FAILED: patch "[PATCH] prctl: Disable prctl(PR_SET_MDWE) on parisc" failed to apply to 6.5-stable tree

FAILED: patch "[PATCH] prctl: Disable prctl(PR_SET_MDWE) on parisc" failed to apply to 6.5-stable tree

[gregkh]

The patch below does not apply to the 6.5-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

To reproduce the conflict and resubmit, you may use the following commands:

git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.5.y
git checkout FETCH_HEAD
git cherry-pick -x 793838138c157d4c49f4fb744b170747e3dabf58
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable@vger.kernel.org>' --in-reply-to '2023112456-linked-nape-bf19@gregkh' --subject-prefix 'PATCH 6.5.y' HEAD^..

Possible dependencies:

793838138c15 ("prctl: Disable prctl(PR_SET_MDWE) on parisc")
24e41bf8a6b4 ("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl")
0da668333fb0 ("mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long")

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

From 793838138c157d4c49f4fb744b170747e3dabf58 Mon Sep 17 00:00:00 2001
From: Helge Deller <deller@gmx.de>
Date: Sat, 18 Nov 2023 19:33:35 +0100
Subject: [PATCH] prctl: Disable prctl(PR_SET_MDWE) on parisc

systemd-254 tries to use prctl(PR_SET_MDWE) for it's MemoryDenyWriteExecute
functionality, but fails on parisc which still needs executable stacks in
certain combinations of gcc/glibc/kernel.

Disable prctl(PR_SET_MDWE) by returning -EINVAL for now on parisc, until
userspace has catched up.

Signed-off-by: Helge Deller <deller@gmx.de>
Co-developed-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Sam James <sam@gentoo.org>
Closes: https://github.com/systemd/systemd/issues/29775
Tested-by: Sam James <sam@gentoo.org>
Link: https://lore.kernel.org/all/875y2jro9a.fsf@gentoo.org/
Cc: <stable@vger.kernel.org> # v6.3+

diff --git a/kernel/sys.c b/kernel/sys.c
index 420d9cb9cc8e..e219fcfa112d 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2394,6 +2394,10 @@ static inline int prctl_set_mdwe(unsigned long bits, unsigned long arg3,
 	if (bits & PR_MDWE_NO_INHERIT && !(bits & PR_MDWE_REFUSE_EXEC_GAIN))
 		return -EINVAL;
 
+	/* PARISC cannot allow mdwe as it needs writable stacks */
+	if (IS_ENABLED(CONFIG_PARISC))
+		return -EINVAL;
+
 	current_bits = get_current_mdwe();
 	if (current_bits && current_bits != bits)
 		return -EPERM; /* Cannot unset the flags */

Re: FAILED: patch "[PATCH] prctl: Disable prctl(PR_SET_MDWE) on parisc" failed to apply to 6.5-stable tree

[Helge Deller]

On 11/24/23 12:35, gregkh@linuxfoundation.org wrote:
> The patch below does not apply to the 6.5-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@vger.kernel.org>.
>
> To reproduce the conflict and resubmit, you may use the following commands:
>
> git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.5.y
> git checkout FETCH_HEAD
> git cherry-pick -x 793838138c157d4c49f4fb744b170747e3dabf58
> # <resolve conflicts, build, test, etc.>
> git commit -s
> git send-email --to '<stable@vger.kernel.org>' --in-reply-to '2023112456-linked-nape-bf19@gregkh' --subject-prefix 'PATCH 6.5.y' HEAD^..
>
> Possible dependencies:
>
> 793838138c15 ("prctl: Disable prctl(PR_SET_MDWE) on parisc")
> 24e41bf8a6b4 ("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl")
> 0da668333fb0 ("mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long")

Greg, I think the most clean solution is that you pull in this patch:

commit 24e41bf8a6b424c76c5902fb999e9eca61bdf83d
Author: Florent Revest <revest@chromium.org>
Date:   Mon Aug 28 17:08:57 2023 +0200
     mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl

as well into 6.5-stable and 6.6-stable prior to applying my patch.

Florent, Kees and Catalin, do you see any issues if this patch
("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl") is backported
to 6.5 and 6.6 too?
If yes, I'm happy to just send the trivial backport of my patch below...

