[PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

[PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

[Zev Weiss]

Hello,

I noticed after a recent kernel update that my ARM926 system started
segfaulting on any execve() after calling prctl(PR_SET_MDWE).  After
some investigation it appears that ARMv5 is incapable of providing the
appropriate protections for MDWE, since any readable memory is also
implicitly executable.

(Note that I'm not an expert in either ARM arch details or the mm
subsystem, so please bear with me if I've botched something in the
above analysis.)

The prctl_set_mdwe() function already had some special-case logic
added disabling it on PARISC (commit 793838138c15, "prctl: Disable
prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
check to use an arch_*() function, and (2) adds a corresponding
override for ARM to disable MDWE on pre-ARMv6 CPUs.

With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
succeed instead of unconditionally failing; on ARMv6 the prctl works
as it did previously.

Since this was effectively a userspace-breaking change in v6.3 (with
newer MDWE-aware userspace on older pre-MDWE kernels the prctl would
simply fail safely) I've CCed -stable for v6.3+, though since the
patches depend on the PARISC one above it will only apply cleanly on
the linux-6.6.y and linux-6.7.y branches, since at least at time of
writing the 6.3 through 6.5 branches don't have that patch backported
(due to further missing dependencies [0]).


Thanks,
Zev

[0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/

Zev Weiss (2):
  prctl: Generalize PR_SET_MDWE support check to be per-arch
  ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6

 arch/arm/include/asm/mman.h    | 14 ++++++++++++++
 arch/parisc/include/asm/mman.h | 14 ++++++++++++++
 include/linux/mman.h           |  8 ++++++++
 kernel/sys.c                   |  7 +++++--
 4 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 arch/arm/include/asm/mman.h
 create mode 100644 arch/parisc/include/asm/mman.h

-- 
2.43.0

[PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

[Zev Weiss]

Hello,

I noticed after a recent kernel update that my ARM926 system started
segfaulting on any execve() after calling prctl(PR_SET_MDWE).  After
some investigation it appears that ARMv5 is incapable of providing the
appropriate protections for MDWE, since any readable memory is also
implicitly executable.

(Note that I'm not an expert in either ARM arch details or the mm
subsystem, so please bear with me if I've botched something in the
above analysis.)

The prctl_set_mdwe() function already had some special-case logic
added disabling it on PARISC (commit 793838138c15, "prctl: Disable
prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
check to use an arch_*() function, and (2) adds a corresponding
override for ARM to disable MDWE on pre-ARMv6 CPUs.

With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
succeed instead of unconditionally failing; on ARMv6 the prctl works
as it did previously.

Since this was effectively a userspace-breaking change in v6.3 (with
newer MDWE-aware userspace on older pre-MDWE kernels the prctl would
simply fail safely) I've CCed -stable for v6.3+, though since the
patches depend on the PARISC one above it will only apply cleanly on
the linux-6.6.y and linux-6.7.y branches, since at least at time of
writing the 6.3 through 6.5 branches don't have that patch backported
(due to further missing dependencies [0]).


Thanks,
Zev

[0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/

Zev Weiss (2):
  prctl: Generalize PR_SET_MDWE support check to be per-arch
  ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6

 arch/arm/include/asm/mman.h    | 14 ++++++++++++++
 arch/parisc/include/asm/mman.h | 14 ++++++++++++++
 include/linux/mman.h           |  8 ++++++++
 kernel/sys.c                   |  7 +++++--
 4 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 arch/arm/include/asm/mman.h
 create mode 100644 arch/parisc/include/asm/mman.h

-- 
2.43.0


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

[PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

[Zev Weiss]

Hello,

I noticed after a recent kernel update that my ARM926 system started
segfaulting on any execve() after calling prctl(PR_SET_MDWE).  After
some investigation it appears that ARMv5 is incapable of providing the
appropriate protections for MDWE, since any readable memory is also
implicitly executable.

(Note that I'm not an expert in either ARM arch details or the mm
subsystem, so please bear with me if I've botched something in the
above analysis.)

The prctl_set_mdwe() function already had some special-case logic
added disabling it on PARISC (commit 793838138c15, "prctl: Disable
prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
check to use an arch_*() function, and (2) adds a corresponding
override for ARM to disable MDWE on pre-ARMv6 CPUs.

With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
succeed instead of unconditionally failing; on ARMv6 the prctl works
as it did previously.

Since this was effectively a userspace-breaking change in v6.3 (with
newer MDWE-aware userspace on older pre-MDWE kernels the prctl would
simply fail safely) I've CCed -stable for v6.3+, though since the
patches depend on the PARISC one above it will only apply cleanly on
the linux-6.6.y and linux-6.7.y branches, since at least at time of
writing the 6.3 through 6.5 branches don't have that patch backported
(due to further missing dependencies [0]).


