Commit 0e1b0f6a authored by Hugh Dickins's avatar Hugh Dickins Committed by Kleber Sacilotto de Souza

kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE

Kaiser only needs to map one page of the stack; and
kernel/fork.c did not build on powerpc (no __PAGE_KERNEL).
It's all cleaner if linux/kaiser.h provides kaiser_map_thread_stack()
and kaiser_unmap_thread_stack() wrappers around asm/kaiser.h's
kaiser_add_mapping() and kaiser_remove_mapping().  And use
linux/kaiser.h in init/main.c to avoid the #ifdefs there.
Acked-by: default avatarJiri Kosina <jkosina@suse.cz>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>

CVE-2017-5754
Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent bd37ead1
#ifndef _INCLUDE_KAISER_H #ifndef _LINUX_KAISER_H
#define _INCLUDE_KAISER_H #define _LINUX_KAISER_H
#ifdef CONFIG_KAISER #ifdef CONFIG_KAISER
#include <asm/kaiser.h> #include <asm/kaiser.h>
static inline int kaiser_map_thread_stack(void *stack)
{
/*
* Map that page of kernel stack on which we enter from user context.
*/
return kaiser_add_mapping((unsigned long)stack +
THREAD_SIZE - PAGE_SIZE, PAGE_SIZE, __PAGE_KERNEL);
}
static inline void kaiser_unmap_thread_stack(void *stack)
{
/*
* Note: may be called even when kaiser_map_thread_stack() failed.
*/
kaiser_remove_mapping((unsigned long)stack +
THREAD_SIZE - PAGE_SIZE, PAGE_SIZE);
}
#else #else
/* /*
* These stubs are used whenever CONFIG_KAISER is off, which * These stubs are used whenever CONFIG_KAISER is off, which
* includes architectures that support KAISER, but have it * includes architectures that support KAISER, but have it disabled.
* disabled.
*/ */
static inline void kaiser_init(void) static inline void kaiser_init(void)
{ {
} }
static inline void kaiser_remove_mapping(unsigned long start, unsigned long size) static inline int kaiser_add_mapping(unsigned long addr,
unsigned long size, unsigned long flags)
{
return 0;
}
static inline void kaiser_remove_mapping(unsigned long start,
unsigned long size)
{ {
} }
static inline int kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned long flags) static inline int kaiser_map_thread_stack(void *stack)
{ {
return 0; return 0;
} }
static inline void kaiser_unmap_thread_stack(void *stack)
{
}
#endif /* !CONFIG_KAISER */ #endif /* !CONFIG_KAISER */
#endif /* _INCLUDE_KAISER_H */ #endif /* _LINUX_KAISER_H */
...@@ -81,15 +81,13 @@ ...@@ -81,15 +81,13 @@
#include <linux/integrity.h> #include <linux/integrity.h>
#include <linux/proc_ns.h> #include <linux/proc_ns.h>
#include <linux/io.h> #include <linux/io.h>
#include <linux/kaiser.h>
#include <asm/io.h> #include <asm/io.h>
#include <asm/bugs.h> #include <asm/bugs.h>
#include <asm/setup.h> #include <asm/setup.h>
#include <asm/sections.h> #include <asm/sections.h>
#include <asm/cacheflush.h> #include <asm/cacheflush.h>
#ifdef CONFIG_KAISER
#include <asm/kaiser.h>
#endif
static int kernel_init(void *); static int kernel_init(void *);
...@@ -495,9 +493,7 @@ static void __init mm_init(void) ...@@ -495,9 +493,7 @@ static void __init mm_init(void)
pgtable_init(); pgtable_init();
vmalloc_init(); vmalloc_init();
ioremap_huge_init(); ioremap_huge_init();
#ifdef CONFIG_KAISER
kaiser_init(); kaiser_init();
#endif
} }
asmlinkage __visible void __init start_kernel(void) asmlinkage __visible void __init start_kernel(void)
......
...@@ -173,12 +173,9 @@ static struct thread_info *alloc_thread_info_node(struct task_struct *tsk, ...@@ -173,12 +173,9 @@ static struct thread_info *alloc_thread_info_node(struct task_struct *tsk,
return page ? page_address(page) : NULL; return page ? page_address(page) : NULL;
} }
extern void kaiser_remove_mapping(unsigned long start_addr, unsigned long size);
static inline void free_thread_info(struct thread_info *ti) static inline void free_thread_info(struct thread_info *ti)
{ {
#ifdef CONFIG_KAISER kaiser_unmap_thread_stack(ti);
kaiser_remove_mapping((unsigned long)ti, THREAD_SIZE);
#endif
free_kmem_pages((unsigned long)ti, THREAD_SIZE_ORDER); free_kmem_pages((unsigned long)ti, THREAD_SIZE_ORDER);
} }
# else # else
...@@ -363,7 +360,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node) ...@@ -363,7 +360,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node)
tsk->stack = ti; tsk->stack = ti;
err= kaiser_add_mapping((unsigned long)tsk->stack, THREAD_SIZE, __PAGE_KERNEL); err = kaiser_map_thread_stack(tsk->stack);
if (err) if (err)
goto free_ti; goto free_ti;
#ifdef CONFIG_SECCOMP #ifdef CONFIG_SECCOMP
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment