* Patch "arm64: Preventing READ_IMPLIES_EXEC propagation" has been added to the 4.11-stable tree
@ 2017-07-18 16:15 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2017-07-18 16:15 UTC (permalink / raw)
To: dongbo4, gregkh, peter.maydell, will.deacon; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
arm64: Preventing READ_IMPLIES_EXEC propagation
to the 4.11-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
arm64-preventing-read_implies_exec-propagation.patch
and it can be found in the queue-4.11 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From 48f99c8ec0b25756d0283ab058826ae07d14fad7 Mon Sep 17 00:00:00 2001
From: Dong Bo <dongbo4@huawei.com>
Date: Tue, 25 Apr 2017 14:11:29 +0800
Subject: arm64: Preventing READ_IMPLIES_EXEC propagation
From: Dong Bo <dongbo4@huawei.com>
commit 48f99c8ec0b25756d0283ab058826ae07d14fad7 upstream.
Like arch/arm/, we inherit the READ_IMPLIES_EXEC personality flag across
fork(). This is undesirable for a number of reasons:
* ELF files that don't require executable stack can end up with it
anyway
* We end up performing un-necessary I-cache maintenance when mapping
what should be non-executable pages
* Restricting what is executable is generally desirable when defending
against overflow attacks
This patch clears the personality flag when setting up the personality for
newly spwaned native tasks. Given that semi-recent AArch64 toolchains emit
a non-executable PT_GNU_STACK header, userspace applications can already
not rely on READ_IMPLIES_EXEC so shouldn't be adversely affected by this
change.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Dong Bo <dongbo4@huawei.com>
[will: added comment to compat code, rewrote commit message]
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/elf.h | 6 ++++++
1 file changed, 6 insertions(+)
--- a/arch/arm64/include/asm/elf.h
+++ b/arch/arm64/include/asm/elf.h
@@ -141,6 +141,7 @@ typedef struct user_fpsimd_state elf_fpr
({ \
clear_bit(TIF_32BIT, ¤t->mm->context.flags); \
clear_thread_flag(TIF_32BIT); \
+ current->personality &= ~READ_IMPLIES_EXEC; \
})
/* update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT entries changes */
@@ -187,6 +188,11 @@ typedef compat_elf_greg_t compat_elf_gr
((x)->e_flags & EF_ARM_EABI_MASK))
#define compat_start_thread compat_start_thread
+/*
+ * Unlike the native SET_PERSONALITY macro, the compat version inherits
+ * READ_IMPLIES_EXEC across a fork() since this is the behaviour on
+ * arch/arm/.
+ */
#define COMPAT_SET_PERSONALITY(ex) \
({ \
set_bit(TIF_32BIT, ¤t->mm->context.flags); \
Patches currently in stable-queue which might be from dongbo4@huawei.com are
queue-4.11/arm64-preventing-read_implies_exec-propagation.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-07-18 16:16 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-07-18 16:15 Patch "arm64: Preventing READ_IMPLIES_EXEC propagation" has been added to the 4.11-stable tree gregkh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).