diff options
| author | Sven Schnelle <svens@linux.ibm.com> | 2020-01-22 13:38:22 +0100 |
|---|---|---|
| committer | Vasily Gorbik <gor@linux.ibm.com> | 2020-03-10 15:16:25 +0100 |
| commit | 0b38b5e1d0e2f361e418e05c179db05bb688bbd6 (patch) | |
| tree | e1694c41af0832e7dd737cd6f4ebea668375def9 /arch/s390/include/asm/setup.h | |
| parent | d2abfbe4652d2b49d30fe77548cf663e63d2d469 (diff) | |
| download | linux-0b38b5e1d0e2f361e418e05c179db05bb688bbd6.tar.gz linux-0b38b5e1d0e2f361e418e05c179db05bb688bbd6.tar.bz2 linux-0b38b5e1d0e2f361e418e05c179db05bb688bbd6.zip | |
s390: prevent leaking kernel address in BEAR
When userspace executes a syscall or gets interrupted,
BEAR contains a kernel address when returning to userspace.
This make it pretty easy to figure out where the kernel is
mapped even with KASLR enabled. To fix this, add lpswe to
lowcore and always execute it there, so userspace sees only
the lowcore address of lpswe. For this we have to extend
both critical_cleanup and the SWITCH_ASYNC macro to also check
for lpswe addresses in lowcore.
Fixes: b2d24b97b2a9 ("s390/kernel: add support for kernel address space layout randomization (KASLR)")
Cc: <stable@vger.kernel.org> # v5.2+
Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Sven Schnelle <svens@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Diffstat (limited to 'arch/s390/include/asm/setup.h')
| -rw-r--r-- | arch/s390/include/asm/setup.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/arch/s390/include/asm/setup.h b/arch/s390/include/asm/setup.h index b241ddb67caf..534f212753d6 100644 --- a/arch/s390/include/asm/setup.h +++ b/arch/s390/include/asm/setup.h @@ -8,6 +8,7 @@ #include <linux/bits.h> #include <uapi/asm/setup.h> +#include <linux/build_bug.h> #define EP_OFFSET 0x10008 #define EP_STRING "S390EP" @@ -162,6 +163,12 @@ static inline unsigned long kaslr_offset(void) return __kaslr_offset; } +static inline u32 gen_lpswe(unsigned long addr) +{ + BUILD_BUG_ON(addr > 0xfff); + return 0xb2b20000 | addr; +} + #else /* __ASSEMBLY__ */ #define IPL_DEVICE (IPL_DEVICE_OFFSET) |