dumalogiya
/
openwrt
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
v19.07.3_mercusys_ac12_duma
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6ba58b7b02'
${ noResults }
openwrt/target/linux/generic/backport-4.14
History
Kevin Darbyshire-Bryant 8f4841462c kernel: MIPS: math-emu Write-protect delay slot emulation pages 
Backport https://git.kernel.org/pub/scm/linux/kernel/git/mips/linux.git/commit/?id=adcc81f148d733b7e8e641300c5590a2cdc13bf3

"Mapping the delay slot emulation page as both writeable & executable
presents a security risk, in that if an exploit can write to & jump into
the page then it can be used as an easy way to execute arbitrary code.

Prevent this by mapping the page read-only for userland, and using
access_process_vm() with the FOLL_FORCE flag to write to it from
mips_dsemul().

This will likely be less efficient due to copy_to_user_page() performing
cache maintenance on a whole page, rather than a single line as in the
previous use of flush_cache_sigtramp(). However this delay slot
emulation code ought not to be running in any performance critical paths
anyway so this isn't really a problem, and we can probably do better in
copy_to_user_page() anyway in future.

A major advantage of this approach is that the fix is small & simple to
backport to stable kernels.

Reported-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Fixes: 432c6bacbd0c ("MIPS: Use per-mm page to execute branch delay slot instructions")"

Without patch:

cat /proc/self/maps
00400000-0047a000 r-xp 00000000 1f:03 1823       /bin/busybox
00489000-0048a000 r-xp 00079000 1f:03 1823       /bin/busybox
0048a000-0048b000 rwxp 0007a000 1f:03 1823       /bin/busybox
77ec8000-77eed000 r-xp 00000000 1f:03 2296       /lib/libgcc_s.so.1
77eed000-77eee000 rwxp 00015000 1f:03 2296       /lib/libgcc_s.so.1
77eee000-77f81000 r-xp 00000000 1f:03 2470       /lib/libc.so
77f90000-77f92000 rwxp 00092000 1f:03 2470       /lib/libc.so
77f92000-77f94000 rwxp 00000000 00:00 0
7f946000-7f967000 rw-p 00000000 00:00 0          [stack]
7fefb000-7fefc000 rwxp 00000000 00:00 0
7ffac000-7ffad000 r--p 00000000 00:00 0          [vvar]
7ffad000-7ffae000 r-xp 00000000 00:00 0          [vdso]

Patch applied:

cat /proc/self/maps
00400000-0047a000 r-xp 00000000 1f:03 1825       /bin/busybox
00489000-0048a000 r-xp 00079000 1f:03 1825       /bin/busybox
0048a000-0048b000 rwxp 0007a000 1f:03 1825       /bin/busybox
77ed0000-77ef5000 r-xp 00000000 1f:03 2298       /lib/libgcc_s.so.1
77ef5000-77ef6000 rwxp 00015000 1f:03 2298       /lib/libgcc_s.so.1
77ef6000-77f89000 r-xp 00000000 1f:03 2474       /lib/libc.so
77f98000-77f9a000 rwxp 00092000 1f:03 2474       /lib/libc.so
77f9a000-77f9c000 rwxp 00000000 00:00 0
7fbed000-7fc0e000 rw-p 00000000 00:00 0          [stack]
7fefb000-7fefc000 r-xp 00000000 00:00 0
7fff6000-7fff7000 r--p 00000000 00:00 0          [vvar]
7fff7000-7fff8000 r-xp 00000000 00:00 0          [vdso]

