1. 08 Nov, 2019 1 commit
  2. 20 Feb, 2019 1 commit
  3. 02 Aug, 2018 1 commit
    • Russell King's avatar
      ARM: vfp: use __copy_from_user() when restoring VFP state · 42019fc5
      Russell King authored
      __get_user_error() is used as a fast accessor to make copying structure
      members in the signal handling path as efficient as possible.  However,
      with software PAN and the recent Spectre variant 1, the efficiency is
      reduced as these are no longer fast accessors.
      In the case of software PAN, it has to switch the domain register around
      each access, and with Spectre variant 1, it would have to repeat the
      access_ok() check for each access.
      Use __copy_from_user() rather than __get_user_err() for individual
      members when restoring VFP state.
      Acked-by: default avatarMark Rutland <mark.rutland@arm.com>
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
  4. 09 Jan, 2018 1 commit
  5. 17 Sep, 2017 1 commit
  6. 08 Jul, 2017 1 commit
    • Thomas Garnier's avatar
      arm/syscalls: Check address limit on user-mode return · 73ac5d6a
      Thomas Garnier authored
      Ensure the address limit is a user-mode segment before returning to
      user-mode. Otherwise a process can corrupt kernel-mode memory and
      elevate privileges [1].
      The set_fs function sets the TIF_SETFS flag to force a slow path on
      return. In the slow path, the address limit is checked to be USER_DS if
      The TIF_SETFS flag is added to _TIF_WORK_MASK shifting _TIF_SYSCALL_WORK
      for arm instruction immediate support. The global work mask is too big
      to used on a single instruction so adapt ret_fast_syscall.
      [1] https://bugs.chromium.org/p/project-zero/issues/detail?id=990
      Signed-off-by: default avatarThomas Garnier <thgarnie@google.com>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: kernel-hardening@lists.openwall.com
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: David Howells <dhowells@redhat.com>
      Cc: Dave Hansen <dave.hansen@intel.com>
      Cc: Miroslav Benes <mbenes@suse.cz>
      Cc: Chris Metcalf <cmetcalf@mellanox.com>
      Cc: Pratyush Anand <panand@redhat.com>
      Cc: Russell King <linux@armlinux.org.uk>
      Cc: Petr Mladek <pmladek@suse.com>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: linux-arm-kernel@lists.infradead.org
      Cc: Will Drewry <wad@chromium.org>
      Cc: linux-api@vger.kernel.org
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Link: http://lkml.kernel.org/r/20170615011203.144108-2-thgarnie@google.com
  7. 11 Sep, 2015 1 commit
  8. 25 Aug, 2015 1 commit
  9. 21 Aug, 2015 1 commit
    • Russell King's avatar
      ARM: domains: switch to keeping domain value in register · 1eef5d2f
      Russell King authored
      Rather than modifying both the domain access control register and our
      per-thread copy, modify only the domain access control register, and
      use the per-thread copy to save and restore the register over context
      switches.  We can also avoid the explicit initialisation of the
      init thread_info structure.
      This allows us to avoid needing to gain access to the thread information
      at the uaccess control sites.
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
  10. 12 Apr, 2015 1 commit
  11. 13 Feb, 2015 1 commit
    • Andy Lutomirski's avatar
      all arches, signal: move restart_block to struct task_struct · f56141e3
      Andy Lutomirski authored
      If an attacker can cause a controlled kernel stack overflow, overwriting
      the restart block is a very juicy exploit target.  This is because the
      restart_block is held in the same memory allocation as the kernel stack.
      Moving the restart block to struct task_struct prevents this exploit by
      making the restart_block harder to locate.
      Note that there are other fields in thread_info that are also easy
      targets, at least on some architectures.
      It's also a decent simplification, since the restart code is more or less
      identical on all architectures.
      [james.hogan@imgtec.com: metag: align thread_info::supervisor_stack]
      Signed-off-by: default avatarAndy Lutomirski <luto@amacapital.net>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: David Miller <davem@davemloft.net>
      Acked-by: default avatarRichard Weinberger <richard@nod.at>
      Cc: Richard Henderson <rth@twiddle.net>
      Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
      Cc: Matt Turner <mattst88@gmail.com>
      Cc: Vineet Gupta <vgupta@synopsys.com>
      Cc: Russell King <rmk@arm.linux.org.uk>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Haavard Skinnemoen <hskinnemoen@gmail.com>
      Cc: Hans-Christian Egtvedt <egtvedt@samfundet.no>
      Cc: Steven Miao <realmz6@gmail.com>
      Cc: Mark Salter <msalter@redhat.com>
      Cc: Aurelien Jacquiot <a-jacquiot@ti.com>
      Cc: Mikael Starvik <starvik@axis.com>
      Cc: Jesper Nilsson <jesper.nilsson@axis.com>
      Cc: David Howells <dhowells@redhat.com>
      Cc: Richard Kuo <rkuo@codeaurora.org>
      Cc: "Luck, Tony" <tony.luck@intel.com>
      Cc: Geert Uytterhoeven <geert@linux-m68k.org>
      Cc: Michal Simek <monstr@monstr.eu>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Jonas Bonn <jonas@southpole.se>
      Cc: "James E.J. Bottomley" <jejb@parisc-linux.org>
      Cc: Helge Deller <deller@gmx.de>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc)
      Tested-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc)
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: Chen Liqin <liqin.linux@gmail.com>
      Cc: Lennox Wu <lennox.wu@gmail.com>
      Cc: Chris Metcalf <cmetcalf@ezchip.com>
      Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
      Cc: Chris Zankel <chris@zankel.net>
      Cc: Max Filippov <jcmvbkbc@gmail.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Guenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  12. 27 Nov, 2014 1 commit
  13. 13 Nov, 2014 2 commits
  14. 01 Jul, 2014 1 commit
  15. 17 Jun, 2014 1 commit
  16. 18 Mar, 2014 1 commit
  17. 13 Nov, 2013 1 commit
  18. 20 Aug, 2013 1 commit
    • Will Deacon's avatar
      ARM: cacheflush: split user cache-flushing into interruptible chunks · 28256d61
      Will Deacon authored
      Flushing a large, non-faulting VMA from userspace can potentially result
      in a long time spent flushing the cache line-by-line without preemption
      occurring (in the case of CONFIG_PREEMPT=n).
      Whilst this doesn't affect the stability of the system, it can certainly
      affect the responsiveness and CPU availability for other tasks.
      This patch splits up the user cacheflush code so that it flushes in
      chunks of a page. After each chunk has been flushed, we may reschedule
      if appropriate and, before processing the next chunk, we allow any
      pending signals to be handled before resuming from where we left off.
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
  19. 26 Jul, 2013 1 commit
  20. 24 Jun, 2013 1 commit
  21. 03 Apr, 2013 1 commit
    • Kevin Hilman's avatar
      ARM: 7688/1: add support for context tracking subsystem · b0088480
      Kevin Hilman authored
      commit 91d1aa43
       (context_tracking: New context tracking susbsystem)
      generalized parts of the RCU userspace extended quiescent state into
      the context tracking subsystem.  Context tracking is then used
      to implement adaptive tickless (a.k.a extended nohz)
      To support the new context tracking subsystem on ARM, the user/kernel
      boundary transtions need to be instrumented.
      For exceptions and IRQs in usermode, the existing usr_entry macro is
      used to instrument the user->kernel transition.  For the return to
      usermode path, the ret_to_user* path is instrumented.  Using the
      usr_entry macro, this covers interrupts in userspace, data abort and
      prefetch abort exceptions in userspace as well as undefined exceptions
      in userspace (which is where FP emulation and VFP are handled.)
