[PATCH 0/2] efi_runtime: Don't deref userland addresses
Matt Fleming
matt at console-pimps.org
Tue Oct 21 11:50:24 UTC 2014
From: Matt Fleming <matt.fleming at intel.com>
We're currently carrying the following patches in the meta-luv layer of
the Linux UEFI Validation project to fix issues encountered when running
fwts on Intel hardware with the Supervisor Mode Access Prevention (SMAP)
feature.
SMAP causes the efi_runtime driver to fault if it directly dereferences
userland addresses without going through the get_user/put_user()
accessor functions, e.g. when going through two-levels of pointer
indirection. The idea being that, if the kernel is accessing userland
addresses directly, it's a potential exploit attempt.
The correct fix is to simply copy structs containing pointers to an
in-kernel copy and then perform a single level of indirection with the
usual get_user/put_user() accessors.
Colin King kindly requested that I send these patches out. Sorry for the
delay in getting these upstream.
Matt Fleming (1):
efi_runtime: Don't use get_user() on non-pointer
Pradeep Gaddam (1):
efi_runtime: Copied the structure from userland locally in kernel
space
efi_runtime/efi_runtime.c | 50 ++++++++++++++++++++++++++++-------------------
1 file changed, 30 insertions(+), 20 deletions(-)
--
1.9.3
More information about the fwts-devel
mailing list