Note lack of write permission to 7fefb000-7fefc000

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
 		5 years ago
..
010-Kbuild-don-t-hardcode-path-to-awk-in-scripts-ld-vers.patch kernel: generic: Add kernel 4.14 support 7 years ago
011-kbuild-export-SUBARCH.patch kernel: bump 4.14 to 4.14.48 6 years ago
012-kbuild-add-macro-for-controlling-warnings-to-linux-c.patch kernel: bump 4.14 to 4.14.79 6 years ago
013-disable-Wattribute-alias-warning-for-SYSCALL_DEFINEx.patch kernel: backport fixes for GCC 8 errors in syscall definitions 6 years ago
020-backport_netfilter_rtcache.patch kernel: generic: Add kernel 4.14 support 7 years ago
025-tcp-allow-drivers-to-tweak-TSQ-logic.patch kernel: bump 4.14 to 4.14.89 6 years ago
030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch kernel: bump 4.14 to 4.14.80 6 years ago
030-v4.17-0001-usb-dwc2-add-support-for-host-mode-external-vbus-sup.patch kernel: bump 4.14 to 4.14.67 6 years ago
030-v4.17-0002-usb-dwc2-dwc2_vbus_supply_init-fix-error-check.patch kernel: bump 4.14 to 4.14.67 6 years ago
040-v4.17-0001-mtd-move-code-adding-master-MTD-out-of-mtd_add_devic.patch kernel: backport patches simplifying mtd_device_parse_register code 6 years ago
040-v4.17-0002-mtd-get-rid-of-the-mtd_add_device_partitions.patch kernel: backport patches simplifying mtd_device_parse_register code 6 years ago
041-v4.17-0001-mtd-partitions-add-of_match_table-parser-matching-fo.patch kernel: use accepted mtd patchset adding support for "compatible" string 6 years ago
041-v4.17-0002-mtd-rename-ofpart-parser-to-fixed-partitions-as-it-f.patch kernel: use accepted mtd patchset adding support for "compatible" string 6 years ago
041-v4.17-0003-mtd-ofpart-add-of_match_table-with-fixed-partitions.patch kernel: use accepted mtd patchset adding support for "compatible" string 6 years ago
042-v4.18-0001-mtd-move-code-adding-registering-partitions-to-the-p.patch kernel: backport mtd patch for minor partitioning cleanup 6 years ago
043-v4.18-mtd-bcm47xxpart-improve-handling-TRX-partition-size.patch kernel: use accepted version of bcm47xxpart fix commit 6 years ago
044-v4.18-mtd-bcm47xxpart-add-of_match_table-with-a-new-DT-bin.patch kernel: backport mtd patches with Broadcom of_match_table-s 6 years ago
045-v4.19-mtd-parsers-trx-add-of_match_table-with-the-new-DT-b.patch kernel: backport mtd patches with Broadcom of_match_table-s 6 years ago
046-v4.19-mtd-partitions-use-DT-info-for-parsing-partitions-wi.patch kernel: backport mtd support for subpartitions in DT 6 years ago
047-v4.21-mtd-keep-original-flags-for-every-struct-mtd_info.patch kernel: backport 2 mtd partitioning fixes 6 years ago
048-v4.21-mtd-improve-calculating-partition-boundaries-when-ch.patch kernel: backport 2 mtd partitioning fixes 6 years ago
071-v4.15-0001-net-bgmac-enable-master-mode-for-BCM54210E-and-B5021.patch kernel: generic: Add kernel 4.14 support 7 years ago
076-v4.15-0001-net-phy-broadcom-support-new-device-flag-for-setting.patch kernel: generic: Add kernel 4.14 support 7 years ago
085-v4.16-0001-i2c-gpio-Enable-working-over-slow-can_sleep-GPIOs.patch kernel: backport i2c-gpio working over slow can_sleep GPIOs 6 years ago
090-net-bridge-add-support-for-port-isolation.patch kernel: replace bridge port isolate hack with upstream patch backport on 4.14 6 years ago
095-Allow-class-e-address-assignment-via-ifconfig-ioctl.patch kernel: backport ifconfig ioctl support for class e addresses 6 years ago
096-mips-math-emu-Write-protect-delay-slot-emulation-pages.patch kernel: MIPS: math-emu Write-protect delay slot emulation pages 5 years ago
100-arm-cns3xxx-fix-writing-to-wrong-PCI-registers-after.patch kernel: bump 4.14 to 4.14.90 5 years ago
272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch kernel: bump 4.14 to 4.14.48 6 years ago
289-v4.16-netfilter-add-defines-for-arp-decnet-max-hooks.patch kernel: fix build of nftables 6 years ago
290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch kernel: generic: Fix nftables inet table breakage 6 years ago
291-v4.16-netfilter-core-remove-synchronize_net-call-if-nfqueu.patch kernel: generic: Fix nftables inet table breakage 6 years ago
292-v4.16-netfilter-core-free-hooks-with-call_rcu.patch kernel: generic: Fix nftables inet table breakage 6 years ago
293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch kernel: bump 4.14 to 4.14.79 6 years ago
294-v4.16-netfilter-reduce-hook-array-sizes-to-what-is-needed.patch kernel: generic: Fix nftables inet table breakage 6 years ago
