On Fri, 24 Jan 2020 13:25:15 +0100 Sven Schnelle svens@linux.ibm.com wrote:
When userspace executes a syscall or gets interrupted, BEAR contains a kernel address when returning to userspace. This make it pretty easy to figure out where the kernel is mapped even with KASLR enabled. To fix this, add lpswe to lowcore and always execute it there, so userspace sees only the lowcore address of lpswe. For this we have to extend both critical_cleanup and the SWITCH_ASYNC macro to also check for lpswe addresses in lowcore.
Fixes: b2d24b97b2a9 ("s390/kernel: add support for kernel address space layout randomization (KASLR)") Cc: stable@vger.kernel.org # v5.2+ Signed-off-by: Sven Schnelle svens@linux.ibm.com
Looks good, Reviewed-by: Gerald Schaefer gerald.schaefer@de.ibm.com
I think you can push to devel, but this should hang around a bit before sending upstream (@Vasily). Maybe at least wait until Heiko can also have a look.
Since the small extra window for critical section cleanup introduced by the lowcore lpswe is hit surprisingly easy and often, this will get some good testing on devel branch.