linux_dsm_epyc7002/arch
Andy Lutomirski bd902c5362 x86/vdso: Disallow vvar access to vclock IO for never-used vclocks
It makes me uncomfortable that even modern systems grant every
process direct read access to the HPET.

While fixing this for real without regressing anything is a mess
(unmapping the HPET is tricky because we don't adequately track
all the mappings), we can do almost as well by tracking which
vclocks have ever been used and only allowing pages associated
with used vclocks to be faulted in.

This will cause rogue programs that try to peek at the HPET to
get SIGBUS instead on most systems.

We can't restrict faults to vclock pages that are associated
with the currently selected vclock due to a race: a process
could start to access the HPET for the first time and race
against a switch away from the HPET as the current clocksource.
We can't segfault the process trying to peek at the HPET in this
case, even though the process isn't going to do anything useful
with the data.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/e79d06295625c02512277737ab55085a498ac5d8.1451446564.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-01-12 11:59:35 +01:00
..
alpha mm: mlock: add mlock flags to enable VM_LOCKONFAULT usage 2015-11-05 19:34:48 -08:00
arc ARC: dw2 unwind: Catch Dwarf SNAFUs early 2015-12-21 14:01:49 +05:30
arm ARM: SoC fixes for 4.4-rc 2016-01-08 16:11:05 -08:00
arm64 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-12-13 12:41:10 -08:00
avr32 dmaengine updates for 4.4-rc1 2015-11-10 10:05:17 -08:00
blackfin Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-01-11 14:18:38 -08:00
c6x locking/cmpxchg, arch: Remove tas() definitions 2015-12-04 11:39:51 +01:00
cris cris: Drop reference to get_cmos_time() 2015-11-02 20:03:05 +01:00
frv locking/cmpxchg, arch: Remove tas() definitions 2015-12-04 11:39:51 +01:00
h8300 h8300 update for v4.4 2015-11-12 15:26:39 -08:00
hexagon
ia64 Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-01-11 14:18:38 -08:00
m32r m32r: add io*_rep helpers 2015-12-29 17:45:49 -08:00
m68k m68k: Wire up mlock2 2015-11-22 11:35:26 +01:00
metag Metag architecture changes for v4.4 2015-11-10 16:24:25 -08:00
microblaze Revert "scatterlist: use sg_phys()" 2015-12-15 12:54:06 -08:00
mips Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-01-06 16:15:03 -08:00
mn10300 mn10300: Select CONFIG_HAVE_UID16 to fix build failure 2015-11-30 07:01:40 -08:00
nios2 nios2: fix cache coherency 2015-11-26 22:25:58 +08:00
openrisc
parisc parisc: Fix syscall restarts 2015-12-21 10:16:18 +01:00
powerpc Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-01-11 14:18:38 -08:00
s390 Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-01-11 14:18:38 -08:00
score
sh sh64: fix __NR_fgetxattr 2015-12-12 10:15:34 -08:00
sparc net: filter: make JITs zero A for SKF_AD_ALU_XOR_X 2016-01-06 00:43:52 -05:00
tile Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-01-11 14:18:38 -08:00
um um: fix returns without va_end 2015-12-08 22:26:00 +01:00
unicore32 pwm: Changes for v4.4-rc1 2015-11-11 09:16:10 -08:00
x86 x86/vdso: Disallow vvar access to vclock IO for never-used vclocks 2016-01-12 11:59:35 +01:00
xtensa Merge branch 'for-4.4/io-poll' of git://git.kernel.dk/linux-block 2015-11-10 17:23:49 -08:00
.gitignore
Kconfig