Re: FAILED: patch "[PATCH] prctl: Disable prctl(PR_SET_MDWE) on parisc" failed to apply to 6.5-stable tree

[Helge Deller <deller@gmx.de>]

* Greg KH <gregkh@linuxfoundation.org>:
> On Fri, Nov 24, 2023 at 04:10:25PM +0100, Helge Deller wrote:
> > On 11/24/23 12:35, gregkh@linuxfoundation.org wrote:
> > > The patch below does not apply to the 6.5-stable tree.
> > > If someone wants it applied there, or to any other stable or longterm
> > > tree, then please email the backport, including the original git commit
> > > id to <stable@vger.kernel.org>.
> > > 
> > > To reproduce the conflict and resubmit, you may use the following commands:
> > > 
> > > git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.5.y
> > > git checkout FETCH_HEAD
> > > git cherry-pick -x 793838138c157d4c49f4fb744b170747e3dabf58
> > > # <resolve conflicts, build, test, etc.>
> > > git commit -s
> > > git send-email --to '<stable@vger.kernel.org>' --in-reply-to '2023112456-linked-nape-bf19@gregkh' --subject-prefix 'PATCH 6.5.y' HEAD^..
> > > 
> > > Possible dependencies:
> > > 
> > > 793838138c15 ("prctl: Disable prctl(PR_SET_MDWE) on parisc")
> > > 24e41bf8a6b4 ("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl")
> > > 0da668333fb0 ("mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long")
> > 
> > Greg, I think the most clean solution is that you pull in this patch:
> > 
> > commit 24e41bf8a6b424c76c5902fb999e9eca61bdf83d
> > Author: Florent Revest <revest@chromium.org>
> > Date:   Mon Aug 28 17:08:57 2023 +0200
> >     mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl
> > 
> > as well into 6.5-stable and 6.6-stable prior to applying my patch.
> > 
> > Florent, Kees and Catalin, do you see any issues if this patch
> > ("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl") is backported
> > to 6.5 and 6.6 too?
> > If yes, I'm happy to just send the trivial backport of my patch below...
> 
> Given that we need an explicit ack for adding mm: patches to the stable
> trees, I'll wait for that to happen here before adding it.

Sure!

Just in case we get a NAK, below is the backported patch of 793838138c157d4c49f4fb744b170747e3dabf58
which applies to 6.5-stable and 6.6-stable.
Maybe you want to add it in the meantime?

Helge


From: Helge Deller <deller@gmx.de>
Date: Sat, 18 Nov 2023 19:33:35 +0100
Subject: [PATCH] prctl: Disable prctl(PR_SET_MDWE) on parisc

systemd-254 tries to use prctl(PR_SET_MDWE) for it's MemoryDenyWriteExecute
functionality, but fails on parisc which still needs executable stacks in
certain combinations of gcc/glibc/kernel.

Disable prctl(PR_SET_MDWE) by returning -EINVAL for now on parisc, until
userspace has catched up.

Signed-off-by: Helge Deller <deller@gmx.de>
Co-developed-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Sam James <sam@gentoo.org>
Closes: https://github.com/systemd/systemd/issues/29775
Tested-by: Sam James <sam@gentoo.org>
Link: https://lore.kernel.org/all/875y2jro9a.fsf@gentoo.org/
Cc: <stable@vger.kernel.org> # v6.3+

diff --git a/kernel/sys.c b/kernel/sys.c
index 2410e3999ebe..2fa67cd61685 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2377,6 +2377,10 @@ static inline int prctl_set_mdwe(unsigned long bits, unsigned long arg3,
 	if (bits & ~(PR_MDWE_REFUSE_EXEC_GAIN))
 		return -EINVAL;
 
+	/* PARISC cannot allow mdwe as it needs writable stacks */
+	if (IS_ENABLED(CONFIG_PARISC))
+		return -EINVAL;
+
 	if (bits & PR_MDWE_REFUSE_EXEC_GAIN)
 		set_bit(MMF_HAS_MDWE, &current->mm->flags);
 	else if (test_bit(MMF_HAS_MDWE, &current->mm->flags))