Merge branch 'security-fixes' into fixes

2025-01-19 18:26:31 +07:00 · 2013-08-20 00:31:33 +01:00 · 2013-08-20 00:31:33 +01:00 · e1f020371c
commit e1f020371c
parent 4f9b4fb7a2 ac124504ec
2 changed files with 8 additions and 4 deletions
--- a/arch/arm/kernel/fiq.c
+++ b/arch/arm/kernel/fiq.c
@ -89,7 +89,8 @@ void set_fiq_handler(void *start, unsigned int length)

 	memcpy(base + offset, start, length);
 	if (!cache_is_vipt_nonaliasing())
-		flush_icache_range(base + offset, offset + length);
+		flush_icache_range((unsigned long)base + offset, offset +
+				   length);
 	flush_icache_range(0xffff0000 + offset, 0xffff0000 + offset + length);
 }

--- a/arch/arm/mm/Kconfig
+++ b/arch/arm/mm/Kconfig
@ -809,15 +809,18 @@ config KUSER_HELPERS
 	  the CPU type fitted to the system.  This permits binaries to be
 	  run on ARMv4 through to ARMv7 without modification.

+	  See Documentation/arm/kernel_user_helpers.txt for details.
+
 	  However, the fixed address nature of these helpers can be used
 	  by ROP (return orientated programming) authors when creating
 	  exploits.

 	  If all of the binaries and libraries which run on your platform
 	  are built specifically for your platform, and make no use of
-	  these helpers, then you can turn this option off.  However,
-	  when such an binary or library is run, it will receive a SIGILL
-	  signal, which will terminate the program.
+	  these helpers, then you can turn this option off to hinder
+	  such exploits. However, in that case, if a binary or library
+	  relying on those helpers is run, it will receive a SIGILL signal,
+	  which will terminate the program.

 	  Say N here only if you are absolutely certain that you do not
 	  need these helpers; otherwise, the safe option is to say Y.