This is a note to let you know that I've just added the patch titled
ARM: poison memory between kuser helpers
to the 3.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
arm-poison-memory-between-kuser-helpers.patch
and it can be found in the queue-3.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 5b43e7a383d69381ffe53423e46dd0fafae07da3 Mon Sep 17 00:00:00 2001
From: Russell King <rmk+kernel@xxxxxxxxxxxxxxxx>
Date: Thu, 4 Jul 2013 11:32:04 +0100
Subject: ARM: poison memory between kuser helpers
From: Russell King <rmk+kernel@xxxxxxxxxxxxxxxx>
commit 5b43e7a383d69381ffe53423e46dd0fafae07da3 upstream.
Poison the memory between each kuser helper. This ensures that any
branch between the kuser helpers will be appropriately trapped.
Acked-by: Nicolas Pitre <nico@xxxxxxxxxx>
Signed-off-by: Russell King <rmk+kernel@xxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/arm/kernel/entry-armv.S | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)
--- a/arch/arm/kernel/entry-armv.S
+++ b/arch/arm/kernel/entry-armv.S
@@ -741,6 +741,17 @@ ENDPROC(__switch_to)
#endif
.endm
+ .macro kuser_pad, sym, size
+ .if (. - \sym) & 3
+ .rept 4 - (. - \sym) & 3
+ .byte 0
+ .endr
+ .endif
+ .rept (\size - (. - \sym)) / 4
+ .word 0xe7fddef1
+ .endr
+ .endm
+
.align 5
.globl __kuser_helper_start
__kuser_helper_start:
@@ -831,18 +842,13 @@ kuser_cmpxchg64_fixup:
#error "incoherent kernel configuration"
#endif
- /* pad to next slot */
- .rept (16 - (. - __kuser_cmpxchg64)/4)
- .word 0
- .endr
-
- .align 5
+ kuser_pad __kuser_cmpxchg64, 64
__kuser_memory_barrier: @ 0xffff0fa0
smp_dmb arm
usr_ret lr
- .align 5
+ kuser_pad __kuser_memory_barrier, 32
__kuser_cmpxchg: @ 0xffff0fc0
@@ -915,13 +921,14 @@ kuser_cmpxchg32_fixup:
#endif
- .align 5
+ kuser_pad __kuser_cmpxchg, 32
__kuser_get_tls: @ 0xffff0fe0
ldr r0, [pc, #(16 - 8)] @ read TLS, set in kuser_get_tls_init
usr_ret lr
mrc p15, 0, r0, c13, c0, 3 @ 0xffff0fe8 hardware TLS code
- .rep 4
+ kuser_pad __kuser_get_tls, 16
+ .rep 3
.word 0 @ 0xffff0ff0 software TLS value, then
.endr @ pad up to __kuser_helper_version
Patches currently in stable-queue which might be from rmk+kernel@xxxxxxxxxxxxxxxx are
queue-3.10/arm-move-vector-stubs.patch
queue-3.10/arm-move-signal-handlers-into-a-vdso-like-page.patch
queue-3.10/arm-use-linker-magic-for-vectors-and-vector-stubs.patch
queue-3.10/arm-make-vectors-page-inaccessible-from-userspace.patch
queue-3.10/arm-fix-a-cockup-in-48be69a02-arm-move-signal-handlers-into-a-vdso-like-page.patch
queue-3.10/arm-allow-kuser-helpers-to-be-removed-from-the-vector-page.patch
queue-3.10/arm-poison-the-vectors-page.patch
queue-3.10/arm-update-fiq-support-for-relocation-of-vectors.patch
queue-3.10/arm-fix-nommu-builds-with-48be69a02-arm-move-signal-handlers-into-a-vdso-like-page.patch
queue-3.10/arm-poison-memory-between-kuser-helpers.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html