295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch kernel: generic: Fix nftables inet table breakage 6 years ago
296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch kernel: generic: Fix nftables inet table breakage 6 years ago
297-v4.16-netfilter-core-pass-hook-number-family-and-device-to.patch kernel: generic: Fix nftables inet table breakage 6 years ago
298-v4.16-netfilter-core-add-nf_remove_net_hook.patch kernel: generic: Fix nftables inet table breakage 6 years ago
298-v4.16-netfilter-core-pass-family-as-parameter-to-nf_remove.patch kernel: generic: Fix nftables inet table breakage 6 years ago
299-v4.16-netfilter-core-support-for-NFPROTO_INET-hook-registr.patch kernel: generic: Fix nftables inet table breakage 6 years ago
300-v4.16-netfilter-nf_tables-explicit-nft_set_pktinfo-call-fr.patch kernel: mark source kernel for netfilter backports 6 years ago
301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch kernel: generic: Fix nftables inet table breakage 6 years ago
302-v4.16-netfilter-nf_tables_inet-don-t-use-multihook-infrast.patch kernel: mark source kernel for netfilter backports 6 years ago
303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch kernel: bump 4.14 to 4.14.89 6 years ago
304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch kernel: preserve oif of IPv6 link scope packets 6 years ago
305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch kernel: preserve oif of IPv6 link scope packets 6 years ago
306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch kernel: preserve oif of IPv6 link scope packets 6 years ago
307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch kernel: preserve oif of IPv6 link scope packets 6 years ago
308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch kernel: preserve oif of IPv6 link scope packets 6 years ago
309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch kernel: preserve oif of IPv6 link scope packets 6 years ago
310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch kernel: preserve oif of IPv6 link scope packets 6 years ago
311-v4.16-netfilter-nf_tables_arp-don-t-set-forward-chain.patch kernel: mark source kernel for netfilter backports 6 years ago
312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch kernel: bump 4.14 to 4.14.54 6 years ago
313-v4.16-netfilter-remove-defensive-check-on-malformed-packet.patch kernel: mark source kernel for netfilter backports 6 years ago
314-v4.16-netfilter-meta-secpath-support.patch kernel: bump 4.14 to 4.14.54 6 years ago
315-v4.15-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch kernel: mark source kernel for netfilter backports 6 years ago
320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch kernel: bump 4.14 to 4.14.82 6 years ago
321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch kernel: bump 4.14 to 4.14.89 6 years ago
322-v4.16-netfilter-add-generic-flow-table-infrastructure.patch kernel: generic: Fix nftables inet table breakage 6 years ago
323-v4.16-netfilter-flow-table-support-for-IPv4.patch kernel: generic: Fix nftables inet table breakage 6 years ago
324-v4.16-netfilter-flow-table-support-for-IPv6.patch kernel: bump 4.14 to 4.14.73 6 years ago
325-v4.16-netfilter-flow-table-support-for-the-mixed-IPv4-IPv6.patch kernel: generic: Fix nftables inet table breakage 6 years ago
326-v4.16-netfilter-nf_tables-flow-offload-expression.patch kernel: generic: Fix nftables inet table breakage 6 years ago
327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch kernel: bump 4.14 to 4.14.89 6 years ago
328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch kernel: bump 4.14 to 4.14.89 6 years ago
329-v4.16-netfilter-improve-flow-table-Kconfig-dependencies.patch kernel: generic: Fix nftables inet table breakage 6 years ago
330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch kernel: bump 4.14 to 4.14.54 6 years ago
331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch kernel: bump 4.14 to 4.14.89 6 years ago
332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch kernel: bump 4.14 to 4.14.54 6 years ago
334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch kernel: bump 4.14 to 4.14.89 6 years ago
335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch kernel: bump 4.14 to 4.14.89 6 years ago
336-v4.15-netfilter-exit_net-cleanup-check-added.patch kernel: bump 4.14 to 4.14.89 6 years ago
337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch kernel: bump 4.14 to 4.14.89 6 years ago