Helge


> ------------------ original commit in Linus's tree ------------------
>
>  From 793838138c157d4c49f4fb744b170747e3dabf58 Mon Sep 17 00:00:00 2001
> From: Helge Deller <deller@gmx.de>
> Date: Sat, 18 Nov 2023 19:33:35 +0100
> Subject: [PATCH] prctl: Disable prctl(PR_SET_MDWE) on parisc
>
> systemd-254 tries to use prctl(PR_SET_MDWE) for it's MemoryDenyWriteExecute
> functionality, but fails on parisc which still needs executable stacks in
> certain combinations of gcc/glibc/kernel.
>
> Disable prctl(PR_SET_MDWE) by returning -EINVAL for now on parisc, until
> userspace has catched up.
>
> Signed-off-by: Helge Deller <deller@gmx.de>
> Co-developed-by: Linus Torvalds <torvalds@linux-foundation.org>
> Reported-by: Sam James <sam@gentoo.org>
> Closes: https://github.com/systemd/systemd/issues/29775
> Tested-by: Sam James <sam@gentoo.org>
> Link: https://lore.kernel.org/all/875y2jro9a.fsf@gentoo.org/
> Cc: <stable@vger.kernel.org> # v6.3+
>
> diff --git a/kernel/sys.c b/kernel/sys.c
> index 420d9cb9cc8e..e219fcfa112d 100644
> --- a/kernel/sys.c
> +++ b/kernel/sys.c
> @@ -2394,6 +2394,10 @@ static inline int prctl_set_mdwe(unsigned long bits, unsigned long arg3,
>   	if (bits & PR_MDWE_NO_INHERIT && !(bits & PR_MDWE_REFUSE_EXEC_GAIN))
>   		return -EINVAL;
>
> +	/* PARISC cannot allow mdwe as it needs writable stacks */
> +	if (IS_ENABLED(CONFIG_PARISC))
> +		return -EINVAL;
> +
>   	current_bits = get_current_mdwe();
>   	if (current_bits && current_bits != bits)
>   		return -EPERM; /* Cannot unset the flags */
>

Re: FAILED: patch "[PATCH] prctl: Disable prctl(PR_SET_MDWE) on parisc" failed to apply to 6.5-stable tree

[Greg KH]

On Fri, Nov 24, 2023 at 04:10:25PM +0100, Helge Deller wrote:
> On 11/24/23 12:35, gregkh@linuxfoundation.org wrote:
> > The patch below does not apply to the 6.5-stable tree.
> > If someone wants it applied there, or to any other stable or longterm
> > tree, then please email the backport, including the original git commit
> > id to <stable@vger.kernel.org>.
> > 
> > To reproduce the conflict and resubmit, you may use the following commands:
> > 
> > git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.5.y
> > git checkout FETCH_HEAD
> > git cherry-pick -x 793838138c157d4c49f4fb744b170747e3dabf58
> > # <resolve conflicts, build, test, etc.>
> > git commit -s
> > git send-email --to '<stable@vger.kernel.org>' --in-reply-to '2023112456-linked-nape-bf19@gregkh' --subject-prefix 'PATCH 6.5.y' HEAD^..
> > 
> > Possible dependencies:
> > 
> > 793838138c15 ("prctl: Disable prctl(PR_SET_MDWE) on parisc")
> > 24e41bf8a6b4 ("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl")
> > 0da668333fb0 ("mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long")
> 
> Greg, I think the most clean solution is that you pull in this patch:
> 
> commit 24e41bf8a6b424c76c5902fb999e9eca61bdf83d
> Author: Florent Revest <revest@chromium.org>
> Date:   Mon Aug 28 17:08:57 2023 +0200
>     mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl
> 
> as well into 6.5-stable and 6.6-stable prior to applying my patch.
> 
> Florent, Kees and Catalin, do you see any issues if this patch
> ("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl") is backported
> to 6.5 and 6.6 too?
> If yes, I'm happy to just send the trivial backport of my patch below...

Given that we need an explicit ack for adding mm: patches to the stable
trees, I'll wait for that to happen here before adding it.

thanks,

greg k-h

Re: FAILED: patch "[PATCH] prctl: Disable prctl(PR_SET_MDWE) on parisc" failed to apply to 6.5-stable tree

[Helge Deller]

* Greg KH <gregkh@linuxfoundation.org>:
> On Fri, Nov 24, 2023 at 04:10:25PM +0100, Helge Deller wrote:
> > On 11/24/23 12:35, gregkh@linuxfoundation.org wrote:
> > > The patch below does not apply to the 6.5-stable tree.
> > > If someone wants it applied there, or to any other stable or longterm
> > > tree, then please email the backport, including the original git commit
> > > id to <stable@vger.kernel.org>.
> > > 
> > > To reproduce the conflict and resubmit, you may use the following commands:
> > > 
> > > git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.5.y
> > > git checkout FETCH_HEAD
> > > git cherry-pick -x 793838138c157d4c49f4fb744b170747e3dabf58
> > > # <resolve conflicts, build, test, etc.>
> > > git commit -s
> > > git send-email --to '<stable@vger.kernel.org>' --in-reply-to '2023112456-linked-nape-bf19@gregkh' --subject-prefix 'PATCH 6.5.y' HEAD^..
> > > 
> > > Possible dependencies:
> > > 
> > > 793838138c15 ("prctl: Disable prctl(PR_SET_MDWE) on parisc")
> > > 24e41bf8a6b4 ("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl")
> > > 0da668333fb0 ("mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long")
> > 
> > Greg, I think the most clean solution is that you pull in this patch:
> > 
> > commit 24e41bf8a6b424c76c5902fb999e9eca61bdf83d
> > Author: Florent Revest <revest@chromium.org>
> > Date:   Mon Aug 28 17:08:57 2023 +0200
> >     mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl
> > 
> > as well into 6.5-stable and 6.6-stable prior to applying my patch.
> > 
> > Florent, Kees and Catalin, do you see any issues if this patch
> > ("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl") is backported
> > to 6.5 and 6.6 too?
> > If yes, I'm happy to just send the trivial backport of my patch below...
> 
> Given that we need an explicit ack for adding mm: patches to the stable
> trees, I'll wait for that to happen here before adding it.

