| Message ID | 1414144655-25204-1-git-send-email-js07.lee@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Fri, Oct 24, 2014 at 06:57:34PM +0900, Jungseung Lee wrote: > Modern ARMv7-A/R cores can optionally implement below new > hardware feature: > > - PXN: > Privileged execute-never(PXN) is a security feature. PXN bit > determines whether the processor can execute software from > the region. This is effective solution against ret2usr attack. > > This patch adds new HWCAP defines to describe new feature. > On an implementation that does not include the LPAE, PXN is > optionally supported. Why does userspace need to know about this?
On Fri, Oct 24, 2014 at 10:57:34AM +0100, Jungseung Lee wrote: > Modern ARMv7-A/R cores can optionally implement below new > hardware feature: > > - PXN: > Privileged execute-never(PXN) is a security feature. PXN bit > determines whether the processor can execute software from > the region. This is effective solution against ret2usr attack. > > This patch adds new HWCAP defines to describe new feature. > On an implementation that does not include the LPAE, PXN is > optionally supported. Why does the user need to know about such feature? Just enable it in the kernel if available.
Hi, Russell and Catalin 2014-10-24 19:11 GMT+09:00 Catalin Marinas <catalin.marinas@arm.com>: > On Fri, Oct 24, 2014 at 10:57:34AM +0100, Jungseung Lee wrote: >> Modern ARMv7-A/R cores can optionally implement below new >> hardware feature: >> >> - PXN: >> Privileged execute-never(PXN) is a security feature. PXN bit >> determines whether the processor can execute software from >> the region. This is effective solution against ret2usr attack. >> >> This patch adds new HWCAP defines to describe new feature. >> On an implementation that does not include the LPAE, PXN is >> optionally supported. > > Why does the user need to know about such feature? Just enable it in the > kernel if available. > > -- > Catalin Yes, there is no reason to need to know. I'll find another route to get vmsa and send patch later.
diff --git a/arch/arm/include/uapi/asm/hwcap.h b/arch/arm/include/uapi/asm/hwcap.h index 20d12f2..a06faba 100644 --- a/arch/arm/include/uapi/asm/hwcap.h +++ b/arch/arm/include/uapi/asm/hwcap.h @@ -27,6 +27,7 @@ #define HWCAP_IDIV (HWCAP_IDIVA | HWCAP_IDIVT) #define HWCAP_LPAE (1 << 20) #define HWCAP_EVTSTRM (1 << 21) +#define HWCAP_PXN (1 << 22) /* Privileged execute-never */ /* * HWCAP2 flags - for elf_hwcap2 (in kernel) and AT_HWCAP2 diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c index c031063..48828fe 100644 --- a/arch/arm/kernel/setup.c +++ b/arch/arm/kernel/setup.c @@ -390,6 +390,10 @@ static void __init cpuid_init_hwcaps(void) /* LPAE implies atomic ldrd/strd instructions */ vmsa = (read_cpuid_ext(CPUID_EXT_MMFR0) & 0xf) >> 0; + + if (vmsa >= 4) + elf_hwcap |= HWCAP_PXN; + if (vmsa >= 5) elf_hwcap |= HWCAP_LPAE; } @@ -1015,6 +1019,7 @@ static const char *hwcap_str[] = { "vfpd32", "lpae", "evtstrm", + "pxn", NULL };
Modern ARMv7-A/R cores can optionally implement below new hardware feature: - PXN: Privileged execute-never(PXN) is a security feature. PXN bit determines whether the processor can execute software from the region. This is effective solution against ret2usr attack. This patch adds new HWCAP defines to describe new feature. On an implementation that does not include the LPAE, PXN is optionally supported. Signed-off-by: Jungseung Lee <js07.lee@gmail.com> --- arch/arm/include/uapi/asm/hwcap.h | 1 + arch/arm/kernel/setup.c | 5 +++++ 2 files changed, 6 insertions(+)