| From 9c698bff66ab4914bb3d71da7dc6112519bde23e Mon Sep 17 00:00:00 2001 |
| From: Russell King <rmk+kernel@armlinux.org.uk> |
| Date: Fri, 29 Jan 2021 10:19:07 +0000 |
| Subject: ARM: ensure the signal page contains defined contents |
| |
| From: Russell King <rmk+kernel@armlinux.org.uk> |
| |
| commit 9c698bff66ab4914bb3d71da7dc6112519bde23e upstream. |
| |
| Ensure that the signal page contains our poison instruction to increase |
| the protection against ROP attacks and also contains well defined |
| contents. |
| |
| Acked-by: Will Deacon <will@kernel.org> |
| Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk> |
| Signed-off-by: Nobuhiro Iwamatsu (CIP) <nobuhiro1.iwamatsu@toshiba.co.jp> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| arch/arm/kernel/signal.c | 14 ++++++++------ |
| 1 file changed, 8 insertions(+), 6 deletions(-) |
| |
| --- a/arch/arm/kernel/signal.c |
| +++ b/arch/arm/kernel/signal.c |
| @@ -625,18 +625,20 @@ struct page *get_signal_page(void) |
| |
| addr = page_address(page); |
| |
| + /* Poison the entire page */ |
| + memset32(addr, __opcode_to_mem_arm(0xe7fddef1), |
| + PAGE_SIZE / sizeof(u32)); |
| + |
| /* Give the signal return code some randomness */ |
| offset = 0x200 + (get_random_int() & 0x7fc); |
| signal_return_offset = offset; |
| |
| - /* |
| - * Copy signal return handlers into the vector page, and |
| - * set sigreturn to be a pointer to these. |
| - */ |
| + /* Copy signal return handlers into the page */ |
| memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes)); |
| |
| - ptr = (unsigned long)addr + offset; |
| - flush_icache_range(ptr, ptr + sizeof(sigreturn_codes)); |
| + /* Flush out all instructions in this page */ |
| + ptr = (unsigned long)addr; |
| + flush_icache_range(ptr, ptr + PAGE_SIZE); |
| |
| return page; |
| } |