Sure!

Just in case we get a NAK, below is the backported patch of 793838138c157d4c49f4fb744b170747e3dabf58
which applies to 6.5-stable and 6.6-stable.
Maybe you want to add it in the meantime?

Helge


From: Helge Deller <deller@gmx.de>
Date: Sat, 18 Nov 2023 19:33:35 +0100
Subject: [PATCH] prctl: Disable prctl(PR_SET_MDWE) on parisc

systemd-254 tries to use prctl(PR_SET_MDWE) for it's MemoryDenyWriteExecute
functionality, but fails on parisc which still needs executable stacks in
certain combinations of gcc/glibc/kernel.

Disable prctl(PR_SET_MDWE) by returning -EINVAL for now on parisc, until
userspace has catched up.

Signed-off-by: Helge Deller <deller@gmx.de>
Co-developed-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Sam James <sam@gentoo.org>
Closes: https://github.com/systemd/systemd/issues/29775
Tested-by: Sam James <sam@gentoo.org>
Link: https://lore.kernel.org/all/875y2jro9a.fsf@gentoo.org/
Cc: <stable@vger.kernel.org> # v6.3+

diff --git a/kernel/sys.c b/kernel/sys.c
index 2410e3999ebe..2fa67cd61685 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2377,6 +2377,10 @@ static inline int prctl_set_mdwe(unsigned long bits, unsigned long arg3,
 	if (bits & ~(PR_MDWE_REFUSE_EXEC_GAIN))
 		return -EINVAL;
 
+	/* PARISC cannot allow mdwe as it needs writable stacks */
+	if (IS_ENABLED(CONFIG_PARISC))
+		return -EINVAL;
+
 	if (bits & PR_MDWE_REFUSE_EXEC_GAIN)
 		set_bit(MMF_HAS_MDWE, &current->mm->flags);
 	else if (test_bit(MMF_HAS_MDWE, &current->mm->flags))

Re: FAILED: patch "[PATCH] prctl: Disable prctl(PR_SET_MDWE) on parisc" failed to apply to 6.5-stable tree

[Catalin Marinas]

On Fri, Nov 24, 2023 at 04:10:25PM +0100, Helge Deller wrote:
> On 11/24/23 12:35, gregkh@linuxfoundation.org wrote:
> > The patch below does not apply to the 6.5-stable tree.
> > If someone wants it applied there, or to any other stable or longterm
> > tree, then please email the backport, including the original git commit
> > id to <stable@vger.kernel.org>.
> > 
> > To reproduce the conflict and resubmit, you may use the following commands:
> > 
> > git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.5.y
> > git checkout FETCH_HEAD
> > git cherry-pick -x 793838138c157d4c49f4fb744b170747e3dabf58
> > # <resolve conflicts, build, test, etc.>
> > git commit -s
> > git send-email --to '<stable@vger.kernel.org>' --in-reply-to '2023112456-linked-nape-bf19@gregkh' --subject-prefix 'PATCH 6.5.y' HEAD^..
> > 
> > Possible dependencies:
> > 
> > 793838138c15 ("prctl: Disable prctl(PR_SET_MDWE) on parisc")
> > 24e41bf8a6b4 ("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl")
> > 0da668333fb0 ("mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long")
> 
> Greg, I think the most clean solution is that you pull in this patch:
> 
> commit 24e41bf8a6b424c76c5902fb999e9eca61bdf83d
> Author: Florent Revest <revest@chromium.org>
> Date:   Mon Aug 28 17:08:57 2023 +0200
>     mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl
> 
> as well into 6.5-stable and 6.6-stable prior to applying my patch.
> 
> Florent, Kees and Catalin, do you see any issues if this patch
> ("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl") is backported
> to 6.5 and 6.6 too?
> If yes, I'm happy to just send the trivial backport of my patch below...

TBH, given that the NO_INHERIT MDWE is a new feature and it took us a
few rounds to define its semantics, I'd rather not back-port it unless
someone has a strong need for it in 6.5 (not sure the stable rules even
allow for this). The parisc patch is simple enough to be backported on
its own.

