• Kees Cook's avatar
    x86: Implement thread_struct whitelist for hardened usercopy · f7d83c1c
    Kees Cook authored
    This whitelists the FPU register state portion of the thread_struct for
    copying to userspace, instead of the default entire struct. This is needed
    because FPU register state is dynamically sized, so it doesn't bypass the
    hardened usercopy checks.
    
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: "H. Peter Anvin" <hpa@zytor.com>
    Cc: x86@kernel.org
    Cc: Borislav Petkov <bp@suse.de>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Mathias Krause <minipli@googlemail.com>
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Acked-by: default avatarRik van Riel <riel@redhat.com>
    f7d83c1c
Kconfig 93.3 KB