From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.5 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_PASS,URIBL_BLOCKED,USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9565C4360F for ; Thu, 4 Apr 2019 10:09:03 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6C96A20855 for ; Thu, 4 Apr 2019 10:09:03 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="fIMBSVCA" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6C96A20855 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=aHYrxDmwKZIDF19OJ/vPkVyr6Pi0pJW8yntvn1uKZ8U=; b=fIMBSVCAmDRXtB sLH2Nq0+2gP3foYETkd0UppuqVMwbrIIuwzzPuKheOGCCdcoUcs7XUUOIKqcVJYwvgU1AZlzrqYn6 jzmmXFO6nyvc8e7e1qBx7NxLv7llKQlhmbhk3tbSa0YcYUyQ9RLR3XZSjLG7jaI38rrAelOORE5uC esQLY0QLFS9Z/8/pujsK2WQs8HA1EOrHDnP76/hEeEbrxepy0cEC0gMtr0czqANoQfnUCYrNX91A9 +7uy7jtS1LLpKS9jDUYOF8LiguiGxWtllOgy2w8epYyFUXtsSqX17KaRHxt1qQMQu749AKqYC+tQ+ L5AGD8GonakCJ2LTaJOg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hBzIm-0001L4-OC; Thu, 04 Apr 2019 10:08:56 +0000 Received: from foss.arm.com ([217.140.101.70]) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hBzIi-0001H9-KR for linux-arm-kernel@lists.infradead.org; Thu, 04 Apr 2019 10:08:55 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 549A7169E; Thu, 4 Apr 2019 03:08:51 -0700 (PDT) Received: from arrakis.emea.arm.com (arrakis.cambridge.arm.com [10.1.196.78]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 66AD33F557; Thu, 4 Apr 2019 03:08:50 -0700 (PDT) Date: Thu, 4 Apr 2019 11:08:47 +0100 From: Catalin Marinas To: Vincenzo Frascino Subject: Re: [PATCH v3 4/4] arm64: compat: Add KUSER_HELPERS config option Message-ID: <20190404100847.GB43584@arrakis.emea.arm.com> References: <20190402162757.13491-1-vincenzo.frascino@arm.com> <20190402162757.13491-5-vincenzo.frascino@arm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20190402162757.13491-5-vincenzo.frascino@arm.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190404_030852_673214_0E05E6E1 X-CRM114-Status: GOOD ( 20.25 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Will Deacon , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Apr 02, 2019 at 05:27:57PM +0100, Vincenzo Frascino wrote: > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index 7e34b9eba5de..aa28884a2376 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1494,6 +1494,34 @@ config COMPAT > > If you want to execute 32-bit userspace applications, say Y. > > +config KUSER_HELPERS > + bool "Enable kuser helpers page for 32 bit applications." > + depends on COMPAT > + default y > + help > + Warning: disabling this option may break 32-bit user programs. > + > + Provide kuser helpers to compat tasks. The kernel provides > + helper code to userspace in read only form at a fixed location > + to allow userspace to be independent of the CPU type fitted to > + the system. This permits binaries to be run on ARMv4 through > + to ARMv8 without modification. > + > + See Documentation/arm/kernel_user_helpers.txt for details. > + > + However, the fixed address nature of these helpers can be used > + by ROP (return orientated programming) authors when creating > + exploits. > + > + If all of the binaries and libraries which run on your platform > + are built specifically for your platform, and make no use of > + these helpers, then you can turn this option off to hinder > + such exploits. However, in that case, if a binary or library > + relying on those helpers is run, it will not function correctly. > + > + Say N here only if you are absolutely certain that you do not > + need these helpers; otherwise, the safe option is to say Y. In order to close the potential issue with the user unmapping the vectors page in the 64K configuration, we'd need the change below as well (on top of the TASK_SIZE_32 patch I queued for -rc4). diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index 228af56ece48..fcd0e691b1ea 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -57,7 +57,7 @@ #define TASK_SIZE_64 (UL(1) << vabits_user) #ifdef CONFIG_COMPAT -#ifdef CONFIG_ARM64_64K_PAGES +#if defined(CONFIG_ARM64_64K_PAGES) && defined(CONFIG_KUSER_HELPERS) /* * With CONFIG_ARM64_64K_PAGES enabled, the last page is occupied * by the compat vectors page. -- Catalin _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel