openbmc.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed
* [PATCH linux dev-6.6 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported
@ 2024-03-26 19:49 Zev Weiss
  2024-03-26 19:49 ` [PATCH linux dev-6.6 1/2] prctl: Generalize PR_SET_MDWE support check to be per-arch Zev Weiss
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Zev Weiss @ 2024-03-26 19:49 UTC (permalink / raw)
  To: Andrew Jeffery, Joel Stanley; +Cc: openbmc

[Re-sending as I forgot to CC the list the first time, apologies for
the duplication.]

OpenBMC on AST2400 has been badly broken for some time now due to
systemd services segfaulting on execve() after calls to
prctl(PR_SET_MDWE) spuriously succeeded.  The MMU of the ARMv5 CPU in
the AST2400 cannot meaningfully support MDWE because it lacks distinct
read & execute page permissions (read implies execute), so these
patches ensure that the prctl to enable MDWE properly fails on
hardware where it isn't supported.

These patches have been posted and approved upstream [0], and while at
time of writing they haven't yet reached mainline or stable upstream,
they're on their way and should hopefully get merged soon [1, 2].

Thanks,
Zev

[0] https://lore.kernel.org/linux-arm-kernel/20240227013546.15769-4-zev@bewilderbeest.net/
[1] https://lore.kernel.org/mm-commits/20240326180820.88CF4C43390@smtp.kernel.org/
[2] https://lore.kernel.org/mm-commits/20240326180821.BF06BC433C7@smtp.kernel.org/

Zev Weiss (2):
  prctl: Generalize PR_SET_MDWE support check to be per-arch
  ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6

 arch/arm/include/asm/mman.h    | 14 ++++++++++++++
 arch/parisc/include/asm/mman.h | 14 ++++++++++++++
 include/linux/mman.h           |  8 ++++++++
 kernel/sys.c                   |  7 +++++--
 4 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 arch/arm/include/asm/mman.h
 create mode 100644 arch/parisc/include/asm/mman.h

-- 
2.44.0


^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PATCH linux dev-6.6 1/2] prctl: Generalize PR_SET_MDWE support check to be per-arch
  2024-03-26 19:49 [PATCH linux dev-6.6 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported Zev Weiss
@ 2024-03-26 19:49 ` Zev Weiss
  2024-03-26 19:50 ` [PATCH linux dev-6.6 2/2] ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6 Zev Weiss
  2024-03-26 23:20 ` [PATCH linux dev-6.6 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported Andrew Jeffery
  2 siblings, 0 replies; 4+ messages in thread
From: Zev Weiss @ 2024-03-26 19:49 UTC (permalink / raw)
  To: Andrew Jeffery, Joel Stanley; +Cc: openbmc

There exist systems other than PARISC where MDWE may not be feasible
to support; rather than cluttering up the generic code with additional
arch-specific logic let's add a generic function for checking MDWE
support and allow each arch to override it as needed.

Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
Cc: <stable@vger.kernel.org> # v6.3+
---
 arch/parisc/include/asm/mman.h | 14 ++++++++++++++
 include/linux/mman.h           |  8 ++++++++
 kernel/sys.c                   |  7 +++++--
 3 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 arch/parisc/include/asm/mman.h

diff --git a/arch/parisc/include/asm/mman.h b/arch/parisc/include/asm/mman.h
new file mode 100644
index 000000000000..47c5a1991d10
--- /dev/null
+++ b/arch/parisc/include/asm/mman.h
@@ -0,0 +1,14 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __ASM_MMAN_H__
+#define __ASM_MMAN_H__
+
+#include <uapi/asm/mman.h>
+
+/* PARISC cannot allow mdwe as it needs writable stacks */
+static inline bool arch_memory_deny_write_exec_supported(void)
+{
+	return false;
+}
+#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported
+
+#endif /* __ASM_MMAN_H__ */
diff --git a/include/linux/mman.h b/include/linux/mman.h
index 40d94411d492..db4741007bef 100644
--- a/include/linux/mman.h
+++ b/include/linux/mman.h
@@ -161,6 +161,14 @@ calc_vm_flag_bits(unsigned long flags)
 
 unsigned long vm_commit_limit(void);
 
+#ifndef arch_memory_deny_write_exec_supported
+static inline bool arch_memory_deny_write_exec_supported(void)
+{
+	return true;
+}
+#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported
+#endif
+
 /*
  * Denies creating a writable executable mapping or gaining executable permissions.
  *
diff --git a/kernel/sys.c b/kernel/sys.c
index 7a4ae6d5aecd..44b575990333 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2395,8 +2395,11 @@ static inline int prctl_set_mdwe(unsigned long bits, unsigned long arg3,
 	if (bits & PR_MDWE_NO_INHERIT && !(bits & PR_MDWE_REFUSE_EXEC_GAIN))
 		return -EINVAL;
 
