From: Kees Cook <keescook@chromium.org>
To: Borislav Petkov <bp@alien8.de>
Cc: Jason Gunthorpe <jgg@mellanox.com>,
Hector Marco-Gisbert <hecmargi@upv.es>,
Jason Gunthorpe <jgg@ziepe.ca>,
Catalin Marinas <catalin.marinas@arm.com>,
Russell King <linux@armlinux.org.uk>,
Will Deacon <will@kernel.org>, Jann Horn <jannh@google.com>,
x86@kernel.org, linux-arm-kernel@lists.infradead.org,
kernel-hardening@lists.openwall.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4 1/6] x86/elf: Add table to document READ_IMPLIES_EXEC
Date: Thu, 12 Mar 2020 17:06:01 -0700 [thread overview]
Message-ID: <202003121705.6ABA79D8F0@keescook> (raw)
In-Reply-To: <20200311194446.GL3470@zn.tnic>
On Wed, Mar 11, 2020 at 08:44:46PM +0100, Borislav Petkov wrote:
> Ozenn Mon, Feb 24, 2020 at 09:13:02PM -0800, Kees Cook wrote:
> > Add a table to document the current behavior of READ_IMPLIES_EXEC in
> > preparation for changing the behavior.
> >
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> > Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
> > ---
> > arch/x86/include/asm/elf.h | 19 +++++++++++++++++++
> > 1 file changed, 19 insertions(+)
> >
> > diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
> > index 69c0f892e310..733f69c2b053 100644
> > --- a/arch/x86/include/asm/elf.h
> > +++ b/arch/x86/include/asm/elf.h
> > @@ -281,6 +281,25 @@ extern u32 elf_hwcap2;
> > /*
> > * An executable for which elf_read_implies_exec() returns TRUE will
> > * have the READ_IMPLIES_EXEC personality flag set automatically.
> > + *
> > + * The decision process for determining the results are:
> > + *
> > + * CPU: | lacks NX* | has NX, ia32 | has NX, x86_64 |
> > + * ELF: | | | |
> > + * -------------------------------|------------------|----------------|
> > + * missing GNU_STACK | exec-all | exec-all | exec-all |
> > + * GNU_STACK == RWX | exec-all | exec-all | exec-all |
> > + * GNU_STACK == RW | exec-none | exec-none | exec-none |
>
> In all those tables, you wanna do:
>
> s/GNU_STACK/PT_GNU_STACK/g
>
> so that it is clear what this define is.
Fair enough. :) I think I was trying to save 3 characters from earlier
tables that were wider. I'll send a v5.
Thanks!
-Kees
--
Kees Cook
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Borislav Petkov <bp@alien8.de>
Cc: Jann Horn <jannh@google.com>,
Catalin Marinas <catalin.marinas@arm.com>,
x86@kernel.org, Hector Marco-Gisbert <hecmargi@upv.es>,
Russell King <linux@armlinux.org.uk>,
linux-kernel@vger.kernel.org, Jason Gunthorpe <jgg@ziepe.ca>,
Jason Gunthorpe <jgg@mellanox.com>,
kernel-hardening@lists.openwall.com,
Will Deacon <will@kernel.org>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v4 1/6] x86/elf: Add table to document READ_IMPLIES_EXEC
Date: Thu, 12 Mar 2020 17:06:01 -0700 [thread overview]
Message-ID: <202003121705.6ABA79D8F0@keescook> (raw)
In-Reply-To: <20200311194446.GL3470@zn.tnic>
On Wed, Mar 11, 2020 at 08:44:46PM +0100, Borislav Petkov wrote:
> Ozenn Mon, Feb 24, 2020 at 09:13:02PM -0800, Kees Cook wrote:
> > Add a table to document the current behavior of READ_IMPLIES_EXEC in
> > preparation for changing the behavior.
> >
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> > Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
> > ---
> > arch/x86/include/asm/elf.h | 19 +++++++++++++++++++
> > 1 file changed, 19 insertions(+)
> >
> > diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
> > index 69c0f892e310..733f69c2b053 100644
> > --- a/arch/x86/include/asm/elf.h
> > +++ b/arch/x86/include/asm/elf.h
> > @@ -281,6 +281,25 @@ extern u32 elf_hwcap2;
> > /*
> > * An executable for which elf_read_implies_exec() returns TRUE will
> > * have the READ_IMPLIES_EXEC personality flag set automatically.
> > + *
> > + * The decision process for determining the results are:
> > + *
> > + * CPU: | lacks NX* | has NX, ia32 | has NX, x86_64 |
> > + * ELF: | | | |
> > + * -------------------------------|------------------|----------------|
> > + * missing GNU_STACK | exec-all | exec-all | exec-all |
> > + * GNU_STACK == RWX | exec-all | exec-all | exec-all |
> > + * GNU_STACK == RW | exec-none | exec-none | exec-none |
>
> In all those tables, you wanna do:
>
> s/GNU_STACK/PT_GNU_STACK/g
>
> so that it is clear what this define is.
Fair enough. :) I think I was trying to save 3 characters from earlier
tables that were wider. I'll send a v5.
Thanks!
-Kees
--
Kees Cook
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-03-13 0:06 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-25 5:13 [PATCH v4 0/6] binfmt_elf: Update READ_IMPLIES_EXEC logic for modern CPUs Kees Cook
2020-02-25 5:13 ` Kees Cook
2020-02-25 5:13 ` [PATCH v4 1/6] x86/elf: Add table to document READ_IMPLIES_EXEC Kees Cook
2020-02-25 5:13 ` Kees Cook
2020-03-11 19:44 ` Borislav Petkov
2020-03-11 19:44 ` Borislav Petkov
2020-03-13 0:06 ` Kees Cook [this message]
2020-03-13 0:06 ` Kees Cook
2020-02-25 5:13 ` [PATCH v4 2/6] x86/elf: Split READ_IMPLIES_EXEC from executable GNU_STACK Kees Cook
2020-02-25 5:13 ` Kees Cook
2020-02-25 5:13 ` [PATCH v4 3/6] x86/elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces Kees Cook
2020-02-25 5:13 ` Kees Cook
2020-02-25 5:13 ` [PATCH v4 4/6] arm32/64, elf: Add tables to document READ_IMPLIES_EXEC Kees Cook
2020-02-25 5:13 ` Kees Cook
2020-02-25 5:13 ` [PATCH v4 5/6] arm32/64, elf: Split READ_IMPLIES_EXEC from executable GNU_STACK Kees Cook
2020-02-25 5:13 ` Kees Cook
2020-02-25 5:13 ` [PATCH v4 6/6] arm64, elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces Kees Cook
2020-02-25 5:13 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202003121705.6ABA79D8F0@keescook \
--to=keescook@chromium.org \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=hecmargi@upv.es \
--cc=jannh@google.com \
--cc=jgg@mellanox.com \
--cc=jgg@ziepe.ca \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.