summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-09-04 21:18:17 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2017-09-04 21:18:17 +0300
commit6c51e67b64d169419fb13318035bb442f9176612 (patch)
treeae6c64a9d703983f9df5f72e74419de2e388e32b /include
parente0a195b5225e1285806622cc146dc5c3312fb392 (diff)
parentcf7de27ab35172a9240f079477cae3146a182998 (diff)
downloadlinux-6c51e67b64d169419fb13318035bb442f9176612.tar.xz
Merge branch 'x86-syscall-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull syscall updates from Ingo Molnar: "Improve the security of set_fs(): we now check the address limit on a number of key platforms (x86, arm, arm64) before returning to user-space - without adding overhead to the typical system call fast path" * 'x86-syscall-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: arm64/syscalls: Check address limit on user-mode return arm/syscalls: Check address limit on user-mode return x86/syscalls: Check address limit on user-mode return
Diffstat (limited to 'include')
-rw-r--r--include/linux/syscalls.h16
1 files changed, 16 insertions, 0 deletions
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index 138c94535864..d4dfac878fab 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -207,6 +207,22 @@ extern struct trace_event_functions exit_syscall_print_funcs;
} \
static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__))
+#ifdef TIF_FSCHECK
+/*
+ * Called before coming back to user-mode. Returning to user-mode with an
+ * address limit different than USER_DS can allow to overwrite kernel memory.
+ */
+static inline void addr_limit_user_check(void)
+{
+
+ if (!test_thread_flag(TIF_FSCHECK))
+ return;
+
+ BUG_ON(!segment_eq(get_fs(), USER_DS));
+ clear_thread_flag(TIF_FSCHECK);
+}
+#endif
+
asmlinkage long sys32_quotactl(unsigned int cmd, const char __user *special,
qid_t id, void __user *addr);
asmlinkage long sys_time(time_t __user *tloc);