mirros/rockchip-kernel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7ed6c953e727d0ff507fa5ff75a82e2ad646ea0f
rockchip-kernel/fs/proc
History
Kirill A. Shutemov f662f0e624 ANDROID: pagemap: do not leak physical addresses to non-privileged userspace 
As pointed by recent post[1] on exploiting DRAM physical imperfection,
/proc/PID/pagemap exposes sensitive information which can be used to do
attacks.

This disallows anybody without CAP_SYS_ADMIN to read the pagemap.

[1] http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html

[ Eventually we might want to do anything more finegrained, but for now
  this is the simple model.   - Linus ]

We add this patch again for pass CTS
FileSystemPermissionTest: Assert /proc/self/pagemap not readable

Change-Id: Id4bf9ea27af000734356b921cd723868802b4335
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Konstantin Khlebnikov <khlebnikov@openvz.org>
Acked-by: Andy Lutomirski <luto@amacapital.net>
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Mark Seaborn <mseaborn@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
2017-01-22 18:12:52 +08:00
..
array.c
ptrace: use fsuid, fsgid, effective creds for fs access checks
2016-02-25 12:01:16 -08:00
base.c
Merge branch 'linux-linaro-lsk-v4.4' into linux-linaro-lsk-v4.4-android
2016-10-11 23:33:37 +02:00
cmdline.c
fs/proc: don't use module_init for non-modular core code
2014-01-23 16:37:02 -08:00
consoles.c
fs/proc: don't use module_init for non-modular core code
2014-01-23 16:37:02 -08:00
cpuinfo.c
fs/proc: don't use module_init for non-modular core code
2014-01-23 16:37:02 -08:00
devices.c
fs/proc: don't use module_init for non-modular core code
2014-01-23 16:37:02 -08:00
fd.c
proc: actually make proc_fd_permission() thread-friendly
2015-11-06 17:50:42 -08:00
fd.h
proc: Move proc_fd() to fs/proc/fd.h
2013-05-01 17:29:39 -04:00
generic.c
proc: change proc_subdir_lock to a rwlock
2015-09-10 13:29:01 -07:00
inode.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2015-07-03 15:20:57 -07:00
internal.h
proc: Allow creating permanently empty directories that serve as mount points
2015-07-01 10:36:41 -05:00
interrupts.c
fs/proc: don't use module_init for non-modular core code
2014-01-23 16:37:02 -08:00
Kconfig
fs, proc: add help for CONFIG_PROC_CHILDREN
2015-07-17 16:39:52 -07:00
kcore.c
UPSTREAM: fs/proc/kcore.c: Add bounce buffer for ktext data
2016-10-12 17:34:22 +05:30
kmsg.c
fs/proc: don't use module_init for non-modular core code
2014-01-23 16:37:02 -08:00
loadavg.c
fs/proc: don't use module_init for non-modular core code
2014-01-23 16:37:02 -08:00
Makefile
proc: Implement /proc/thread-self to point at the directory of the current thread
2014-08-04 10:07:11 -07:00
meminfo.c
mm: get rid of 'vmalloc_info' from /proc/meminfo
2015-11-01 17:09:15 -08:00
namespaces.c
ptrace: use fsuid, fsgid, effective creds for fs access checks
2016-02-25 12:01:16 -08:00
nommu.c
vfs: add seq_file_path() helper
2015-06-23 18:01:07 -04:00
page.c
proc: add cond_resched to /proc/kpage* read/write loop
2015-09-10 13:29:01 -07:00
proc_net.c
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
proc_sysctl.c
fs: Drop unlikely before IS_ERR(_OR_NULL)
2015-09-29 15:13:58 +02:00
proc_tty.c
proc: remove proc_tty_ldisc variable
2014-08-08 15:57:22 -07:00
root.c
proc: prevent stacking filesystems on top
2016-06-24 10:18:20 -07:00
self.c
don't pass nameidata to ->follow_link()
2015-05-10 22:20:15 -04:00
softirqs.c
fs/proc: don't use module_init for non-modular core code
2014-01-23 16:37:02 -08:00
stat.c
genirq: Prevent proc race against freeing of irq descriptors
2014-12-13 13:33:07 +01:00
task_mmu.c
ANDROID: pagemap: do not leak physical addresses to non-privileged userspace
2017-01-22 18:12:52 +08:00
task_nommu.c
proc: revert /proc/<pid>/maps [stack:TID] annotation
2016-09-15 08:27:46 +02:00
thread_self.c
don't pass nameidata to ->follow_link()
2015-05-10 22:20:15 -04:00
uptime.c
cputime: Default implementation of nsecs -> cputime conversion
2014-03-13 15:56:43 +01:00
version.c
fs/proc: don't use module_init for non-modular core code
2014-01-23 16:37:02 -08:00
vmcore.c
vmcore: fix PT_NOTE n_namesz, n_descsz overflow issue
2015-02-17 14:34:52 -08:00