From: Kees Cook <keescook@chromium.org> To: Ingo Molnar <mingo@kernel.org> Cc: Kees Cook <keescook@chromium.org>, Hector Marco-Gisbert <hecmargi@upv.es>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will.deacon@arm.com>, Jason Gunthorpe <jgg@mellanox.com>, Jann Horn <jannh@google.com>, Russell King <linux@armlinux.org.uk>, x86@kernel.org, kernel-hardening@lists.openwall.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH v3 4/7] arm32/64, elf: Add tables to document READ_IMPLIES_EXEC Date: Mon, 10 Feb 2020 11:30:46 -0800 [thread overview] Message-ID: <20200210193049.64362-5-keescook@chromium.org> (raw) In-Reply-To: <20200210193049.64362-1-keescook@chromium.org> Add tables to document the current behavior of READ_IMPLIES_EXEC in preparation for changing the behavior for both arm64 and arm. Signed-off-by: Kees Cook <keescook@chromium.org> --- arch/arm/kernel/elf.c | 24 +++++++++++++++++++++--- arch/arm64/include/asm/elf.h | 20 ++++++++++++++++++++ 2 files changed, 41 insertions(+), 3 deletions(-) diff --git a/arch/arm/kernel/elf.c b/arch/arm/kernel/elf.c index 182422981386..2f69cf978fe3 100644 --- a/arch/arm/kernel/elf.c +++ b/arch/arm/kernel/elf.c @@ -78,9 +78,27 @@ void elf_set_personality(const struct elf32_hdr *x) EXPORT_SYMBOL(elf_set_personality); /* - * Set READ_IMPLIES_EXEC if: - * - the binary requires an executable stack - * - we're running on a CPU which doesn't support NX. + * An executable for which elf_read_implies_exec() returns TRUE will + * have the READ_IMPLIES_EXEC personality flag set automatically. + * + * The decision process for determining the results are: + * + * CPU: | lacks NX* | has NX | + * ELF: | | | + * -------------------------------|------------| + * missing GNU_STACK | exec-all | exec-all | + * GNU_STACK == RWX | exec-all | exec-all | + * GNU_STACK == RW | exec-all | exec-none | + * + * exec-all : all PROT_READ user mappings are executable, except when + * backed by files on a noexec-filesystem. + * exec-none : only PROT_EXEC user mappings are executable. + * + * *this column has no architectural effect: NX markings are ignored by + * hardware, but may have behavioral effects when "wants X" collides with + * "cannot be X" constraints in memory permission flags, as in + * https://lkml.kernel.org/r/20190418055759.GA3155@mellanox.com + * */ int arm_elf_read_implies_exec(int executable_stack) { diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h index b618017205a3..7fc779e3f1ec 100644 --- a/arch/arm64/include/asm/elf.h +++ b/arch/arm64/include/asm/elf.h @@ -96,6 +96,26 @@ */ #define elf_check_arch(x) ((x)->e_machine == EM_AARCH64) +/* + * An executable for which elf_read_implies_exec() returns TRUE will + * have the READ_IMPLIES_EXEC personality flag set automatically. + * + * The decision process for determining the results are: + * + * CPU*: | arm32 | arm64 | + * ELF: | | | + * -------------------------------|------------| + * missing GNU_STACK | exec-all | exec-all | + * GNU_STACK == RWX | exec-all | exec-all | + * GNU_STACK == RW | exec-none | exec-none | + * + * exec-all : all PROT_READ user mappings are executable, except when + * backed by files on a noexec-filesystem. + * exec-none : only PROT_EXEC user mappings are executable. + * + * *all arm64 CPUs support NX, so there is no "lacks NX" column. + * + */ #define elf_read_implies_exec(ex,stk) (stk != EXSTACK_DISABLE_X) #define CORE_DUMP_USE_REGSET -- 2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org> To: Ingo Molnar <mingo@kernel.org> Cc: Kees Cook <keescook@chromium.org>, Jann Horn <jannh@google.com>, Catalin Marinas <catalin.marinas@arm.com>, x86@kernel.org, Hector Marco-Gisbert <hecmargi@upv.es>, Russell King <linux@armlinux.org.uk>, Will Deacon <will.deacon@arm.com>, linux-kernel@vger.kernel.org, Jason Gunthorpe <jgg@mellanox.com>, linux-kselftest@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-arm-kernel@lists.infradead.org Subject: [PATCH v3 4/7] arm32/64, elf: Add tables to document READ_IMPLIES_EXEC Date: Mon, 10 Feb 2020 11:30:46 -0800 [thread overview] Message-ID: <20200210193049.64362-5-keescook@chromium.org> (raw) In-Reply-To: <20200210193049.64362-1-keescook@chromium.org> Add tables to document the current behavior of READ_IMPLIES_EXEC in preparation for changing the behavior for both arm64 and arm. Signed-off-by: Kees Cook <keescook@chromium.org> --- arch/arm/kernel/elf.c | 24 +++++++++++++++++++++--- arch/arm64/include/asm/elf.h | 20 ++++++++++++++++++++ 2 files changed, 41 insertions(+), 3 deletions(-) diff --git a/arch/arm/kernel/elf.c b/arch/arm/kernel/elf.c index 182422981386..2f69cf978fe3 