x86/mm: Switch from TASK_SIZE to TASK_SIZE_MAX in the page fault code

author Andy Lutomirski <[email protected]>

Tue, 10 May 2016 21:10:29 +0000 (14:10 -0700)

committer Ingo Molnar <[email protected]>

Fri, 20 May 2016 07:10:03 +0000 (09:10 +0200)
author Andy Lutomirski <[email protected]>
Tue, 10 May 2016 21:10:29 +0000 (14:10 -0700)
committer Ingo Molnar <[email protected]>
Fri, 20 May 2016 07:10:03 +0000 (09:10 +0200)
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c

index 5ce1ed02f7e80900ead34c8b8af2bfe223a9d3bd..7d1fa7cd237443e054da06255697412d5e9354f6 100644 (file)
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -292,7 +292,7 @@ void vmalloc_sync_all(void)
                 return;
  
         for (address = VMALLOC_START & PMD_MASK;
-            address >= TASK_SIZE && address < FIXADDR_TOP;
+            address >= TASK_SIZE_MAX && address < FIXADDR_TOP;
              address += PMD_SIZE) {
                 struct page *page;
  
@@ -854,8 +854,13 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
                                 return;
                 }
  #endif
-               /* Kernel addresses are always protection faults: */
-               if (address >= TASK_SIZE)
+
+               /*
+                * To avoid leaking information about the kernel page table
+                * layout, pretend that user-mode accesses to kernel addresses
+                * are always protection faults.
+                */
+               if (address >= TASK_SIZE_MAX)
                         error_code |= PF_PROT;
  
                 if (likely(show_unhandled_signals))
author	Andy Lutomirski <[email protected]>
	Tue, 10 May 2016 21:10:29 +0000 (14:10 -0700)
committer	Ingo Molnar <[email protected]>
	Fri, 20 May 2016 07:10:03 +0000 (09:10 +0200)