From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vincenzo Frascino Subject: [PATCH 11/27] arm64: compat: Add KUSER_HELPERS config option Date: Fri, 9 Nov 2018 12:37:14 +0000 Message-ID: <20181109123730.8743-12-vincenzo.frascino@arm.com> References: <20181109123730.8743-1-vincenzo.frascino@arm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20181109123730.8743-1-vincenzo.frascino@arm.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=m.gmane.org@lists.infradead.org To: linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Arnd Bergmann , Catalin Marinas , Daniel Lezcano , Will Deacon , Russell King , Ralf Baechle , Mark Salyzyn , Paul Burton , Thomas Gleixner , Peter Collingbourne List-Id: linux-arch.vger.kernel.org When kuser helpers are enabled the kernel maps the relative code at a fixed address (0xffff0000). Making configurable the option to disable them means that the kernel can remove this mapping and any access to this memory area results in a sigfault. This patch adds a KUSER_HELPERS config option that can be used to disable the mapping when it is turned off. This option can be turned off if and only if the applications are designed specifically for the platform and they do not make use of the kuser helpers code. Cc: Catalin Marinas Cc: Will Deacon Signed-off-by: Vincenzo Frascino --- arch/arm64/Kconfig | 21 +++++++++++++++++++++ arch/arm64/kernel/Makefile | 3 ++- arch/arm64/kernel/kuser32.S | 7 +++---- arch/arm64/kernel/vdso.c | 15 +++++++++++++++ 4 files changed, 41 insertions(+), 5 deletions(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 71ca1995a088..2c7d447401b5 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1333,6 +1333,27 @@ config COMPAT If you want to execute 32-bit userspace applications, say Y. +config KUSER_HELPERS + bool "Enable kuser helpers page for compatibility with 32 bit applications." + depends on COMPAT + default y + help + Enables kuser helpers to be mapped in a special purpose page at a fixed + address to maintain independence from the type of CPU present in the SoC. + This feature is provided for compatibility reasons in fact allows 32 bit + applications compliant with ARMv4 up to ARMv8 to run without any + modification. + + Warning: Being always mapped at a fixed address makes it easier to create + exploits based on ROP type of attacks. + + As a consequence of this, this feature is made configurable but be aware that + it can be turned off if and only if the binaries and the libraries running on + a specific platform are designed to do not make use of these helpers, otherwise + should be left on. + + See Documentation/arm/kernel_user_helpers.txt for details. + config SYSVIPC_COMPAT def_bool y depends on COMPAT && SYSVIPC diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile index 6bd4f619732a..2fcba6b87829 100644 --- a/arch/arm64/kernel/Makefile +++ b/arch/arm64/kernel/Makefile @@ -27,8 +27,9 @@ OBJCOPYFLAGS := --prefix-symbols=__efistub_ $(obj)/%.stub.o: $(obj)/%.o FORCE $(call if_changed,objcopy) -arm64-obj-$(CONFIG_COMPAT) += sys32.o kuser32.o signal32.o \ +arm64-obj-$(CONFIG_COMPAT) += sys32.o signal32.o \ sigreturn32.o sys_compat.o +arm64-obj-$(CONFIG_KUSER_HELPERS) += kuser32.o arm64-obj-$(CONFIG_FUNCTION_TRACER) += ftrace.o entry-ftrace.o arm64-obj-$(CONFIG_MODULES) += arm64ksyms.o module.o arm64-obj-$(CONFIG_ARM64_MODULE_PLTS) += module-plts.o diff --git a/arch/arm64/kernel/kuser32.S b/arch/arm64/kernel/kuser32.S index f19e2b015097..7d38633bf33f 100644 --- a/arch/arm64/kernel/kuser32.S +++ b/arch/arm64/kernel/kuser32.S @@ -5,10 +5,9 @@ * Copyright (C) 2005-2011 Nicolas Pitre * Copyright (C) 2012-2018 ARM Ltd. * - * Each segment is 32-byte aligned and will be moved to the top of the high - * vector page. New segments (if ever needed) must be added in front of - * existing ones. This mechanism should be used only for things that are - * really small and justified, and not be abused freely. + * The kuser helpers below are mapped at a fixed address by + * aarch32_setup_additional_pages() ad are provided for compatibility + * reasons with 32 bit (aarch32) applications that need them. * * See Documentation/arm/kernel_user_helpers.txt for formal definitions. */ diff --git a/arch/arm64/kernel/vdso.c b/arch/arm64/kernel/vdso.c index cee7205eefc5..8903087cca4c 100644 --- a/arch/arm64/kernel/vdso.c +++ b/arch/arm64/kernel/vdso.c @@ -74,6 +74,7 @@ static const struct vm_special_mapping aarch32_vdso_spec[2] = { }, }; +#ifdef CONFIG_KUSER_HELPERS static int aarch32_alloc_kuser_vdso_page(void) { extern char __kuser_helper_start[], __kuser_helper_end[]; @@ -95,6 +96,12 @@ static int aarch32_alloc_kuser_vdso_page(void) return 0; } +#else +static int aarch32_alloc_kuser_vdso_page(void) +{ + return 0; +} +#endif /* CONFIG_KUSER_HELPER */ static int aarch32_alloc_sigreturn_vdso_page(void) { @@ -126,6 +133,7 @@ static int __init aarch32_alloc_vdso_pages(void) } arch_initcall(aarch32_alloc_vdso_pages); +#ifdef CONFIG_KUSER_HELPERS static int aarch32_kuser_helpers_setup(struct mm_struct *mm) { void *ret; @@ -138,6 +146,13 @@ static int aarch32_kuser_helpers_setup(struct mm_struct *mm) return PTR_ERR_OR_ZERO(ret); } +#else +static int aarch32_kuser_helpers_setup(struct mm_struct *mm) +{ + /* kuser helpers not enabled */ + return 0; +} +#endif /* CONFIG_KUSER_HELPERS */ static int aarch32_sigreturn_setup(struct mm_struct *mm) { -- 2.19.1 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:58874 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727731AbeKIWSm (ORCPT ); Fri, 9 Nov 2018 17:18:42 -0500 From: Vincenzo Frascino Subject: [PATCH 11/27] arm64: compat: Add KUSER_HELPERS config option Date: Fri, 9 Nov 2018 12:37:14 +0000 Message-ID: <20181109123730.8743-12-vincenzo.frascino@arm.com> In-Reply-To: <20181109123730.8743-1-vincenzo.frascino@arm.com> References: <20181109123730.8743-1-vincenzo.frascino@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-arch-owner@vger.kernel.org List-ID: To: linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Catalin Marinas , Will Deacon , Arnd Bergmann , Russell King , Ralf Baechle , Paul Burton , Daniel Lezcano , Thomas Gleixner , Mark Salyzyn , Peter Collingbourne Message-ID: <20181109123714.BSzSZhVNXQoK2h4SKfyx7y8vqdhf6KrbTCKycs-Eybc@z> When kuser helpers are enabled the kernel maps the relative code at a fixed address (0xffff0000). Making configurable the option to disable them means that the kernel can remove this mapping and any access to this memory area results in a sigfault. This patch adds a KUSER_HELPERS config option that can be used to disable the mapping when it is turned off. This option can be turned off if and only if the applications are designed specifically for the platform and they do not make use of the kuser helpers code. Cc: Catalin Marinas Cc: Will Deacon Signed-off-by: Vincenzo Frascino --- arch/arm64/Kconfig | 21 +++++++++++++++++++++ arch/arm64/kernel/Makefile | 3 ++- arch/arm64/kernel/kuser32.S | 7 +++---- arch/arm64/kernel/vdso.c | 15 +++++++++++++++ 4 files changed, 41 insertions(+), 5 deletions(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 71ca1995a088..2c7d447401b5 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1333,6 +1333,27 @@ config COMPAT If you want to execute 32-bit userspace applications, say Y. +config KUSER_HELPERS + bool "Enable kuser helpers page for compatibility with 32 bit applications." + depends on COMPAT + default y + help + Enables kuser helpers to be mapped in a special purpose page at a fixed + address to maintain independence from the type of CPU present in the SoC. + This feature is provided for compatibility reasons in fact allows 32 bit + applications compliant with ARMv4 up to ARMv8 to run without any + modification. + + Warning: Being always mapped at a fixed address makes it easier to create + exploits based on ROP type of attacks. + + As a consequence of this, this feature is made configurable but be aware that + it can be turned off if and only if the binaries and the