Thanks,
Zev

[0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/

Zev Weiss (2):
  prctl: Generalize PR_SET_MDWE support check to be per-arch
  ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6

 arch/arm/include/asm/mman.h    | 14 ++++++++++++++
 arch/parisc/include/asm/mman.h | 14 ++++++++++++++
 include/linux/mman.h           |  8 ++++++++
 kernel/sys.c                   |  7 +++++--
 4 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 arch/arm/include/asm/mman.h
 create mode 100644 arch/parisc/include/asm/mman.h

-- 
2.43.0

[PATCH 1/2] prctl: Generalize PR_SET_MDWE support check to be per-arch

[Zev Weiss]

There exist systems other than PARISC where MDWE may not be feasible
to support; rather than cluttering up the generic code with additional
arch-specific logic let's add a generic function for checking MDWE
support and allow each arch to override it as needed.

Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
Cc: <stable@vger.kernel.org> # v6.3+
---
 arch/parisc/include/asm/mman.h | 14 ++++++++++++++
 include/linux/mman.h           |  8 ++++++++
 kernel/sys.c                   |  7 +++++--
 3 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 arch/parisc/include/asm/mman.h

diff --git a/arch/parisc/include/asm/mman.h b/arch/parisc/include/asm/mman.h
new file mode 100644
index 000000000000..47c5a1991d10
--- /dev/null
+++ b/arch/parisc/include/asm/mman.h
@@ -0,0 +1,14 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __ASM_MMAN_H__
+#define __ASM_MMAN_H__
+
+#include <uapi/asm/mman.h>
+
+/* PARISC cannot allow mdwe as it needs writable stacks */
+static inline bool arch_memory_deny_write_exec_supported(void)
+{
+	return false;
+}
+#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported
+
+#endif /* __ASM_MMAN_H__ */
diff --git a/include/linux/mman.h b/include/linux/mman.h
index dc7048824be8..bcb201ab7a41 100644
--- a/include/linux/mman.h
+++ b/include/linux/mman.h
@@ -162,6 +162,14 @@ calc_vm_flag_bits(unsigned long flags)
 
 unsigned long vm_commit_limit(void);
 
+#ifndef arch_memory_deny_write_exec_supported
+static inline bool arch_memory_deny_write_exec_supported(void)
+{
+	return true;
+}
+#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported
+#endif
+
 /*
  * Denies creating a writable executable mapping or gaining executable permissions.
  *
diff --git a/kernel/sys.c b/kernel/sys.c
index e219fcfa112d..8d4bd24fa555 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2394,8 +2394,11 @@ static inline int prctl_set_mdwe(unsigned long bits, unsigned long arg3,
 	if (bits & PR_MDWE_NO_INHERIT && !(bits & PR_MDWE_REFUSE_EXEC_GAIN))
 		return -EINVAL;
 
-	/* PARISC cannot allow mdwe as it needs writable stacks */
-	if (IS_ENABLED(CONFIG_PARISC))
+	/*
+	 * EOPNOTSUPP might be more appropriate here in principle, but
+	 * existing userspace depends on EINVAL specifically.
+	 */
+	if (!arch_memory_deny_write_exec_supported())
 		return -EINVAL;
 
 	current_bits = get_current_mdwe();
-- 
2.43.0

[PATCH 1/2] prctl: Generalize PR_SET_MDWE support check to be per-arch

[Zev Weiss]

There exist systems other than PARISC where MDWE may not be feasible
to support; rather than cluttering up the generic code with additional
arch-specific logic let's add a generic function for checking MDWE
support and allow each arch to override it as needed.

Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
Cc: <stable@vger.kernel.org> # v6.3+
---
 arch/parisc/include/asm/mman.h | 14 ++++++++++++++
 include/linux/mman.h           |  8 ++++++++
 kernel/sys.c                   |  7 +++++--
 3 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 arch/parisc/include/asm/mman.h

diff --git a/arch/parisc/include/asm/mman.h b/arch/parisc/include/asm/mman.h
new file mode 100644
index 000000000000..47c5a1991d10
--- /dev/null
+++ b/arch/parisc/include/asm/mman.h
@@ -0,0 +1,14 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __ASM_MMAN_H__
+#define __ASM_MMAN_H__
+
+#include <uapi/asm/mman.h>
+
+/* PARISC cannot allow mdwe as it needs writable stacks */
+static inline bool arch_memory_deny_write_exec_supported(void)
+{
+	return false;
+}
+#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported
+
+#endif /* __ASM_MMAN_H__ */
diff --git a/include/linux/mman.h b/include/linux/mman.h
index dc7048824be8..bcb201ab7a41 100644
--- a/include/linux/mman.h
+++ b/include/linux/mman.h
@@ -162,6 +162,14 @@ calc_vm_flag_bits(unsigned long flags)
 
 unsigned long vm_commit_limit(void);
 
