Message ID | 20240208012620.32604-4-zev@bewilderbeest.net (mailing list archive) |
---|---|
Headers | show |
Series | ARM: prctl: Reject PR_SET_MDWE where not supported | expand |
Hi Zev, On 2/8/24 02:26, Zev Weiss wrote: > Hello, > > I noticed after a recent kernel update that my ARM926 system started > segfaulting on any execve() after calling prctl(PR_SET_MDWE). After > some investigation it appears that ARMv5 is incapable of providing the > appropriate protections for MDWE, since any readable memory is also > implicitly executable. > > (Note that I'm not an expert in either ARM arch details or the mm > subsystem, so please bear with me if I've botched something in the > above analysis.) > > The prctl_set_mdwe() function already had some special-case logic > added disabling it on PARISC (commit 793838138c15, "prctl: Disable > prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that > check to use an arch_*() function, and (2) adds a corresponding > override for ARM to disable MDWE on pre-ARMv6 CPUs. Instead of splitting it out to a new function in mman.h, I'd prefer having it as config option, e.g. ARCH_HAS_NO_MDWE_SUPPORT (?) which could be checked instead. For parisc we still want to allow mdwe in the future, we just have to wait until most user-space programs have updated to the latest binaries which don't need an executable stack any longer. > With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and > subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can > succeed instead of unconditionally failing; on ARMv6 the prctl works > as it did previously. > > Since this was effectively a userspace-breaking change in v6.3 (with > newer MDWE-aware userspace on older pre-MDWE kernels the prctl would > simply fail safely) I've CCed -stable for v6.3+, though since the > patches depend on the PARISC one above it will only apply cleanly on > the linux-6.6.y and linux-6.7.y branches, since at least at time of > writing the 6.3 through 6.5 branches don't have that patch backported > (due to further missing dependencies [0]). > [0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/ I think you don't need to worry about that, since stable kernel series for 6.3 up to 6.5 were stopped... > Zev Weiss (2): > prctl: Generalize PR_SET_MDWE support check to be per-arch > ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6 > > arch/arm/include/asm/mman.h | 14 ++++++++++++++ > arch/parisc/include/asm/mman.h | 14 ++++++++++++++ > include/linux/mman.h | 8 ++++++++ > kernel/sys.c | 7 +++++-- > 4 files changed, 41 insertions(+), 2 deletions(-) > create mode 100644 arch/arm/include/asm/mman.h > create mode 100644 arch/parisc/include/asm/mman.h >
Hi Helge, Thanks for taking a look! On Wed, Feb 07, 2024 at 11:02:24PM PST, Helge Deller wrote: >Hi Zev, > >On 2/8/24 02:26, Zev Weiss wrote: >>Hello, >> >>I noticed after a recent kernel update that my ARM926 system started >>segfaulting on any execve() after calling prctl(PR_SET_MDWE). After >>some investigation it appears that ARMv5 is incapable of providing the >>appropriate protections for MDWE, since any readable memory is also >>implicitly executable. >> >>(Note that I'm not an expert in either ARM arch details or the mm >>subsystem, so please bear with me if I've botched something in the >>above analysis.) >> >>The prctl_set_mdwe() function already had some special-case logic >>added disabling it on PARISC (commit 793838138c15, "prctl: Disable >>prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that >>check to use an arch_*() function, and (2) adds a corresponding >>override for ARM to disable MDWE on pre-ARMv6 CPUs. > >Instead of splitting it out to a new function in mman.h, >I'd prefer having it as config option, e.g. ARCH_HAS_NO_MDWE_SUPPORT (?) >which could be checked instead. >For parisc we still want to allow mdwe in the future, we just have >to wait until most user-space programs have updated to the latest >binaries which don't need an executable stack any longer. > I considered that, but it seems that ARM kernels at least may not know the answer to that question at compile-time -- see patch 2, where the ARM implementation does a runtime check on cpu_architecture(). >>With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and >>subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can >>succeed instead of unconditionally failing; on ARMv6 the prctl works >>as it did previously. >> >>Since this was effectively a userspace-breaking change in v6.3 (with >>newer MDWE-aware userspace on older pre-MDWE kernels the prctl would >>simply fail safely) I've CCed -stable for v6.3+, though since the >>patches depend on the PARISC one above it will only apply cleanly on >>the linux-6.6.y and linux-6.7.y branches, since at least at time of >>writing the 6.3 through 6.5 branches don't have that patch backported >>(due to further missing dependencies [0]). >>[0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/ > >I think you don't need to worry about that, since stable kernel series >for 6.3 up to 6.5 were stopped... > Ah, hadn't realized that -- thanks for the tip. Zev
