• Catalin Marinas's avatar
    lkdtm: Do not use flush_icache_range() on user addresses · fcd35857
    Catalin Marinas authored
    The flush_icache_range() API is meant to be used on kernel addresses
    only as it may not have the infrastructure (exception entries) to handle
    user memory faults.
    
    The lkdtm execute_user_location() function tests the kernel execution of
    user space addresses by mmap'ing an anonymous page, copying some code
    together with cache maintenance and attempting to run it. However, the
    cache maintenance step may fail because of the incorrect API usage
    described above. The patch changes lkdtm to use access_process_vm() for
    copying the code into user space which would take care of the necessary
    cache maintenance.
    Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
    [kees: export access_process_vm() for module use]
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    fcd35857
lkdtm_perms.c 4.62 KB