Commit 5b43e7a3 authored by Russell King's avatar Russell King

ARM: poison memory between kuser helpers

Poison the memory between each kuser helper.  This ensures that any
branch between the kuser helpers will be appropriately trapped.

Cc: <stable@vger.kernel.org>
Acked-by: default avatarNicolas Pitre <nico@linaro.org>
Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
parent f928d4f2
...@@ -742,6 +742,17 @@ ENDPROC(__switch_to) ...@@ -742,6 +742,17 @@ ENDPROC(__switch_to)
#endif #endif
.endm .endm
.macro kuser_pad, sym, size
.if (. - \sym) & 3
.rept 4 - (. - \sym) & 3
.byte 0
.endr
.endif
.rept (\size - (. - \sym)) / 4
.word 0xe7fddef1
.endr
.endm
.align 5 .align 5
.globl __kuser_helper_start .globl __kuser_helper_start
__kuser_helper_start: __kuser_helper_start:
...@@ -832,18 +843,13 @@ kuser_cmpxchg64_fixup: ...@@ -832,18 +843,13 @@ kuser_cmpxchg64_fixup:
#error "incoherent kernel configuration" #error "incoherent kernel configuration"
#endif #endif
/* pad to next slot */ kuser_pad __kuser_cmpxchg64, 64
.rept (16 - (. - __kuser_cmpxchg64)/4)
.word 0
.endr
.align 5
__kuser_memory_barrier: @ 0xffff0fa0 __kuser_memory_barrier: @ 0xffff0fa0
smp_dmb arm smp_dmb arm
usr_ret lr usr_ret lr
.align 5 kuser_pad __kuser_memory_barrier, 32
__kuser_cmpxchg: @ 0xffff0fc0 __kuser_cmpxchg: @ 0xffff0fc0
...@@ -916,13 +922,14 @@ kuser_cmpxchg32_fixup: ...@@ -916,13 +922,14 @@ kuser_cmpxchg32_fixup:
#endif #endif
.align 5 kuser_pad __kuser_cmpxchg, 32
__kuser_get_tls: @ 0xffff0fe0 __kuser_get_tls: @ 0xffff0fe0
ldr r0, [pc, #(16 - 8)] @ read TLS, set in kuser_get_tls_init ldr r0, [pc, #(16 - 8)] @ read TLS, set in kuser_get_tls_init
usr_ret lr usr_ret lr
mrc p15, 0, r0, c13, c0, 3 @ 0xffff0fe8 hardware TLS code mrc p15, 0, r0, c13, c0, 3 @ 0xffff0fe8 hardware TLS code
.rep 4 kuser_pad __kuser_get_tls, 16
.rep 3
.word 0 @ 0xffff0ff0 software TLS value, then .word 0 @ 0xffff0ff0 software TLS value, then
.endr @ pad up to __kuser_helper_version .endr @ pad up to __kuser_helper_version
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment