diff options
| author | Nadav Amit <namit@vmware.com> | 2019-04-26 19:22:46 -0400 |
|---|---|---|
| committer | Ingo Molnar <mingo@kernel.org> | 2019-04-30 06:37:52 -0400 |
| commit | 4fc19708b165c1c152fa1f12f6600e66184b7786 (patch) | |
| tree | decf3f3cd8a8ab9d636cec86360843039c0eff3e /init | |
| parent | 13585fa0668c724efab9635aaeef6ec390217415 (diff) | |
x86/alternatives: Initialize temporary mm for patching
To prevent improper use of the PTEs that are used for text patching, the
next patches will use a temporary mm struct. Initailize it by copying
the init mm.
The address that will be used for patching is taken from the lower area
that is usually used for the task memory. Doing so prevents the need to
frequently synchronize the temporary-mm (e.g., when BPF programs are
installed), since different PGDs are used for the task memory.
Finally, randomize the address of the PTEs to harden against exploits
that use these PTEs.
Suggested-by: Andy Lutomirski <luto@kernel.org>
Tested-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Nadav Amit <namit@vmware.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Rik van Riel <riel@surriel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: akpm@linux-foundation.org
Cc: ard.biesheuvel@linaro.org
Cc: deneen.t.dock@intel.com
Cc: kernel-hardening@lists.openwall.com
Cc: kristen@linux.intel.com
Cc: linux_dti@icloud.com
Cc: will.deacon@arm.com
Link: https://lkml.kernel.org/r/20190426232303.28381-8-nadav.amit@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Diffstat (limited to 'init')
| -rw-r--r-- | init/main.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/init/main.c b/init/main.c index 7d4025d665eb..95dd9406ee31 100644 --- a/init/main.c +++ b/init/main.c | |||
| @@ -504,6 +504,8 @@ void __init __weak thread_stack_cache_init(void) | |||
| 504 | 504 | ||
| 505 | void __init __weak mem_encrypt_init(void) { } | 505 | void __init __weak mem_encrypt_init(void) { } |
| 506 | 506 | ||
| 507 | void __init __weak poking_init(void) { } | ||
| 508 | |||
| 507 | bool initcall_debug; | 509 | bool initcall_debug; |
| 508 | core_param(initcall_debug, initcall_debug, bool, 0644); | 510 | core_param(initcall_debug, initcall_debug, bool, 0644); |
| 509 | 511 | ||
| @@ -737,6 +739,7 @@ asmlinkage __visible void __init start_kernel(void) | |||
| 737 | taskstats_init_early(); | 739 | taskstats_init_early(); |
| 738 | delayacct_init(); | 740 | delayacct_init(); |
| 739 | 741 | ||
| 742 | poking_init(); | ||
| 740 | check_bugs(); | 743 | check_bugs(); |
| 741 | 744 | ||
| 742 | acpi_subsystem_init(); | 745 | acpi_subsystem_init(); |