Commit 9c698bff authored by Russell King's avatar Russell King
Browse files

ARM: ensure the signal page contains defined contents 



Ensure that the signal page contains our poison instruction to increase
the protection against ROP attacks and also contains well defined
contents.

Acked-by: default avatarWill Deacon <will@kernel.org>
Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
parent 538eea53

arch/arm/kernel/signal.c

+8 −6
Original line number Diff line number Diff line
@@ -693,18 +693,20 @@ struct page *get_signal_page(void) 


	addr = page_address(page);



	/* Poison the entire page */

	memset32(addr, __opcode_to_mem_arm(0xe7fddef1),

		 PAGE_SIZE / sizeof(u32));



	/* Give the signal return code some randomness */

	offset = 0x200 + (get_random_int() & 0x7fc);

	signal_return_offset = offset;



	/*

	 * Copy signal return handlers into the vector page, and

	 * set sigreturn to be a pointer to these.

	 */

	/* Copy signal return handlers into the page */

	memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes));



	ptr = (unsigned long)addr + offset;

	flush_icache_range(ptr, ptr + sizeof(sigreturn_codes));

	/* Flush out all instructions in this page */

	ptr = (unsigned long)addr;

	flush_icache_range(ptr, ptr + PAGE_SIZE);



	return page;

}