-- 
Catalin

Re: FAILED: patch "[PATCH] prctl: Disable prctl(PR_SET_MDWE) on parisc" failed to apply to 6.5-stable tree

[Helge Deller]

On 11/27/23 12:59, Catalin Marinas wrote:
> On Fri, Nov 24, 2023 at 04:10:25PM +0100, Helge Deller wrote:
>> On 11/24/23 12:35, gregkh@linuxfoundation.org wrote:
>>> The patch below does not apply to the 6.5-stable tree.
>>> If someone wants it applied there, or to any other stable or longterm
>>> tree, then please email the backport, including the original git commit
>>> id to <stable@vger.kernel.org>.
>>>
>>> To reproduce the conflict and resubmit, you may use the following commands:
>>>
>>> git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.5.y
>>> git checkout FETCH_HEAD
>>> git cherry-pick -x 793838138c157d4c49f4fb744b170747e3dabf58
>>> # <resolve conflicts, build, test, etc.>
>>> git commit -s
>>> git send-email --to '<stable@vger.kernel.org>' --in-reply-to '2023112456-linked-nape-bf19@gregkh' --subject-prefix 'PATCH 6.5.y' HEAD^..
>>>
>>> Possible dependencies:
>>>
>>> 793838138c15 ("prctl: Disable prctl(PR_SET_MDWE) on parisc")
>>> 24e41bf8a6b4 ("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl")
>>> 0da668333fb0 ("mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long")
>>
>> Greg, I think the most clean solution is that you pull in this patch:
>>
>> commit 24e41bf8a6b424c76c5902fb999e9eca61bdf83d
>> Author: Florent Revest <revest@chromium.org>
>> Date:   Mon Aug 28 17:08:57 2023 +0200
>>      mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl
>>
>> as well into 6.5-stable and 6.6-stable prior to applying my patch.
>>
>> Florent, Kees and Catalin, do you see any issues if this patch
>> ("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl") is backported
>> to 6.5 and 6.6 too?
>> If yes, I'm happy to just send the trivial backport of my patch below...
>
> TBH, given that the NO_INHERIT MDWE is a new feature and it took us a
> few rounds to define its semantics, I'd rather not back-port it unless
> someone has a strong need for it in 6.5 (not sure the stable rules even
> allow for this). The parisc patch is simple enough to be backported on
> its own.

Ok.

Thanks!
Helge

Re: FAILED: patch "[PATCH] prctl: Disable prctl(PR_SET_MDWE) on parisc" failed to apply to 6.5-stable tree

[Florent Revest]

On Mon, Nov 27, 2023 at 12:59 PM Catalin Marinas
<catalin.marinas@arm.com> wrote:
>
> On Fri, Nov 24, 2023 at 04:10:25PM +0100, Helge Deller wrote:
> > On 11/24/23 12:35, gregkh@linuxfoundation.org wrote:
> > > The patch below does not apply to the 6.5-stable tree.
> > > If someone wants it applied there, or to any other stable or longterm
> > > tree, then please email the backport, including the original git commit
> > > id to <stable@vger.kernel.org>.
> > >
> > > To reproduce the conflict and resubmit, you may use the following commands:
> > >
> > > git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.5.y
> > > git checkout FETCH_HEAD
> > > git cherry-pick -x 793838138c157d4c49f4fb744b170747e3dabf58
> > > # <resolve conflicts, build, test, etc.>
> > > git commit -s
> > > git send-email --to '<stable@vger.kernel.org>' --in-reply-to '2023112456-linked-nape-bf19@gregkh' --subject-prefix 'PATCH 6.5.y' HEAD^..
> > >
> > > Possible dependencies:
> > >
> > > 793838138c15 ("prctl: Disable prctl(PR_SET_MDWE) on parisc")
> > > 24e41bf8a6b4 ("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl")
> > > 0da668333fb0 ("mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long")
> >
> > Greg, I think the most clean solution is that you pull in this patch:
> >
> > commit 24e41bf8a6b424c76c5902fb999e9eca61bdf83d
> > Author: Florent Revest <revest@chromium.org>
> > Date:   Mon Aug 28 17:08:57 2023 +0200
> >     mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl
> >
> > as well into 6.5-stable and 6.6-stable prior to applying my patch.
> >
> > Florent, Kees and Catalin, do you see any issues if this patch
> > ("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl") is backported
> > to 6.5 and 6.6 too?
> > If yes, I'm happy to just send the trivial backport of my patch below...
>
> TBH, given that the NO_INHERIT MDWE is a new feature and it took us a
> few rounds to define its semantics, I'd rather not back-port it unless
> someone has a strong need for it in 6.5 (not sure the stable rules even
> allow for this). The parisc patch is simple enough to be backported on
> its own.

I agree with Catalin :)