libraries running on + a specific platform are designed to do not make use of these helpers, otherwise + should be left on. + + See Documentation/arm/kernel_user_helpers.txt for details. + config SYSVIPC_COMPAT def_bool y depends on COMPAT && SYSVIPC diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile index 6bd4f619732a..2fcba6b87829 100644 --- a/arch/arm64/kernel/Makefile +++ b/arch/arm64/kernel/Makefile @@ -27,8 +27,9 @@ OBJCOPYFLAGS := --prefix-symbols=__efistub_ $(obj)/%.stub.o: $(obj)/%.o FORCE $(call if_changed,objcopy) -arm64-obj-$(CONFIG_COMPAT) += sys32.o kuser32.o signal32.o \ +arm64-obj-$(CONFIG_COMPAT) += sys32.o signal32.o \ sigreturn32.o sys_compat.o +arm64-obj-$(CONFIG_KUSER_HELPERS) += kuser32.o arm64-obj-$(CONFIG_FUNCTION_TRACER) += ftrace.o entry-ftrace.o arm64-obj-$(CONFIG_MODULES) += arm64ksyms.o module.o arm64-obj-$(CONFIG_ARM64_MODULE_PLTS) += module-plts.o diff --git a/arch/arm64/kernel/kuser32.S b/arch/arm64/kernel/kuser32.S index f19e2b015097..7d38633bf33f 100644 --- a/arch/arm64/kernel/kuser32.S +++ b/arch/arm64/kernel/kuser32.S @@ -5,10 +5,9 @@ * Copyright (C) 2005-2011 Nicolas Pitre * Copyright (C) 2012-2018 ARM Ltd. * - * Each segment is 32-byte aligned and will be moved to the top of the high - * vector page. New segments (if ever needed) must be added in front of - * existing ones. This mechanism should be used only for things that are - * really small and justified, and not be abused freely. + * The kuser helpers below are mapped at a fixed address by + * aarch32_setup_additional_pages() ad are provided for compatibility + * reasons with 32 bit (aarch32) applications that need them. * * See Documentation/arm/kernel_user_helpers.txt for formal definitions. */ diff --git a/arch/arm64/kernel/vdso.c b/arch/arm64/kernel/vdso.c index cee7205eefc5..8903087cca4c 100644 --- a/arch/arm64/kernel/vdso.c +++ b/arch/arm64/kernel/vdso.c @@ -74,6 +74,7 @@ static const struct vm_special_mapping aarch32_vdso_spec[2] = { }, }; +#ifdef CONFIG_KUSER_HELPERS static int aarch32_alloc_kuser_vdso_page(void) { extern char __kuser_helper_start[], __kuser_helper_end[]; @@ -95,6 +96,12 @@ static int aarch32_alloc_kuser_vdso_page(void) return 0; } +#else +static int aarch32_alloc_kuser_vdso_page(void) +{ + return 0; +} +#endif /* CONFIG_KUSER_HELPER */ static int aarch32_alloc_sigreturn_vdso_page(void) { @@ -126,6 +133,7 @@ static int __init aarch32_alloc_vdso_pages(void) } arch_initcall(aarch32_alloc_vdso_pages); +#ifdef CONFIG_KUSER_HELPERS static int aarch32_kuser_helpers_setup(struct mm_struct *mm) { void *ret; @@ -138,6 +146,13 @@ static int aarch32_kuser_helpers_setup(struct mm_struct *mm) return PTR_ERR_OR_ZERO(ret); } +#else +static int aarch32_kuser_helpers_setup(struct mm_struct *mm) +{ + /* kuser helpers not enabled */ + return 0; +} +#endif /* CONFIG_KUSER_HELPERS */ static int aarch32_sigreturn_setup(struct mm_struct *mm) { -- 2.19.1 From mboxrd@z Thu Jan 1 00:00:00 1970 From: vincenzo.frascino@arm.com (Vincenzo Frascino) Date: Fri, 9 Nov 2018 12:37:14 +0000 Subject: [PATCH 11/27] arm64: compat: Add KUSER_HELPERS config option In-Reply-To: <20181109123730.8743-1-vincenzo.frascino@arm.com> References: <20181109123730.8743-1-vincenzo.frascino@arm.com> Message-ID: <20181109123730.8743-12-vincenzo.frascino@arm.com> To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org When kuser helpers are enabled the kernel maps the relative code at a fixed address (0xffff0000). Making configurable the option to disable them means that the kernel can remove this mapping and any access to this memory area results in a sigfault. This patch adds a KUSER_HELPERS config option that can be used to disable the mapping when it is turned off. This option can be turned off if and only if the applications are designed specifically for the platform and they do not make use of the kuser helpers code. Cc: Catalin Marinas Cc: Will Deacon Signed-off-by: Vincenzo Frascino --- arch/arm64/Kconfig | 21 +++++++++++++++++++++ arch/arm64/kernel/Makefile | 3 ++- arch/arm64/kernel/kuser32.S | 7 +++---- arch/arm64/kernel/vdso.c | 15 +++++++++++++++ 4 files changed, 41 insertions(+), 5 deletions(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 71ca1995a088..2c7d447401b5 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1333,6 +1333,27 @@ config COMPAT If you want to execute 32-bit userspace applications, say Y. +config KUSER_HELPERS + bool "Enable kuser helpers page for compatibility with 32 bit applications." + depends on COMPAT + default y + help + Enables kuser helpers to be mapped in a special purpose page at a fixed + address to maintain independence from the type of CPU present in the SoC. + This feature is provided for compatibility reasons in fact allows 32 bit + applications compliant with ARMv4 up to ARMv8 to run without any + modification. + + Warning: Being always mapped at a fixed address makes it easier to create + exploits based on ROP type of attacks. + + As a consequence of this, this feature is made configurable but be aware that + it can be turned off if and only if the binaries and the libraries running on + a specific platform are designed to do not make use of these helpers, otherwise + should be left on. + + See Documentation/arm/kernel_user_helpers.txt for details. + config SYSVIPC_COMPAT def_bool y depends on COMPAT && SYSVIPC diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile index 6bd4f619732a..2fcba6b87829 100644 --- a/arch/arm64/kernel/Makefile +++ b/arch/arm64/kernel/Makefile @@ -27,8 +27,9 @@ OBJCOPYFLAGS := --prefix-symbols=__efistub_ $(obj)/%.stub.o: $(obj)/%.o FORCE $(call if_changed,objcopy) -arm64-obj-$(CONFIG_COMPAT) += sys32.o kuser32.o signal32.o \ +arm64-obj-$(CONFIG_COMPAT) += sys32.o signal32.o \ sigreturn32.o sys_compat.o +arm64-obj-$(CONFIG_KUSER_HELPERS) += kuser32.o arm64-obj-$(CONFIG_FUNCTION_TRACER) += ftrace.o entry-ftrace.o arm64-obj-$(CONFIG_MODULES) += arm64ksyms.o module.o arm64-obj-$(CONFIG_ARM64_MODULE_PLTS) += module-plts.o diff --git a/arch/arm64/kernel/kuser32.S b/arch/arm64/kernel/kuser32.S index f19e2b015097..7d38633bf33f 100644 --- a/arch/arm64/kernel/kuser32.S +++ b/arch/arm64/kernel/kuser32.S @@ -5,10 +5,9 @@ * Copyright (C) 2005-2011 Nicolas Pitre * Copyright (C) 2012-2018 ARM Ltd. * - * Each segment is 32-byte aligned and will be moved to the top of the high - * vector page. New segments (if ever needed) must be added in front of - * existing ones. This mechanism should be used only for things that are - * really small and justified, and not be abused freely. + * The kuser helpers below are mapped at a fixed address by + * aarch32_setup_additional_pages() ad are provided for compatibility + * reasons with 32 bit (aarch32) applications that need them. * * See Documentation/arm/kernel_user_helpers.txt for formal definitions. */ diff --git a/arch/arm64/kernel/vdso.c b/arch/arm64/kernel/vdso.c index cee7205eefc5..8903087cca4c 100644 --- a/arch/arm64/kernel/vdso.c +++ b/arch/arm64/kernel/vdso.c @@ -74,6 +74,7 @@ static const struct vm_special_mapping aarch32_vdso_spec[2] = { }, }; +#ifdef CONFIG_KUSER_HELPERS static int aarch32_alloc_kuser_vdso_page(void) { extern char __kuser_helper_start[], __kuser_helper_end[]; @@ -95,6 +96,12 @@ static int aarch32_alloc_kuser_vdso_page(void) return 0; } +#else +static int aarch32_alloc_kuser_vdso_page(void) +{ + return 0; +} +#endif /* CONFIG_KUSER_HELPER */ static int aarch32_alloc_sigreturn_vdso_page(void) { @@ -126,6 +133,7 @@ static int __init aarch32_alloc_vdso_pages(void) } arch_initcall(aarch32_alloc_vdso_pages); +#ifdef CONFIG_KUSER_HELPERS static int aarch32_kuser_helpers_setup(struct mm_struct *mm) { void *ret; @@ -138,6 +146,13 @@ static int aarch32_kuser_helpers_setup(struct mm_struct *mm) return PTR_ERR_OR_ZERO(ret); } +#else +static int aarch32_kuser_helpers_setup(struct mm_struct *mm) +{ + /* kuser helpers not enabled */ + return 0; +} +#endif /* CONFIG_KUSER_HELPERS */ static int aarch32_sigreturn_setup(struct mm_struct *mm) { -- 2.19.1