diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-09-04 21:18:17 +0300 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-09-04 21:18:17 +0300 |
commit | 6c51e67b64d169419fb13318035bb442f9176612 (patch) | |
tree | ae6c64a9d703983f9df5f72e74419de2e388e32b /include | |
parent | e0a195b5225e1285806622cc146dc5c3312fb392 (diff) | |
parent | cf7de27ab35172a9240f079477cae3146a182998 (diff) | |
download | linux-6c51e67b64d169419fb13318035bb442f9176612.tar.xz |
Merge branch 'x86-syscall-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull syscall updates from Ingo Molnar:
"Improve the security of set_fs(): we now check the address limit on a
number of key platforms (x86, arm, arm64) before returning to
user-space - without adding overhead to the typical system call fast
path"
* 'x86-syscall-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
arm64/syscalls: Check address limit on user-mode return
arm/syscalls: Check address limit on user-mode return
x86/syscalls: Check address limit on user-mode return
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/syscalls.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 138c94535864..d4dfac878fab 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -207,6 +207,22 @@ extern struct trace_event_functions exit_syscall_print_funcs; } \ static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)) +#ifdef TIF_FSCHECK +/* + * Called before coming back to user-mode. Returning to user-mode with an + * address limit different than USER_DS can allow to overwrite kernel memory. + */ +static inline void addr_limit_user_check(void) +{ + + if (!test_thread_flag(TIF_FSCHECK)) + return; + + BUG_ON(!segment_eq(get_fs(), USER_DS)); + clear_thread_flag(TIF_FSCHECK); +} +#endif + asmlinkage long sys32_quotactl(unsigned int cmd, const char __user *special, qid_t id, void __user *addr); asmlinkage long sys_time(time_t __user *tloc); |