      For syscalls, the slow return path is covered by instrumenting the
      ret_to_user path.  In addition, the syscall entry point is
      instrumented which covers the user->kernel transition for both fast
      and slow syscalls, and an additional instrumentation point is added
      for the fast syscall return path (ret_fast_syscall).
      Cc: Mats Liljegren <mats.liljegren@enea.com>
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      Signed-off-by: default avatarKevin Hilman <khilman@linaro.org>
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
  22. 19 Nov, 2012 1 commit
  23. 01 Oct, 2012 1 commit
    • Al Viro's avatar
      sanitize tsk_is_polling() · 16a80163
      Al Viro authored
      Make default just return 0.  The current default (checking
      TIF_POLLING_NRFLAG) is taken to architectures that need it;
      ones that don't do polling in their idle threads don't need
      to defined TIF_POLLING_NRFLAG at all.
      ia64 defined both TS_POLLING (used by its tsk_is_polling())
      and TIF_POLLING_NRFLAG (not used at all).  Killed the latter...
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
  24. 19 Sep, 2012 1 commit
  25. 29 Aug, 2012 1 commit
  26. 28 Jul, 2012 2 commits
  27. 05 Jul, 2012 1 commit
    • Will Deacon's avatar
      ARM: 7443/1: Revert "new way of handling ERESTART_RESTARTBLOCK" · 433e2f30
      Will Deacon authored
      This reverts commit 6b5c8045
      The new syscall restarting code can lead to problems if we take an
      interrupt in userspace just before restarting the svc instruction. If
      a signal is delivered when returning from the interrupt, the
      TIF_SYSCALL_RESTARTSYS will remain set and cause any syscalls executed
      from the signal handler to be treated as a restart of the previously
      interrupted system call. This includes the final sigreturn call, meaning
      that we may fail to exit from the signal context. Furthermore, if a
      system call made from the signal handler requires a restart via the
      restart_block, it is possible to clear the thread flag and fail to
      restart the originally interrupted system call.
      The right solution to this problem is to perform the restarting in the
      kernel, avoiding the possibility of handling a further signal before the
      restart is complete. Since we're almost at -rc6, let's revert the new
      method for now and aim for in-kernel restarting at a later date.
      Acked-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
  28. 21 May, 2012 3 commits
  29. 23 Apr, 2012 1 commit
  30. 17 Apr, 2012 1 commit
  31. 17 Jan, 2012 1 commit
    • Nathaniel Husted's avatar
      Kernel: Audit Support For The ARM Platform · 29ef73b7
      Nathaniel Husted authored
      This patch provides functionality to audit system call events on the
      ARM platform. The implementation was based off the structure of the
      MIPS platform and information in this
      mailing list thread. The required audit_syscall_exit and
      audit_syscall_entry checks were added to ptrace using the standard
      registers for system call values (r0 through r3). A thread information
      flag was added for auditing (TIF_SYSCALL_AUDIT) and a meta-flag was
      added (_TIF_SYSCALL_WORK) to simplify modifications to the syscall
      entry/exit. Now, if either the TRACE flag is set or the AUDIT flag is
      set, the syscall_trace function will be executed. The prober changes
      were made to Kconfig to allow CONFIG_AUDITSYSCALL to be enabled.
      Due to platform availability limitations, this patch was only tested
      on the Android platform running the modified "android-goldfish-2.6.29"
      kernel. A test compile was performed using Code Sourcery's
      cross-compilation toolset and the current linux-3.0 stable kernel. The
      changes compile without error. I'm hoping, due to the simple modifications,
      the patch is "obviously correct".
      Signed-off-by: default avatarNathaniel Husted <nhusted@gmail.com>
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
  32. 21 Nov, 2011 1 commit
  33. 02 Oct, 2010 1 commit
  34. 14 May, 2010 1 commit
  35. 15 Feb, 2010 1 commit
  36. 02 Sep, 2009 1 commit