| Message ID | 1497019233-89860-2-git-send-email-brad.figg@canonical.com |
|---|---|
| State | New |
| Headers | show |
On 09/06/17 15:40, Brad Figg wrote: > From: Mark Rutland <mark.rutland@arm.com> > > CVE-2015-8967 > > As with x86, mark the sys_call_table const such that it will be placed > in the .rodata section. This will cause attempts to modify the table > (accidental or deliberate) to fail when strict page permissions are in > place. In the absence of strict page permissions, there should be no > functional change. > > Signed-off-by: Mark Rutland <mark.rutland@arm.com> > Acked-by: Will Deacon <will.deacon@arm.com> > Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> > (cherry picked from commit c623b33b4e9599c6ac5076f7db7369eb9869aa04) > Signed-off-by: Brad Figg <brad.figg@canonical.com> > --- > arch/arm64/kernel/sys.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/arm64/kernel/sys.c b/arch/arm64/kernel/sys.c > index 3fa98ff..df20b79 100644 > --- a/arch/arm64/kernel/sys.c > +++ b/arch/arm64/kernel/sys.c > @@ -50,7 +50,7 @@ asmlinkage long sys_mmap(unsigned long addr, unsigned long len, > * The sys_call_table array must be 4K aligned to be accessible from > * kernel/entry.S. > */ > -void *sys_call_table[__NR_syscalls] __aligned(4096) = { > +void * const sys_call_table[__NR_syscalls] __aligned(4096) = { > [0 ... __NR_syscalls - 1] = sys_ni_syscall, > #include <asm/unistd.h> > }; > Clean cherry pick, looks good. Acked-by: Colin Ian King <colin.king@canonical.com>
On Fri, Jun 09, 2017 at 07:40:33AM -0700, Brad Figg wrote: > From: Mark Rutland <mark.rutland@arm.com> > > CVE-2015-8967 > > As with x86, mark the sys_call_table const such that it will be placed > in the .rodata section. This will cause attempts to modify the table > (accidental or deliberate) to fail when strict page permissions are in > place. In the absence of strict page permissions, there should be no > functional change. > > Signed-off-by: Mark Rutland <mark.rutland@arm.com> > Acked-by: Will Deacon <will.deacon@arm.com> > Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> > (cherry picked from commit c623b33b4e9599c6ac5076f7db7369eb9869aa04) > Signed-off-by: Brad Figg <brad.figg@canonical.com> > --- > arch/arm64/kernel/sys.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/arm64/kernel/sys.c b/arch/arm64/kernel/sys.c > index 3fa98ff..df20b79 100644 > --- a/arch/arm64/kernel/sys.c > +++ b/arch/arm64/kernel/sys.c > @@ -50,7 +50,7 @@ asmlinkage long sys_mmap(unsigned long addr, unsigned long len, > * The sys_call_table array must be 4K aligned to be accessible from > * kernel/entry.S. > */ > -void *sys_call_table[__NR_syscalls] __aligned(4096) = { > +void * const sys_call_table[__NR_syscalls] __aligned(4096) = { > [0 ... __NR_syscalls - 1] = sys_ni_syscall, > #include <asm/unistd.h> > }; Clean cherry-pick. Looks to do what is claimed. Therefore: Acked-by: Andy Whitcroft <apw@canonical.com> -apw
Applied to Trusty master-next. Thanks, -Stefan
diff --git a/arch/arm64/kernel/sys.c b/arch/arm64/kernel/sys.c index 3fa98ff..df20b79 100644 --- a/arch/arm64/kernel/sys.c +++ b/arch/arm64/kernel/sys.c @@ -50,7 +50,7 @@ asmlinkage long sys_mmap(unsigned long addr, unsigned long len, * The sys_call_table array must be 4K aligned to be accessible from * kernel/entry.S. */ -void *sys_call_table[__NR_syscalls] __aligned(4096) = { +void * const sys_call_table[__NR_syscalls] __aligned(4096) = { [0 ... __NR_syscalls - 1] = sys_ni_syscall, #include <asm/unistd.h> };