From: Gerald Schaefer <gerald.schaefer@de.ibm.com>
To: Sven Schnelle <svens@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: linux390-list@tuxmaker.boeblingen.de.ibm.com, stable@vger.kernel.org
Subject: Re: [PATCH v2] s390: prevent leaking kernel address in BEAR
Date: Fri, 24 Jan 2020 17:50:24 +0100 [thread overview]
Message-ID: <20200124175024.6ebfc8c4@thinkpad> (raw)
In-Reply-To: <20200124122515.80348-1-svens@linux.ibm.com>
On Fri, 24 Jan 2020 13:25:15 +0100
Sven Schnelle <svens@linux.ibm.com> wrote:
> When userspace executes a syscall or gets interrupted,
> BEAR contains a kernel address when returning to userspace.
> This make it pretty easy to figure out where the kernel is
> mapped even with KASLR enabled. To fix this, add lpswe to
> lowcore and always execute it there, so userspace sees only
> the lowcore address of lpswe. For this we have to extend
> both critical_cleanup and the SWITCH_ASYNC macro to also check
> for lpswe addresses in lowcore.
>
> Fixes: b2d24b97b2a9 ("s390/kernel: add support for kernel address space layout randomization (KASLR)")
> Cc: <stable@vger.kernel.org> # v5.2+
> Signed-off-by: Sven Schnelle <svens@linux.ibm.com>
> ---
Looks good,
Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
I think you can push to devel, but this should hang around a bit before
sending upstream (@Vasily). Maybe at least wait until Heiko can also
have a look.
Since the small extra window for critical section cleanup introduced by
the lowcore lpswe is hit surprisingly easy and often, this will get some
good testing on devel branch.
prev parent reply other threads:[~2020-01-24 16:50 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-24 12:25 [PATCH v2] s390: prevent leaking kernel address in BEAR Sven Schnelle
2020-01-24 16:50 ` Gerald Schaefer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200124175024.6ebfc8c4@thinkpad \
--to=gerald.schaefer@de.ibm.com \
--cc=gor@linux.ibm.com \
--cc=heiko.carstens@de.ibm.com \
--cc=linux390-list@tuxmaker.boeblingen.de.ibm.com \
--cc=stable@vger.kernel.org \
--cc=svens@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).