https://github.com/torvalds/linux
Revision a4828f81037f491b2cc986595e3a969a6eeb2fb5 authored by Thomas Gleixner on 14 December 2017, 11:27:31 UTC, committed by Ingo Molnar on 22 December 2017, 19:13:01 UTC
The LDT is inherited across fork() or exec(), but that makes no sense at all because exec() is supposed to start the process clean. The reason why this happens is that init_new_context_ldt() is called from init_new_context() which obviously needs to be called for both fork() and exec(). It would be surprising if anything relies on that behaviour, so it seems to be safe to remove that misfeature. Split the context initialization into two parts. Clear the LDT pointer and initialize the mutex from the general context init and move the LDT duplication to arch_dup_mmap() which is only called on fork(). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Peter Zijlstra <peterz@infradead.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Andy Lutomirsky <luto@kernel.org> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Borislav Petkov <bpetkov@suse.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: David Laight <David.Laight@aculab.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: Eduardo Valentin <eduval@amazon.com> Cc: Greg KH <gregkh@linuxfoundation.org> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Juergen Gross <jgross@suse.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Will Deacon <will.deacon@arm.com> Cc: aliguori@amazon.com Cc: dan.j.williams@intel.com Cc: hughd@google.com Cc: keescook@google.com Cc: kirill.shutemov@linux.intel.com Cc: linux-mm@kvack.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
1 parent c2b3496
Tip revision: a4828f81037f491b2cc986595e3a969a6eeb2fb5 authored by Thomas Gleixner on 14 December 2017, 11:27:31 UTC
x86/ldt: Prevent LDT inheritance on exec
x86/ldt: Prevent LDT inheritance on exec
Tip revision: a4828f8
| File | Mode | Size |
|---|---|---|
| internal | ||
| ablk_helper.h | -rw-r--r-- | 773 bytes |
| acompress.h | -rw-r--r-- | 7.8 KB |
| aead.h | -rw-r--r-- | 18.0 KB |
| aes.h | -rw-r--r-- | 1.0 KB |
| akcipher.h | -rw-r--r-- | 11.6 KB |
| algapi.h | -rw-r--r-- | 11.1 KB |
| authenc.h | -rw-r--r-- | 845 bytes |
| b128ops.h | -rw-r--r-- | 2.4 KB |
| blowfish.h | -rw-r--r-- | 415 bytes |
| cast5.h | -rw-r--r-- | 590 bytes |
| cast6.h | -rw-r--r-- | 636 bytes |
| cast_common.h | -rw-r--r-- | 232 bytes |
| cbc.h | -rw-r--r-- | 3.5 KB |
| chacha20.h | -rw-r--r-- | 640 bytes |
| cryptd.h | -rw-r--r-- | 2.5 KB |
| crypto_wq.h | -rw-r--r-- | 161 bytes |
| ctr.h | -rw-r--r-- | 524 bytes |
| des.h | -rw-r--r-- | 542 bytes |
| dh.h | -rw-r--r-- | 2.6 KB |
| drbg.h | -rw-r--r-- | 9.0 KB |
| ecdh.h | -rw-r--r-- | 2.7 KB |
| engine.h | -rw-r--r-- | 4.0 KB |
| gf128mul.h | -rw-r--r-- | 9.4 KB |
| ghash.h | -rw-r--r-- | 381 bytes |
| hash.h | -rw-r--r-- | 30.9 KB |
| hash_info.h | -rw-r--r-- | 1.1 KB |
| hmac.h | -rw-r--r-- | 173 bytes |
| if_alg.h | -rw-r--r-- | 7.3 KB |
| kpp.h | -rw-r--r-- | 9.6 KB |
| lrw.h | -rw-r--r-- | 1.2 KB |
| mcryptd.h | -rw-r--r-- | 2.4 KB |
| md5.h | -rw-r--r-- | 497 bytes |
| null.h | -rw-r--r-- | 569 bytes |
| padlock.h | -rw-r--r-- | 649 bytes |
| pcrypt.h | -rw-r--r-- | 1.4 KB |
| pkcs7.h | -rw-r--r-- | 1.2 KB |
| poly1305.h | -rw-r--r-- | 1016 bytes |
| public_key.h | -rw-r--r-- | 2.1 KB |
| rng.h | -rw-r--r-- | 6.6 KB |
| scatterwalk.h | -rw-r--r-- | 3.7 KB |
| serpent.h | -rw-r--r-- | 712 bytes |
| sha.h | -rw-r--r-- | 2.9 KB |
| sha1_base.h | -rw-r--r-- | 2.5 KB |
| sha256_base.h | -rw-r--r-- | 3.0 KB |
| sha3.h | -rw-r--r-- | 704 bytes |
| sha512_base.h | -rw-r--r-- | 3.2 KB |
| skcipher.h | -rw-r--r-- | 20.6 KB |
| twofish.h | -rw-r--r-- | 755 bytes |
| vmac.h | -rw-r--r-- | 2.1 KB |
| xts.h | -rw-r--r-- | 1.8 KB |
Computing file changes ...
