summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRussell King <rmk+kernel@arm.linux.org.uk>2013-08-20 00:31:33 +0100
committerRussell King <rmk+kernel@arm.linux.org.uk>2013-08-20 00:31:33 +0100
commite1f020371c08ea93be417ba3b1990b169e7e6e36 (patch)
tree89917310b6a90da53849d700fb2532623e3654d8
parent4f9b4fb7a2091eec339413a460b1665758401828 (diff)
parentac124504ecf6b20a2457d873d0728a8b991a5b0c (diff)
downloadlinux-e1f020371c08ea93be417ba3b1990b169e7e6e36.tar.gz
linux-e1f020371c08ea93be417ba3b1990b169e7e6e36.tar.bz2
linux-e1f020371c08ea93be417ba3b1990b169e7e6e36.zip
Merge branch 'security-fixes' into fixes
-rw-r--r--arch/arm/kernel/fiq.c3
-rw-r--r--arch/arm/mm/Kconfig9
2 files changed, 8 insertions, 4 deletions
diff --git a/arch/arm/kernel/fiq.c b/arch/arm/kernel/fiq.c
index fc7920288a3d..918875d96d5d 100644
--- a/arch/arm/kernel/fiq.c
+++ b/arch/arm/kernel/fiq.c
@@ -89,7 +89,8 @@ void set_fiq_handler(void *start, unsigned int length)
memcpy(base + offset, start, length);
if (!cache_is_vipt_nonaliasing())
- flush_icache_range(base + offset, offset + length);
+ flush_icache_range((unsigned long)base + offset, offset +
+ length);
flush_icache_range(0xffff0000 + offset, 0xffff0000 + offset + length);
}
diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
index db5c2cab8fda..cd2c88e7a8f7 100644
--- a/arch/arm/mm/Kconfig
+++ b/arch/arm/mm/Kconfig
@@ -809,15 +809,18 @@ config KUSER_HELPERS
the CPU type fitted to the system. This permits binaries to be
run on ARMv4 through to ARMv7 without modification.
+ See Documentation/arm/kernel_user_helpers.txt for details.
+
However, the fixed address nature of these helpers can be used
by ROP (return orientated programming) authors when creating
exploits.
If all of the binaries and libraries which run on your platform
are built specifically for your platform, and make no use of
- these helpers, then you can turn this option off. However,
- when such an binary or library is run, it will receive a SIGILL
- signal, which will terminate the program.
+ these helpers, then you can turn this option off to hinder
+ such exploits. However, in that case, if a binary or library
+ relying on those helpers is run, it will receive a SIGILL signal,
+ which will terminate the program.
Say N here only if you are absolutely certain that you do not
need these helpers; otherwise, the safe option is to say Y.