summaryrefslogtreecommitdiff
path: root/arch/s390/kernel/process.c
diff options
context:
space:
mode:
authorSven Schnelle <svens@linux.ibm.com>2020-01-22 15:38:22 +0300
committerVasily Gorbik <gor@linux.ibm.com>2020-03-10 17:16:25 +0300
commit0b38b5e1d0e2f361e418e05c179db05bb688bbd6 (patch)
treee1694c41af0832e7dd737cd6f4ebea668375def9 /arch/s390/kernel/process.c
parentd2abfbe4652d2b49d30fe77548cf663e63d2d469 (diff)
downloadlinux-0b38b5e1d0e2f361e418e05c179db05bb688bbd6.tar.xz
s390: prevent leaking kernel address in BEAR
When userspace executes a syscall or gets interrupted, BEAR contains a kernel address when returning to userspace. This make it pretty easy to figure out where the kernel is mapped even with KASLR enabled. To fix this, add lpswe to lowcore and always execute it there, so userspace sees only the lowcore address of lpswe. For this we have to extend both critical_cleanup and the SWITCH_ASYNC macro to also check for lpswe addresses in lowcore. Fixes: b2d24b97b2a9 ("s390/kernel: add support for kernel address space layout randomization (KASLR)") Cc: <stable@vger.kernel.org> # v5.2+ Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com> Signed-off-by: Sven Schnelle <svens@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Diffstat (limited to 'arch/s390/kernel/process.c')
-rw-r--r--arch/s390/kernel/process.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c
index 6ccef5f29761..eb6e23ad15a2 100644
--- a/arch/s390/kernel/process.c
+++ b/arch/s390/kernel/process.c
@@ -106,6 +106,7 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long new_stackp,
p->thread.system_timer = 0;
p->thread.hardirq_timer = 0;
p->thread.softirq_timer = 0;
+ p->thread.last_break = 1;
frame->sf.back_chain = 0;
/* new return point is ret_from_fork */