100644 --- a/arch/arm/kernel/elf.c +++ b/arch/arm/kernel/elf.c @@ -78,9 +78,27 @@ void elf_set_personality(const struct elf32_hdr *x) EXPORT_SYMBOL(elf_set_personality); /* - * Set READ_IMPLIES_EXEC if: - * - the binary requires an executable stack - * - we're running on a CPU which doesn't support NX. + * An executable for which elf_read_implies_exec() returns TRUE will + * have the READ_IMPLIES_EXEC personality flag set automatically. + * + * The decision process for determining the results are: + * + * CPU: | lacks NX* | has NX | + * ELF: | | | + * -------------------------------|------------| + * missing GNU_STACK | exec-all | exec-all | + * GNU_STACK == RWX | exec-all | exec-all | + * GNU_STACK == RW | exec-all | exec-none | + * + * exec-all : all PROT_READ user mappings are executable, except when + * backed by files on a noexec-filesystem. + * exec-none : only PROT_EXEC user mappings are executable. + * + * *this column has no architectural effect: NX markings are ignored by + * hardware, but may have behavioral effects when "wants X" collides with + * "cannot be X" constraints in memory permission flags, as in + * https://lkml.kernel.org/r/20190418055759.GA3155@mellanox.com + * */ int arm_elf_read_implies_exec(int executable_stack) { diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h index b618017205a3..7fc779e3f1ec 100644 --- a/arch/arm64/include/asm/elf.h +++ b/arch/arm64/include/asm/elf.h @@ -96,6 +96,26 @@ */ #define elf_check_arch(x) ((x)->e_machine == EM_AARCH64) +/* + * An executable for which elf_read_implies_exec() returns TRUE will + * have the READ_IMPLIES_EXEC personality flag set automatically. + * + * The decision process for determining the results are: + * + * CPU*: | arm32 | arm64 | + * ELF: | | | + * -------------------------------|------------| + * missing GNU_STACK | exec-all | exec-all | + * GNU_STACK == RWX | exec-all | exec-all | + * GNU_STACK == RW | exec-none | exec-none | + * + * exec-all : all PROT_READ user mappings are executable, except when + * backed by files on a noexec-filesystem. + * exec-none : only PROT_EXEC user mappings are executable. + * + * *all arm64 CPUs support NX, so there is no "lacks NX" column. + * + */ #define elf_read_implies_exec(ex,stk) (stk != EXSTACK_DISABLE_X) #define CORE_DUMP_USE_REGSET -- 2.20.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-02-10 19:31 UTC|newest] Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-02-10 19:30 [PATCH v3 0/7] binfmt_elf: Update READ_IMPLIES_EXEC logic for modern CPUs Kees Cook 2020-02-10 19:30 ` Kees Cook 2020-02-10 19:30 ` [PATCH v3 1/7] x86/elf: Add table to document READ_IMPLIES_EXEC Kees Cook 2020-02-10 19:30 ` Kees Cook 2020-02-10 19:30 ` [PATCH v3 2/7] x86/elf: Split READ_IMPLIES_EXEC from executable GNU_STACK Kees Cook 2020-02-10 19:30 ` Kees Cook 2020-02-10 19:30 ` [PATCH v3 3/7] x86/elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces Kees Cook 2020-02-10 19:30 ` Kees Cook 2020-02-10 19:30 ` Kees Cook [this message] 2020-02-10 19:30 ` [PATCH v3 4/7] arm32/64, elf: Add tables to document READ_IMPLIES_EXEC Kees Cook 2020-02-12 9:27 ` Catalin Marinas 2020-02-12 9:27 ` Catalin Marinas 2020-02-10 19:30 ` [PATCH v3 5/7] arm32/64, elf: Split READ_IMPLIES_EXEC from executable GNU_STACK Kees Cook 2020-02-10 19:30 ` Kees Cook 2020-02-12 9:27 ` Catalin Marinas 2020-02-12 9:27 ` Catalin Marinas 2020-02-10 19:30 ` [PATCH v3 6/7] arm64, elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces Kees Cook 2020-02-10 19:30 ` Kees Cook 2020-02-12 9:28 ` Catalin Marinas 2020-02-12 9:28 ` Catalin Marinas 2020-02-10 19:30 ` [PATCH v3 7/7] selftests/exec: Add READ_IMPLIES_EXEC tests Kees Cook 2020-02-10 19:30 ` Kees Cook 2020-02-11 18:11 ` shuah 2020-02-11 18:11 ` shuah 2020-02-11 19:25 ` Kees Cook 2020-02-11 19:25 ` Kees Cook 2020-02-11 21:06 ` shuah 2020-02-11 21:06 ` shuah 2020-02-11 23:54 ` Kees Cook 2020-02-11 23:54 ` Kees Cook 2020-02-12 0:02 ` shuah 2020-02-12 0:02 ` shuah 2020-02-11 17:17 ` [PATCH v3 0/7] binfmt_elf: Update READ_IMPLIES_EXEC logic for modern CPUs Jason Gunthorpe 2020-02-11 17:17 ` Jason Gunthorpe
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200210193049.64362-5-keescook@chromium.org \ --to=keescook@chromium.org \ --cc=catalin.marinas@arm.com \ --cc=hecmargi@upv.es \ --cc=jannh@google.com \ --cc=jgg@mellanox.com \ --cc=kernel-hardening@lists.openwall.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-kselftest@vger.kernel.org \ --cc=linux@armlinux.org.uk \ --cc=mingo@kernel.org \ --cc=will.deacon@arm.com \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.