diff options
| author | Christopher M. Riedl <cmr@codefail.de> | 2021-02-26 19:12:52 -0600 |
|---|---|---|
| committer | Michael Ellerman <mpe@ellerman.id.au> | 2021-03-29 12:49:46 +1100 |
| commit | c6c9645e37483444ec5182373455b2f22e4b1535 (patch) | |
| tree | 5492421e0b75322967faef954649c98272c95ffc /arch/powerpc/lib | |
| parent | 609355dfc88e2921bfcbd879300d482a9a33378e (diff) | |
powerpc/signal64: Remove non-inline calls from setup_sigcontext()
The majority of setup_sigcontext() can be refactored to execute in an
"unsafe" context assuming an open uaccess window except for some
non-inline function calls. Move these out into a separate
prepare_setup_sigcontext() function which must be called first and
before opening up a uaccess window. Non-inline function calls should be
avoided during a uaccess window for a few reasons:
- KUAP should be enabled for as much kernel code as possible.
Opening a uaccess window disables KUAP which means any code
executed during this time contributes to a potential attack
surface.
- Non-inline functions default to traceable which means they are
instrumented for ftrace. This adds more code which could run
with KUAP disabled.
- Powerpc does not currently support the objtool UACCESS checks.
All code running with uaccess must be audited manually which
means: less code -> less work -> fewer problems (in theory).
A follow-up commit converts setup_sigcontext() to be "unsafe".
Signed-off-by: Christopher M. Riedl <cmr@codefail.de>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210227011259.11992-4-cmr@codefail.de
Diffstat (limited to 'arch/powerpc/lib')
0 files changed, 0 insertions, 0 deletions