From patchwork Fri Jun  9 14:40:33 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Brad Figg <brad.figg@canonical.com>
X-Patchwork-Id: 774016
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	by ozlabs.org (Postfix) with ESMTP id 3wklMk2blYz9s8N;
	Sat, 10 Jun 2017 00:40:50 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.76)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1dJL5i-0003KX-HX; Fri, 09 Jun 2017 14:40:46 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.76) (envelope-from <brad.figg@canonical.com>)
	id 1dJL5Z-0003JU-RG
	for kernel-team@lists.ubuntu.com; Fri, 09 Jun 2017 14:40:37 +0000
Received: from 2.general.bradf.us.vpn ([10.172.67.93] helo=localhost)
	by youngberry.canonical.com with esmtpsa
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <brad.figg@canonical.com>)
	id 1dJL5Z-0000Jt-AG
	for kernel-team@lists.ubuntu.com; Fri, 09 Jun 2017 14:40:37 +0000
From: Brad Figg <brad.figg@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 1/1] arm64: make sys_call_table const
Date: Fri,  9 Jun 2017 07:40:33 -0700
Message-Id: <1497019233-89860-2-git-send-email-brad.figg@canonical.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1497019233-89860-1-git-send-email-brad.figg@canonical.com>
References: <1497019233-89860-1-git-send-email-brad.figg@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: kernel-team-bounces@lists.ubuntu.com

From: Mark Rutland <mark.rutland@arm.com>

CVE-2015-8967

As with x86, mark the sys_call_table const such that it will be placed
in the .rodata section. This will cause attempts to modify the table
(accidental or deliberate) to fail when strict page permissions are in
place. In the absence of strict page permissions, there should be no
functional change.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
(cherry picked from commit c623b33b4e9599c6ac5076f7db7369eb9869aa04)
Signed-off-by: Brad Figg <brad.figg@canonical.com>
Acked-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Andy Whitcroft <apw@canonical.com>
---
 arch/arm64/kernel/sys.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm64/kernel/sys.c b/arch/arm64/kernel/sys.c
index 3fa98ff..df20b79 100644
--- a/arch/arm64/kernel/sys.c
+++ b/arch/arm64/kernel/sys.c
@@ -50,7 +50,7 @@ asmlinkage long sys_mmap(unsigned long addr, unsigned long len,
  * The sys_call_table array must be 4K aligned to be accessible from
  * kernel/entry.S.
  */
-void *sys_call_table[__NR_syscalls] __aligned(4096) = {
+void * const sys_call_table[__NR_syscalls] __aligned(4096) = {
 	[0 ... __NR_syscalls - 1] = sys_ni_syscall,
 #include <asm/unistd.h>
 };