WSL2-Linux-Kernel/arch/x86/mm
Jann Horn 342db04ae7 x86/dumpstack: Don't dump kernel memory based on usermode RIP
show_opcodes() is used both for dumping kernel instructions and for dumping
user instructions. If userspace causes #PF by jumping to a kernel address,
show_opcodes() can be reached with regs->ip controlled by the user,
pointing to kernel code. Make sure that userspace can't trick us into
dumping kernel memory into dmesg.

Fixes: 7cccf0725c ("x86/dumpstack: Add a show_ip() function")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: security@kernel.org
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20180828154901.112726-1-jannh@google.com
2018-08-31 17:08:22 +02:00
..
Makefile x86/mm/sme: Disable stack protection for mem_encrypt_identity.c 2018-02-28 15:24:12 +01:00
amdtopology.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cpu_entry_area.c x86: Add entry trampolines to kcore 2018-08-14 19:13:26 -03:00
debug_pagetables.c x86/efi: Replace efi_pgd with efi_mm.pgd 2018-03-12 11:05:05 +01:00
dump_pagetables.c x86/mm/pti: Move user W+X check into pti_finalize() 2018-08-10 21:12:45 +02:00
extable.c x86/extable: Mark exception handler functions visible 2018-01-14 20:04:16 +01:00
fault.c x86/dumpstack: Don't dump kernel memory based on usermode RIP 2018-08-31 17:08:22 +02:00
highmem_32.c x86/mm: Audit and remove any unnecessary uses of module.h 2016-07-14 13:04:20 +02:00
hugetlbpage.c x86/mm: Prevent non-MAP_FIXED mapping across DEFAULT_MAP_WINDOW border 2017-11-16 11:43:11 +01:00
ident_map.c x86/mm: Stop pretending pgtable_l5_enabled is a variable 2018-05-19 11:56:57 +02:00
init.c Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-08-26 10:13:21 -07:00
init_32.c treewide: use PHYS_ADDR_MAX to avoid type casting ULLONG_MAX 2018-06-15 07:55:25 +09:00
init_64.c Merge branch 'x86/pti-urgent' into x86/pti 2018-08-06 20:56:34 +02:00
iomap_32.c x86/mm: Do not auto-massage page protections 2018-04-12 09:04:22 +02:00
ioremap.c x86/mm: Do not auto-massage page protections 2018-04-12 09:04:22 +02:00
kasan_init_64.c x86/mm: Stop pretending pgtable_l5_enabled is a variable 2018-05-19 11:56:57 +02:00
kaslr.c x86/mm: Stop pretending pgtable_l5_enabled is a variable 2018-05-19 11:56:57 +02:00
kmmio.c x86/mm/kmmio: Make the tracer robust against L1TF 2018-08-08 22:28:34 +02:00
mem_encrypt.c dma/direct: Handle force decryption for DMA coherent buffers in common code 2018-03-20 10:01:59 +01:00
mem_encrypt_boot.S x86/mm/sme, objtool: Annotate indirect call in sme_encrypt_execute() 2018-02-21 09:05:04 +01:00
mem_encrypt_identity.c x86/mm: Decouple dynamic __PHYSICAL_MASK from AMD SME 2018-06-06 13:38:01 +02:00
mm_internal.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mmap.c x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM 2018-08-24 09:51:14 +02:00
mmio-mod.c x86: do not use print_symbol() 2018-01-05 15:23:01 +01:00
mpx.c Merge branch 'x86/mpx' into x86/asm, to pick up dependent commits 2017-11-08 10:55:48 +01:00
numa.c x86: Remove pr_fmt duplicate logging prefixes 2018-05-13 21:25:18 +02:00
numa_32.c x86/mm/32: Remove unused node_memmap_size_bytes() & CONFIG_NEED_NODE_MEMMAP_SIZE logic 2018-03-27 08:45:02 +02:00
numa_64.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
numa_emulation.c x86/numa_emulation: Introduce uniform split capability 2018-07-06 18:48:58 +02:00
numa_internal.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pageattr-test.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pageattr.c Merge branch 'l1tf-final' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-08-14 09:46:06 -07:00
pat.c x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses 2018-08-20 09:22:45 -07:00
pat_internal.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pat_rbtree.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pf_in.c x86/mm: Audit and remove any unnecessary uses of module.h 2016-07-14 13:04:20 +02:00
pf_in.h x86 mmiotrace: move files into arch/x86/mm/. 2008-05-24 11:25:37 +02:00
pgtable.c x86/mm: Only use tlb_remove_table() for paravirt 2018-08-23 11:56:31 -07:00
pgtable_32.c x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]() 2018-02-15 01:15:52 +01:00
physaddr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
physaddr.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pkeys.c x86/pkeys: Override pkey when moving away from PROT_EXEC 2018-05-14 11:14:45 +02:00
pti.c Merge branch 'l1tf-final' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-08-14 09:46:06 -07:00
setup_nx.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
srat.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
testmmiotrace.c Annotate hardware config module parameters in arch/x86/mm/ 2017-04-04 16:54:21 +01:00
tlb.c x86/mm/tlb: Revert the recent lazy TLB patches 2018-08-22 18:22:04 -07:00