summaryrefslogtreecommitdiff
path: root/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-21781/0001-ARM-ensure-the-signal-page-contains-defined-contents.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-21781/0001-ARM-ensure-the-signal-page-contains-defined-contents.patch')
-rw-r--r--meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-21781/0001-ARM-ensure-the-signal-page-contains-defined-contents.patch52
1 files changed, 52 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-21781/0001-ARM-ensure-the-signal-page-contains-defined-contents.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-21781/0001-ARM-ensure-the-signal-page-contains-defined-contents.patch
new file mode 100644
index 000000000..98597243e
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-21781/0001-ARM-ensure-the-signal-page-contains-defined-contents.patch
@@ -0,0 +1,52 @@
+From f49bff85b6dbb60a410c7f7dc53b52ee1dc22470 Mon Sep 17 00:00:00 2001
+From: Russell King <rmk+kernel@armlinux.org.uk>
+Date: Fri, 29 Jan 2021 10:19:07 +0000
+Subject: [PATCH] ARM: ensure the signal page contains defined contents
+
+[ Upstream commit 9c698bff66ab4914bb3d71da7dc6112519bde23e ]
+
+Ensure that the signal page contains our poison instruction to increase
+the protection against ROP attacks and also contains well defined
+contents.
+
+Acked-by: Will Deacon <will@kernel.org>
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/kernel/signal.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
+index ab2568996ddb..c01f76cd0242 100644
+--- a/arch/arm/kernel/signal.c
++++ b/arch/arm/kernel/signal.c
+@@ -694,18 +694,20 @@ struct page *get_signal_page(void)
+
+ addr = page_address(page);
+
++ /* Poison the entire page */
++ memset32(addr, __opcode_to_mem_arm(0xe7fddef1),
++ PAGE_SIZE / sizeof(u32));
++
+ /* Give the signal return code some randomness */
+ offset = 0x200 + (get_random_int() & 0x7fc);
+ signal_return_offset = offset;
+
+- /*
+- * Copy signal return handlers into the vector page, and
+- * set sigreturn to be a pointer to these.
+- */
++ /* Copy signal return handlers into the page */
+ memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes));
+
+- ptr = (unsigned long)addr + offset;
+- flush_icache_range(ptr, ptr + sizeof(sigreturn_codes));
++ /* Flush out all instructions in this page */
++ ptr = (unsigned long)addr;
++ flush_icache_range(ptr, ptr + PAGE_SIZE);
+
+ return page;
+ }
+--
+2.17.1
+
generated by cgit v1.2.3 (git 2.39.0) at 2024-06-11 17:31:16 +0300