-	/* PARISC cannot allow mdwe as it needs writable stacks */
-	if (IS_ENABLED(CONFIG_PARISC))
+	/*
+	 * EOPNOTSUPP might be more appropriate here in principle, but
+	 * existing userspace depends on EINVAL specifically.
+	 */
+	if (!arch_memory_deny_write_exec_supported())
 		return -EINVAL;
 
 	current_bits = get_current_mdwe();
-- 
2.44.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH linux dev-6.6 2/2] ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6
  2024-03-26 19:49 [PATCH linux dev-6.6 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported Zev Weiss
  2024-03-26 19:49 ` [PATCH linux dev-6.6 1/2] prctl: Generalize PR_SET_MDWE support check to be per-arch Zev Weiss
@ 2024-03-26 19:50 ` Zev Weiss
  2024-03-26 23:20 ` [PATCH linux dev-6.6 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported Andrew Jeffery
  2 siblings, 0 replies; 4+ messages in thread
From: Zev Weiss @ 2024-03-26 19:50 UTC (permalink / raw)
  To: Andrew Jeffery, Joel Stanley; +Cc: openbmc

On v5 and lower CPUs we can't provide MDWE protection, so ensure we
fail any attempt to enable it via prctl(PR_SET_MDWE).

Previously such an attempt would misleadingly succeed, leading to any
subsequent mmap(PROT_READ|PROT_WRITE) or execve() failing
unconditionally (the latter somewhat violently via
force_fatal_sig(SIGSEGV) due to READ_IMPLIES_EXEC).

Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
Cc: <stable@vger.kernel.org> # v6.3+
---
 arch/arm/include/asm/mman.h | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 arch/arm/include/asm/mman.h

diff --git a/arch/arm/include/asm/mman.h b/arch/arm/include/asm/mman.h
new file mode 100644
index 000000000000..2189e507c8e0
--- /dev/null
+++ b/arch/arm/include/asm/mman.h
@@ -0,0 +1,14 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __ASM_MMAN_H__
+#define __ASM_MMAN_H__
+
+#include <asm/system_info.h>
+#include <uapi/asm/mman.h>
+
+static inline bool arch_memory_deny_write_exec_supported(void)
+{
+	return cpu_architecture() >= CPU_ARCH_ARMv6;
+}
+#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported
+
+#endif /* __ASM_MMAN_H__ */
-- 
2.44.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH linux dev-6.6 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported
  2024-03-26 19:49 [PATCH linux dev-6.6 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported Zev Weiss
  2024-03-26 19:49 ` [PATCH linux dev-6.6 1/2] prctl: Generalize PR_SET_MDWE support check to be per-arch Zev Weiss
  2024-03-26 19:50 ` [PATCH linux dev-6.6 2/2] ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6 Zev Weiss
@ 2024-03-26 23:20 ` Andrew Jeffery
  2 siblings, 0 replies; 4+ messages in thread
From: Andrew Jeffery @ 2024-03-26 23:20 UTC (permalink / raw)
  To: Zev Weiss, Joel Stanley; +Cc: openbmc

On Tue, 2024-03-26 at 12:49 -0700, Zev Weiss wrote:
> [Re-sending as I forgot to CC the list the first time, apologies for
> the duplication.]
> 
> OpenBMC on AST2400 has been badly broken for some time now due to
> systemd services segfaulting on execve() after calls to
> prctl(PR_SET_MDWE) spuriously succeeded.  The MMU of the ARMv5 CPU in
> the AST2400 cannot meaningfully support MDWE because it lacks distinct
> read & execute page permissions (read implies execute), so these
> patches ensure that the prctl to enable MDWE properly fails on
> hardware where it isn't supported.
> 
> These patches have been posted and approved upstream [0], and while at
> time of writing they haven't yet reached mainline or stable upstream,
> they're on their way and should hopefully get merged soon [1, 2].
> 

Nice, palmetto userspace behaves much better under qemu after applying
these.

Andrew

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-03-26 23:21 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-26 19:49 [PATCH linux dev-6.6 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported Zev Weiss
2024-03-26 19:49 ` [PATCH linux dev-6.6 1/2] prctl: Generalize PR_SET_MDWE support check to be per-arch Zev Weiss
2024-03-26 19:50 ` [PATCH linux dev-6.6 2/2] ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6 Zev Weiss
2024-03-26 23:20 ` [PATCH linux dev-6.6 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported Andrew Jeffery

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).