niansa-misc/linux
1
0
Fork 0
mirror of synced 2025-03-06 20:59:54 +01:00
Code Issues Projects Releases Packages Wiki Activity

ARM: ensure the signal page contains defined contents

Browse source 
Ensure that the signal page contains our poison instruction to increase
the protection against ROP attacks and also contains well defined
contents.

Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
This commit is contained in:
Russell King 2021-01-29 10:19:07 +00:00
parent 538eea5362
commit 9c698bff66
1 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
arch/arm/kernel/signal.c
View file

@ -693,18 +693,20 @@ struct page *get_signal_page(void)
addr = page_address(page); addr = page_address(page);
/* Poison the entire page */
memset32(addr, __opcode_to_mem_arm(0xe7fddef1),
PAGE_SIZE / sizeof(u32));
/* Give the signal return code some randomness */ /* Give the signal return code some randomness */
offset = 0x200 + (get_random_int() & 0x7fc); offset = 0x200 + (get_random_int() & 0x7fc);
signal_return_offset = offset; signal_return_offset = offset;
/* /* Copy signal return handlers into the page */
* Copy signal return handlers into the vector page, and
* set sigreturn to be a pointer to these.
*/
memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes)); memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes));
ptr = (unsigned long)addr + offset; /* Flush out all instructions in this page */
flush_icache_range(ptr, ptr + sizeof(sigreturn_codes)); ptr = (unsigned long)addr;
flush_icache_range(ptr, ptr + PAGE_SIZE);
return page; return page;
} }