmem.c		diff \| blob \| history