From: Kees Cook <keescook@chromium.org>
To: Borislav Petkov <bp@alien8.de>
Cc: Kees Cook <keescook@chromium.org>,
Hector Marco-Gisbert <hecmargi@upv.es>,
Jason Gunthorpe <jgg@mellanox.com>,
Jason Gunthorpe <jgg@ziepe.ca>,
Catalin Marinas <catalin.marinas@arm.com>,
Russell King <linux@armlinux.org.uk>,
Will Deacon <will@kernel.org>, Jann Horn <jannh@google.com>,
x86@kernel.org, linux-arm-kernel@lists.infradead.org,
kernel-hardening@lists.openwall.com,
linux-kernel@vger.kernel.org
Subject: [PATCH v4 3/6] x86/elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces
Date: Mon, 24 Feb 2020 21:13:04 -0800 [thread overview]
Message-ID: <20200225051307.6401-4-keescook@chromium.org> (raw)
In-Reply-To: <20200225051307.6401-1-keescook@chromium.org>
With modern x86 64-bit environments, there should never be a need for
automatic READ_IMPLIES_EXEC, as the architecture is intended to always
be execute-bit aware (as in, the default memory protection should be NX
unless a region explicitly requests to be executable).
There were very old x86_64 systems that lacked the NX bit, but for those,
the NX bit is, obviously, unenforceable, so these changes should have
no impact on them.
Suggested-by: Hector Marco-Gisbert <hecmargi@upv.es>
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
---
arch/x86/include/asm/elf.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
index a7035065377c..c9b7be0bcad3 100644
--- a/arch/x86/include/asm/elf.h
+++ b/arch/x86/include/asm/elf.h
@@ -287,7 +287,7 @@ extern u32 elf_hwcap2;
* CPU: | lacks NX* | has NX, ia32 | has NX, x86_64 |
* ELF: | | | |
* -------------------------------|------------------|----------------|
- * missing GNU_STACK | exec-all | exec-all | exec-all |
+ * missing GNU_STACK | exec-all | exec-all | exec-none |
* GNU_STACK == RWX | exec-stack | exec-stack | exec-stack |
* GNU_STACK == RW | exec-none | exec-none | exec-none |
*
@@ -303,7 +303,7 @@ extern u32 elf_hwcap2;
*
*/
#define elf_read_implies_exec(ex, executable_stack) \
- (executable_stack == EXSTACK_DEFAULT)
+ (mmap_is_ia32() && executable_stack == EXSTACK_DEFAULT)
struct task_struct;
--
2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Borislav Petkov <bp@alien8.de>
Cc: Kees Cook <keescook@chromium.org>, Jann Horn <jannh@google.com>,
Catalin Marinas <catalin.marinas@arm.com>,
x86@kernel.org, Hector Marco-Gisbert <hecmargi@upv.es>,
Russell King <linux@armlinux.org.uk>,
linux-kernel@vger.kernel.org, Jason Gunthorpe <jgg@ziepe.ca>,
Jason Gunthorpe <jgg@mellanox.com>,
kernel-hardening@lists.openwall.com,
Will Deacon <will@kernel.org>,
linux-arm-kernel@lists.infradead.org
Subject: [PATCH v4 3/6] x86/elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces
Date: Mon, 24 Feb 2020 21:13:04 -0800 [thread overview]
Message-ID: <20200225051307.6401-4-keescook@chromium.org> (raw)
In-Reply-To: <20200225051307.6401-1-keescook@chromium.org>
With modern x86 64-bit environments, there should never be a need for
automatic READ_IMPLIES_EXEC, as the architecture is intended to always
be execute-bit aware (as in, the default memory protection should be NX
unless a region explicitly requests to be executable).
There were very old x86_64 systems that lacked the NX bit, but for those,
the NX bit is, obviously, unenforceable, so these changes should have
no impact on them.
Suggested-by: Hector Marco-Gisbert <hecmargi@upv.es>
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
---
arch/x86/include/asm/elf.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
index a7035065377c..c9b7be0bcad3 100644
--- a/arch/x86/include/asm/elf.h
+++ b/arch/x86/include/asm/elf.h
@@ -287,7 +287,7 @@ extern u32 elf_hwcap2;
* CPU: | lacks NX* | has NX, ia32 | has NX, x86_64 |
* ELF: | | | |
* -------------------------------|------------------|----------------|
- * missing GNU_STACK | exec-all | exec-all | exec-all |
+ * missing GNU_STACK | exec-all | exec-all | exec-none |
* GNU_STACK == RWX | exec-stack | exec-stack | exec-stack |
* GNU_STACK == RW | exec-none | exec-none | exec-none |
*
@@ -303,7 +303,7 @@ extern u32 elf_hwcap2;
*
*/
#define elf_read_implies_exec(ex, executable_stack) \
- (executable_stack == EXSTACK_DEFAULT)
+ (mmap_is_ia32() && executable_stack == EXSTACK_DEFAULT)
struct task_struct;
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-02-25 5:13 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-25 5:13 [PATCH v4 0/6] binfmt_elf: Update READ_IMPLIES_EXEC logic for modern CPUs Kees Cook
2020-02-25 5:13 ` Kees Cook
2020-02-25 5:13 ` [PATCH v4 1/6] x86/elf: Add table to document READ_IMPLIES_EXEC Kees Cook
2020-02-25 5:13 ` Kees Cook
2020-03-11 19:44 ` Borislav Petkov
2020-03-11 19:44 ` Borislav Petkov
2020-03-13 0:06 ` Kees Cook
2020-03-13 0:06 ` Kees Cook
2020-02-25 5:13 ` [PATCH v4 2/6] x86/elf: Split READ_IMPLIES_EXEC from executable GNU_STACK Kees Cook
2020-02-25 5:13 ` Kees Cook
2020-02-25 5:13 ` Kees Cook [this message]
2020-02-25 5:13 ` [PATCH v4 3/6] x86/elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces Kees Cook
2020-02-25 5:13 ` [PATCH v4 4/6] arm32/64, elf: Add tables to document READ_IMPLIES_EXEC Kees Cook
2020-02-25 5:13 ` Kees Cook
2020-02-25 5:13 ` [PATCH v4 5/6] arm32/64, elf: Split READ_IMPLIES_EXEC from executable GNU_STACK Kees Cook
2020-02-25 5:13 ` Kees Cook
2020-02-25 5:13 ` [PATCH v4 6/6] arm64, elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces Kees Cook
2020-02-25 5:13 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200225051307.6401-4-keescook@chromium.org \
--to=keescook@chromium.org \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=hecmargi@upv.es \
--cc=jannh@google.com \
--cc=jgg@mellanox.com \
--cc=jgg@ziepe.ca \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.