338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch kernel: bump 4.14 to 4.14.89 6 years ago
339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch kernel: bump 4.14 to 4.14.89 6 years ago
340-v4.16-netfilter-nft_flow_offload-no-need-to-flush-entries-.patch kernel: mark source kernel for netfilter backports 6 years ago
341-v4.16-netfilter-nft_flow_offload-move-flowtable-cleanup-ro.patch kernel: mark source kernel for netfilter backports 6 years ago
342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch kernel: bump 4.14 to 4.14.89 6 years ago
343-netfilter-nft_flow_offload-handle-netdevice-events-f.patch kernel: backport netfilter NAT offload support to 4.14 6 years ago
344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch kernel: bump 4.14 to 4.14.89 6 years ago
345-v4.16-netfilter-nf_flow_offload-fix-use-after-free-and-a-r.patch kernel: mark source kernel for netfilter backports 6 years ago
346-v4.16-netfilter-flowtable-infrastructure-depends-on-NETFIL.patch kernel: generic: Fix nftables inet table breakage 6 years ago
347-v4.16-netfilter-remove-duplicated-include.patch kernel: mark source kernel for netfilter backports 6 years ago
348-v4.18-netfilter-nf_flow_table-use-IP_CT_DIR_-values-for-FL.patch kernel: mark source kernel for netfilter backports 6 years ago
349-v4.18-netfilter-nf_flow_table-clean-up-flow_offload_alloc.patch kernel: mark source kernel for netfilter backports 6 years ago
350-v4.18-ipv6-make-ip6_dst_mtu_forward-inline.patch kernel: bump 4.14 to 4.14.73 6 years ago
351-v4.18-netfilter-nf_flow_table-cache-mtu-in-struct-flow_off.patch kernel: mark source kernel for netfilter backports 6 years ago
352-v4.18-netfilter-nf_flow_table-rename-nf_flow_table.c-to-nf.patch kernel: mark source kernel for netfilter backports 6 years ago
353-v4.18-netfilter-nf_flow_table-move-ipv4-offload-hook-code-.patch kernel: mark source kernel for netfilter backports 6 years ago
354-v4.18-netfilter-nf_flow_table-move-ip-header-check-out-of-.patch kernel: mark source kernel for netfilter backports 6 years ago
355-v4.18-netfilter-nf_flow_table-move-ipv6-offload-hook-code-.patch kernel: mark source kernel for netfilter backports 6 years ago
356-v4.18-netfilter-nf_flow_table-relax-mixed-ipv4-ipv6-flowta.patch kernel: generic: Fix nftables inet table breakage 6 years ago
357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch kernel: bump 4.14 to 4.14.89 6 years ago
358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch kernel: bump 4.14 to 4.14.89 6 years ago
359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch kernel: bump 4.14 to 4.14.89 6 years ago
360-v4.18-netfilter-nf_flow_table-make-flow_offload_dead-inlin.patch kernel: mark source kernel for netfilter backports 6 years ago
361-v4.18-netfilter-nf_flow_table-add-a-new-flow-state-for-tea.patch kernel: mark source kernel for netfilter backports 6 years ago
362-v4.18-netfilter-nf_flow_table-in-flow_offload_lookup-skip-.patch kernel: mark source kernel for netfilter backports 6 years ago
363-v4.18-netfilter-nf_flow_table-add-support-for-sending-flow.patch kernel: mark source kernel for netfilter backports 6 years ago
364-v4.18-netfilter-nf_flow_table-tear-down-TCP-flows-if-RST-o.patch kernel: mark source kernel for netfilter backports 6 years ago
365-v4.16-netfilter-nf_flow_table-fix-checksum-when-handling-D.patch kernel: mark source kernel for netfilter backports 6 years ago
366-netfilter-nf_flow_table-clean-up-and-fix-dst-handlin.patch kernel: netfilter: fix dst entries in flowtable offload 6 years ago
367-v4.18-netfilter-nf_flow_table-add-missing-condition-for-TC.patch kernel: mark source kernel for netfilter backports 6 years ago
368-v4.18-netfilter-nf_flow_table-fix-offloading-connections-w.patch kernel: mark source kernel for netfilter backports 6 years ago
369-v4.18-netfilter-nf_flow_table-attach-dst-to-skbs.patch kernel: backport patch to fix dst handling for offloaded connections 6 years ago
370-netfilter-nf_flow_table-fix-offloaded-connection-tim.patch kernel: bump 4.14 to 4.14.82 6 years ago
371-netfilter-nf_flow_table-fix-up-ct-state-of-flows-aft.patch kernel: fix conntrack fixup of offloaded flows on timeout 6 years ago
400-v4.16-leds-trigger-Introduce-a-NETDEV-trigger.patch kernel: Replace ledtrig-netdev with upstream backport 6 years ago
500-ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch kernel: fix ubifs loosing O_TMPFILE data after power cut 6 years ago