• Sven Schnelle's avatar
    s390: prevent leaking kernel address in BEAR · 0b38b5e1
    Sven Schnelle authored
    When userspace executes a syscall or gets interrupted,
    BEAR contains a kernel address when returning to userspace.
    This make it pretty easy to figure out where the kernel is
    mapped even with KASLR enabled. To fix this, add lpswe to
    lowcore and always execute it there, so userspace sees only
    the lowcore address of lpswe. For this we have to extend
    both critical_cleanup and the SWITCH_ASYNC macro to also check
    for lpswe addresses in lowcore.
    
    Fixes: b2d24b97 ("s390/kernel: add support for kernel address space layout randomization (KASLR)")
    Cc: <stable@vger.kernel.org> # v5.2+
    Reviewed-by: default avatarGerald Schaefer <gerald.schaefer@de.ibm.com>
    Signed-off-by: default avatarSven Schnelle <svens@linux.ibm.com>
    Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
    0b38b5e1
vmem.c 10.4 KB