diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-21781/0001-ARM-ensure-the-signal-page-contains-defined-contents.patch')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-21781/0001-ARM-ensure-the-signal-page-contains-defined-contents.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-21781/0001-ARM-ensure-the-signal-page-contains-defined-contents.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-21781/0001-ARM-ensure-the-signal-page-contains-defined-contents.patch new file mode 100644 index 000000000..98597243e --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-21781/0001-ARM-ensure-the-signal-page-contains-defined-contents.patch @@ -0,0 +1,52 @@ +From f49bff85b6dbb60a410c7f7dc53b52ee1dc22470 Mon Sep 17 00:00:00 2001 +From: Russell King <rmk+kernel@armlinux.org.uk> +Date: Fri, 29 Jan 2021 10:19:07 +0000 +Subject: [PATCH] ARM: ensure the signal page contains defined contents + +[ Upstream commit 9c698bff66ab4914bb3d71da7dc6112519bde23e ] + +Ensure that the signal page contains our poison instruction to increase +the protection against ROP attacks and also contains well defined +contents. + +Acked-by: Will Deacon <will@kernel.org> +Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk> +Signed-off-by: Sasha Levin <sashal@kernel.org> +--- + arch/arm/kernel/signal.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c +index ab2568996ddb..c01f76cd0242 100644 +--- a/arch/arm/kernel/signal.c ++++ b/arch/arm/kernel/signal.c +@@ -694,18 +694,20 @@ struct page *get_signal_page(void) + + addr = page_address(page); + ++ /* Poison the entire page */ ++ memset32(addr, __opcode_to_mem_arm(0xe7fddef1), ++ PAGE_SIZE / sizeof(u32)); ++ + /* Give the signal return code some randomness */ + offset = 0x200 + (get_random_int() & 0x7fc); + signal_return_offset = offset; + +- /* +- * Copy signal return handlers into the vector page, and +- * set sigreturn to be a pointer to these. +- */ ++ /* Copy signal return handlers into the page */ + memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes)); + +- ptr = (unsigned long)addr + offset; +- flush_icache_range(ptr, ptr + sizeof(sigreturn_codes)); ++ /* Flush out all instructions in this page */ ++ ptr = (unsigned long)addr; ++ flush_icache_range(ptr, ptr + PAGE_SIZE); + + return page; + } +-- +2.17.1 + |