Hi, Where is patch 1 of this series? It doesn't seem to have been Cc'd to linux-arm-kernel. Therefore, this can't be reviewed. Thanks. On Wed, Feb 07, 2024 at 05:26:18PM -0800, Zev Weiss wrote: > Hello, > > I noticed after a recent kernel update that my ARM926 system started > segfaulting on any execve() after calling prctl(PR_SET_MDWE). After > some investigation it appears that ARMv5 is incapable of providing the > appropriate protections for MDWE, since any readable memory is also > implicitly executable. > > (Note that I'm not an expert in either ARM arch details or the mm > subsystem, so please bear with me if I've botched something in the > above analysis.) > > The prctl_set_mdwe() function already had some special-case logic > added disabling it on PARISC (commit 793838138c15, "prctl: Disable > prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that > check to use an arch_*() function, and (2) adds a corresponding > override for ARM to disable MDWE on pre-ARMv6 CPUs. > > With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and > subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can > succeed instead of unconditionally failing; on ARMv6 the prctl works > as it did previously. > > Since this was effectively a userspace-breaking change in v6.3 (with > newer MDWE-aware userspace on older pre-MDWE kernels the prctl would > simply fail safely) I've CCed -stable for v6.3+, though since the > patches depend on the PARISC one above it will only apply cleanly on > the linux-6.6.y and linux-6.7.y branches, since at least at time of > writing the 6.3 through 6.5 branches don't have that patch backported > (due to further missing dependencies [0]). > > > Thanks, > Zev > > [0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/ > > Zev Weiss (2): > prctl: Generalize PR_SET_MDWE support check to be per-arch > ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6 > > arch/arm/include/asm/mman.h | 14 ++++++++++++++ > arch/parisc/include/asm/mman.h | 14 ++++++++++++++ > include/linux/mman.h | 8 ++++++++ > kernel/sys.c | 7 +++++-- > 4 files changed, 41 insertions(+), 2 deletions(-) > create mode 100644 arch/arm/include/asm/mman.h > create mode 100644 arch/parisc/include/asm/mman.h > > -- > 2.43.0 > > > _______________________________________________ > linux-arm-kernel mailing list > linux-arm-kernel@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel >
On Thu, Feb 08, 2024 at 01:20:57AM PST, Russell King (Oracle) wrote: >Hi, > >Where is patch 1 of this series? It doesn't seem to have been Cc'd to >linux-arm-kernel. Therefore, this can't be reviewed. > It went to (among others) the linux-parisc list, but not linux-arm-kernel as scripts/get_maintainers.pl didn't list it for that patch: https://lore.kernel.org/lkml/20240208012620.32604-5-zev@bewilderbeest.net/ I think I've gotten differing opinions from different subsystem maintainers on this, but FWIW my usual default approach is to use scripts/get_maintainer.pl on each patch and then add the set-union of them all to the cover letter for context; I'll try to remember the preference for linux-arm-kernel though. Is the link above sufficient for now, or shall I resend the series? Thanks, Zev >Thanks. > >On Wed, Feb 07, 2024 at 05:26:18PM -0800, Zev Weiss wrote: >> Hello, >> >> I noticed after a recent kernel update that my ARM926 system started >> segfaulting on any execve() after calling prctl(PR_SET_MDWE). After >> some investigation it appears that ARMv5 is incapable of providing the >> appropriate protections for MDWE, since any readable memory is also >> implicitly executable. >> >> (Note that I'm not an expert in either ARM arch details or the mm >> subsystem, so please bear with me if I've botched something in the >> above analysis.) >> >> The prctl_set_mdwe() function already had some special-case logic >> added disabling it on PARISC (commit 793838138c15, "prctl: Disable >> prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that >> check to use an arch_*() function, and (2) adds a corresponding >> override for ARM to disable MDWE on pre-ARMv6 CPUs. >> >> With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and >> subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can >> succeed instead of unconditionally failing; on ARMv6 the prctl works >> as it did previously. >> >> Since this was effectively a userspace-breaking change in v6.3 (with >> newer MDWE-aware userspace on older pre-MDWE kernels the prctl would >> simply fail safely) I've CCed -stable for v6.3+, though since the >> patches depend on the PARISC one above it will only apply cleanly on >> the linux-6.6.y and linux-6.7.y branches, since at least at time of >> writing the 6.3 through 6.5 branches don't have that patch backported >> (due to further missing dependencies [0]). >> >> >> Thanks, >> Zev >> >> [0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/ >> >> Zev Weiss (2): >> prctl: Generalize PR_SET_MDWE support check to be per-arch >> ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6 >> >> arch/arm/include/asm/mman.h | 14 ++++++++++++++ >> arch/parisc/include/asm/mman.h | 14 ++++++++++++++ >> include/linux/mman.h | 8 ++++++++ >> kernel/sys.c | 7 +++++-- >> 4 files changed, 41 insertions(+), 2 deletions(-) >> create mode 100644 arch/arm/include/asm/mman.h >> create mode 100644 arch/parisc/include/asm/mman.h >> >> -- >> 2.43.0 >> >> >> _______________________________________________ >> linux-arm-kernel mailing list >> linux-arm-kernel@lists.infradead.org >> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel >> > >-- >RMK's Patch system: https://www.armlinux.org.uk/developer/patches/ >FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!