• Kees Cook's avatar
    mm: Tighten x86 /dev/mem with zeroing reads · eb618d2e
    Kees Cook authored
    [ Upstream commit a4866aa8 ]
    
    Under CONFIG_STRICT_DEVMEM, reading System RAM through /dev/mem is
    disallowed. However, on x86, the first 1MB was always allowed for BIOS
    and similar things, regardless of it actually being System RAM. It was
    possible for heap to end up getting allocated in low 1MB RAM, and then
    read by things like x86info or dd, which would trip hardened usercopy:
    
    usercopy: kernel memory exposure attempt detected from ffff880000090000 (dma-kmalloc-256) (4096 bytes)
    
    This changes the x86 exception for the low 1MB by reading back zeros for
    System RAM areas instead of blindly allowing them. More work is needed to
    extend this to mmap, but currently mmap doesn't go through usercopy, so
    hardened usercopy won't Oops the kernel.
    Reported-by: default avatarTommi Rantala <tommi.t.rantala@nokia.com>
    Tested-by: default avatarTommi Rantala <tommi.t.rantala@nokia.com>
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Signed-off-by: default avatarSasha Levin <alexander.levin@verizon.com>
    eb618d2e
init.c 21.8 KB