diff options
| author | Russell King <rmk+kernel@arm.linux.org.uk> | 2015-08-19 15:40:41 -0400 |
|---|---|---|
| committer | Russell King <rmk+kernel@arm.linux.org.uk> | 2015-08-26 15:34:24 -0400 |
| commit | a5e090acbf545c0a3b04080f8a488b17ec41fe02 (patch) | |
| tree | ae603e2e67bcac0564b2eba0a7771f8c5cebf352 /arch/arm/include/asm/assembler.h | |
| parent | 2190fed67ba6f3e8129513929f2395843645e928 (diff) | |
ARM: software-based priviledged-no-access support
Provide a software-based implementation of the priviledged no access
support found in ARMv8.1.
Userspace pages are mapped using a different domain number from the
kernel and IO mappings. If we switch the user domain to "no access"
when we enter the kernel, we can prevent the kernel from touching
userspace.
However, the kernel needs to be able to access userspace via the
various user accessor functions. With the wrapping in the previous
patch, we can temporarily enable access when the kernel needs user
access, and re-disable it afterwards.
This allows us to trap non-intended accesses to userspace, eg, caused
by an inadvertent dereference of the LIST_POISON* values, which, with
appropriate user mappings setup, can be made to succeed. This in turn
can allow use-after-free bugs to be further exploited than would
otherwise be possible.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Diffstat (limited to 'arch/arm/include/asm/assembler.h')
| -rw-r--r-- | arch/arm/include/asm/assembler.h | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/arch/arm/include/asm/assembler.h b/arch/arm/include/asm/assembler.h index a91177043467..3ae0eda5e64f 100644 --- a/arch/arm/include/asm/assembler.h +++ b/arch/arm/include/asm/assembler.h | |||
| @@ -446,15 +446,45 @@ THUMB( orr \reg , \reg , #PSR_T_BIT ) | |||
| 446 | .endm | 446 | .endm |
| 447 | 447 | ||
| 448 | .macro uaccess_disable, tmp, isb=1 | 448 | .macro uaccess_disable, tmp, isb=1 |
| 449 | #ifdef CONFIG_CPU_SW_DOMAIN_PAN | ||
| 450 | /* | ||
| 451 | * Whenever we re-enter userspace, the domains should always be | ||
| 452 | * set appropriately. | ||
| 453 | */ | ||
| 454 | mov \tmp, #DACR_UACCESS_DISABLE | ||
| 455 | mcr p15, 0, \tmp, c3, c0, 0 @ Set domain register | ||
| 456 | .if \isb | ||
| 457 | instr_sync | ||
| 458 | .endif | ||
| 459 | #endif | ||
| 449 | .endm | 460 | .endm |
| 450 | 461 | ||
| 451 | .macro uaccess_enable, tmp, isb=1 | 462 | .macro uaccess_enable, tmp, isb=1 |
| 463 | #ifdef CONFIG_CPU_SW_DOMAIN_PAN | ||
| 464 | /* | ||
| 465 | * Whenever we re-enter userspace, the domains should always be | ||
| 466 | * set appropriately. | ||
| 467 | */ | ||
| 468 | mov \tmp, #DACR_UACCESS_ENABLE | ||
| 469 | mcr p15, 0, \tmp, c3, c0, 0 | ||
| 470 | .if \isb | ||
| 471 | instr_sync | ||
| 472 | .endif | ||
| 473 | #endif | ||
| 452 | .endm | 474 | .endm |
| 453 | 475 | ||
| 454 | .macro uaccess_save, tmp | 476 | .macro uaccess_save, tmp |
| 477 | #ifdef CONFIG_CPU_SW_DOMAIN_PAN | ||
| 478 | mrc p15, 0, \tmp, c3, c0, 0 | ||
| 479 | str \tmp, [sp, #S_FRAME_SIZE] | ||
| 480 | #endif | ||
| 455 | .endm | 481 | .endm |
| 456 | 482 | ||
| 457 | .macro uaccess_restore | 483 | .macro uaccess_restore |
| 484 | #ifdef CONFIG_CPU_SW_DOMAIN_PAN | ||
| 485 | ldr r0, [sp, #S_FRAME_SIZE] | ||
| 486 | mcr p15, 0, r0, c3, c0, 0 | ||
| 487 | #endif | ||
| 458 | .endm | 488 | .endm |
| 459 | 489 | ||
| 460 | .macro uaccess_save_and_disable, tmp | 490 | .macro uaccess_save_and_disable, tmp |