mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-27 12:57:53 +00:00
Code Issues Releases Wiki Activity
linux-stable/Documentation
History
Ruihan Li 0209337600 mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM 
commit 81a31a860b upstream.

Without EXCLUSIVE_SYSTEM_RAM, users are allowed to map arbitrary
physical memory regions into the userspace via /dev/mem. At the same
time, pages may change their properties (e.g., from anonymous pages to
named pages) while they are still being mapped in the userspace, leading
to "corruption" detected by the page table check.

To avoid these false positives, this patch makes PAGE_TABLE_CHECK
depends on EXCLUSIVE_SYSTEM_RAM. This dependency is understandable
because PAGE_TABLE_CHECK is a hardening technique but /dev/mem without
STRICT_DEVMEM (i.e., !EXCLUSIVE_SYSTEM_RAM) is itself a security
problem.

Even with EXCLUSIVE_SYSTEM_RAM, I/O pages may be still allowed to be
mapped via /dev/mem. However, these pages are always considered as named
pages, so they won't break the logic used in the page table check.

Cc: <stable@vger.kernel.org> # 5.17
Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Pasha Tatashin <pasha.tatashin@soleen.com>
Link: https://lore.kernel.org/r/20230515130958.32471-4-lrh2000@pku.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-06-14 11:16:59 +02:00
..
ABI docs: sysfs-block: document hidden sysfs entry 2023-03-07 16:40:52 -07:00
accel
accounting
admin-guide LoongArch: Make WriteCombine configurable for ioremap() 2023-04-18 19:38:58 +08:00
arc
arm
arm64 irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 2023-05-24 17:30:03 +01:00
block block: stub out and deprecated the capability attribute on the gendisk 2023-02-06 08:44:55 -07:00
bpf bpf, doc: Link to submitting-patches.rst for general patch submission info 2023-03-06 16:44:39 +01:00
cdrom
core-api - Daniel Verkamp has contributed a memfd series ("mm/memfd: add 2023-02-23 17:09:35 -08:00
cpu-freq
crypto
dev-tools - Daniel Verkamp has contributed a memfd series ("mm/memfd: add 2023-02-23 17:09:35 -08:00
devicetree dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type 2023-06-09 10:48:15 +02:00
doc-guide
driver-api docs: vfio: fix header path 2023-03-14 11:31:57 -06:00
fault-injection docs: fault-injection: add requirements of error injectable functions 2023-02-02 22:50:00 -08:00
fb
features
filesystems A handful of fixes and minor documentation updates. 2023-03-14 11:08:28 -07:00
firmware-guide ACPI: docs: enumeration: Correct reference to the I²C device data type 2023-03-07 14:09:49 +01:00
firmware_class
fpga
gpu drm next for 6.3-rc1 2023-02-22 18:28:03 -08:00
hid It has been a moderately calm cycle for documentation; the significant 2023-02-22 12:00:20 -08:00
hwmon It has been a moderately calm cycle for documentation; the significant 2023-02-22 12:00:20 -08:00
i2c Documentation: i2c: correct spelling 2023-02-15 20:59:44 +01:00
ia64
iio
images
infiniband
input
isdn Documentation: isdn: correct spelling 2023-02-10 16:28:13 -08:00
kbuild Documentation/llvm: Add a note about prebuilt kernel.org toolchains 2023-04-08 22:48:15 +09:00
kernel-hacking
leds - Remove Drivers 2023-02-23 15:09:31 -08:00
litmus-tests
livepatch Documentation: livepatch: module-elf-format: Remove local klp_modinfo definition 2023-02-06 08:45:55 -08:00
locking docs: locking: refer to the actual existing config names 2023-02-23 12:26:00 -07:00
loongarch
m68k
maintainer docs: rebasing-and-merging: Drop wrong statement about git 2023-03-07 10:26:22 -07:00
mhi
mips
misc-devices
mm mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM 2023-06-14 11:16:59 +02:00
netlabel
netlink ynl: broaden the license even more 2023-03-16 21:20:32 -07:00
networking net/ipv4: ping_group_range: allow GID from 2147483648 to 4294967294 2023-06-14 11:16:44 +02:00
nios2
nvdimm
nvme
openrisc
parisc
PCI
pcmcia
peci
power Power management updates for 6.3-rc1 2023-02-21 12:13:58 -08:00
powerpc
process Driver core fixes for 6.3-rc5 2023-04-02 10:10:16 -07:00
RCU
riscv riscv: Move early dtb mapping into the fixmap region 2023-04-13 18:14:26 -07:00
rust rust: sort uml documentation arch support table 2023-04-06 23:11:04 +02:00
s390 VFIO updates for v6.3-rc1 2023-02-25 11:52:57 -08:00
scheduler sched/doc: supplement CPU capacity with RISC-V 2023-03-07 10:19:04 -07:00
scsi SCSI misc on 20230222 2023-02-22 13:41:41 -08:00
security
sh
sound ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard 2023-04-06 08:10:18 +02:00
sparc
sphinx docs: Use HTML comments for the kernel-toc SPDX line 2023-02-16 16:06:44 -07:00
sphinx-static docs: Add more information to the HTML sidebar 2023-02-08 13:28:27 -07:00
spi
staging
target scsi: target: Documentation: Correct spelling 2023-02-08 18:49:48 -05:00
timers
tools Documentation/rtla: Add hwnoise man page 2023-02-13 23:56:46 -05:00
trace Char/Misc and other driver subsystem changes for 6.3-rc1 2023-02-24 12:47:33 -08:00
translations Driver core fixes for 6.3-rc5 2023-04-02 10:10:16 -07:00
usb docs: usb: Add documentation for the UVC Gadget 2023-03-09 15:18:33 +01:00
userspace-api ynl: broaden the license even more 2023-03-16 21:20:32 -07:00
virt docs: kvm: x86: Fix broken field list 2023-04-04 13:22:05 -04:00
w1
watchdog Documentation/watchdog/hpwdt: Fix Format 2023-02-16 17:31:29 -07:00
x86 It has been a moderately calm cycle for documentation; the significant 2023-02-22 12:00:20 -08:00
xtensa
.gitignore
arch.rst
atomic_bitops.txt
atomic_t.txt
Changes
CodingStyle
conf.py It has been a moderately calm cycle for documentation; the significant 2023-02-22 12:00:20 -08:00
docutils.conf
dontdiff
index.rst Documentation: front page: use recommended heading adornments 2023-02-23 12:44:51 -07:00
Kconfig
Makefile
memory-barriers.txt
SubmittingPatches
subsystem-apis.rst