Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8db77dca authored by Russell King's avatar Russell King Committed by Greg Kroah-Hartman
Browse files

ARM: ensure the signal page contains defined contents 



commit 9c698bff66ab4914bb3d71da7dc6112519bde23e upstream.

Ensure that the signal page contains our poison instruction to increase
the protection against ROP attacks and also contains well defined
contents.

Acked-by: default avatarWill Deacon <will@kernel.org>
Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: default avatarNobuhiro Iwamatsu (CIP) <nobuhiro1.iwamatsu@toshiba.co.jp>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 5ed05c55

arch/arm/kernel/signal.c

+8 −6
Original line number Diff line number Diff line
@@ -625,18 +625,20 @@ struct page *get_signal_page(void) 


	addr = page_address(page);



	/* Poison the entire page */

	memset32(addr, __opcode_to_mem_arm(0xe7fddef1),

		 PAGE_SIZE / sizeof(u32));



	/* Give the signal return code some randomness */

	offset = 0x200 + (get_random_int() & 0x7fc);

	signal_return_offset = offset;



	/*

	 * Copy signal return handlers into the vector page, and

	 * set sigreturn to be a pointer to these.

	 */

	/* Copy signal return handlers into the page */

	memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes));



	ptr = (unsigned long)addr + offset;

	flush_icache_range(ptr, ptr + sizeof(sigreturn_codes));

	/* Flush out all instructions in this page */

	ptr = (unsigned long)addr;

	flush_icache_range(ptr, ptr + PAGE_SIZE);



	return page;

}