+#ifndef arch_memory_deny_write_exec_supported
+static inline bool arch_memory_deny_write_exec_supported(void)
+{
+	return true;
+}
+#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported
+#endif
+
 /*
  * Denies creating a writable executable mapping or gaining executable permissions.
  *
diff --git a/kernel/sys.c b/kernel/sys.c
index e219fcfa112d..8d4bd24fa555 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2394,8 +2394,11 @@ static inline int prctl_set_mdwe(unsigned long bits, unsigned long arg3,
 	if (bits & PR_MDWE_NO_INHERIT && !(bits & PR_MDWE_REFUSE_EXEC_GAIN))
 		return -EINVAL;
 
-	/* PARISC cannot allow mdwe as it needs writable stacks */
-	if (IS_ENABLED(CONFIG_PARISC))
+	/*
+	 * EOPNOTSUPP might be more appropriate here in principle, but
+	 * existing userspace depends on EINVAL specifically.
+	 */
+	if (!arch_memory_deny_write_exec_supported())
 		return -EINVAL;
 
 	current_bits = get_current_mdwe();
-- 
2.43.0

[PATCH 2/2] ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6

[Zev Weiss]

On v5 and lower CPUs we can't provide MDWE protection, so ensure we
fail any attempt to enable it via prctl(PR_SET_MDWE).

Previously such an attempt would misleadingly succeed, leading to any
subsequent mmap(PROT_READ|PROT_WRITE) or execve() failing
unconditionally (the latter somewhat violently via
force_fatal_sig(SIGSEGV) due to READ_IMPLIES_EXEC).

Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
Cc: <stable@vger.kernel.org> # v6.3+
---
 arch/arm/include/asm/mman.h | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 arch/arm/include/asm/mman.h

diff --git a/arch/arm/include/asm/mman.h b/arch/arm/include/asm/mman.h
new file mode 100644
index 000000000000..2189e507c8e0
--- /dev/null
+++ b/arch/arm/include/asm/mman.h
@@ -0,0 +1,14 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __ASM_MMAN_H__
+#define __ASM_MMAN_H__
+
+#include <asm/system_info.h>
+#include <uapi/asm/mman.h>
+
+static inline bool arch_memory_deny_write_exec_supported(void)
+{
+	return cpu_architecture() >= CPU_ARCH_ARMv6;
+}
+#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported
+
+#endif /* __ASM_MMAN_H__ */
-- 
2.43.0

[PATCH 2/2] ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6

[Zev Weiss]

On v5 and lower CPUs we can't provide MDWE protection, so ensure we
fail any attempt to enable it via prctl(PR_SET_MDWE).

Previously such an attempt would misleadingly succeed, leading to any
subsequent mmap(PROT_READ|PROT_WRITE) or execve() failing
unconditionally (the latter somewhat violently via
force_fatal_sig(SIGSEGV) due to READ_IMPLIES_EXEC).

Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
Cc: <stable@vger.kernel.org> # v6.3+
---
 arch/arm/include/asm/mman.h | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 arch/arm/include/asm/mman.h

diff --git a/arch/arm/include/asm/mman.h b/arch/arm/include/asm/mman.h
new file mode 100644
index 000000000000..2189e507c8e0
--- /dev/null
+++ b/arch/arm/include/asm/mman.h
@@ -0,0 +1,14 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __ASM_MMAN_H__
+#define __ASM_MMAN_H__
+
+#include <asm/system_info.h>
+#include <uapi/asm/mman.h>
+
+static inline bool arch_memory_deny_write_exec_supported(void)
+{
+	return cpu_architecture() >= CPU_ARCH_ARMv6;
+}
+#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported
+
+#endif /* __ASM_MMAN_H__ */
-- 
2.43.0


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

[PATCH 2/2] ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6

[Zev Weiss]

On v5 and lower CPUs we can't provide MDWE protection, so ensure we
fail any attempt to enable it via prctl(PR_SET_MDWE).

Previously such an attempt would misleadingly succeed, leading to any
subsequent mmap(PROT_READ|PROT_WRITE) or execve() failing
unconditionally (the latter somewhat violently via
force_fatal_sig(SIGSEGV) due to READ_IMPLIES_EXEC).

Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
Cc: <stable@vger.kernel.org> # v6.3+
---
 arch/arm/include/asm/mman.h | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 arch/arm/include/asm/mman.h

diff --git a/arch/arm/include/asm/mman.h b/arch/arm/include/asm/mman.h
new file mode 100644
index 000000000000..2189e507c8e0
--- /dev/null
+++ b/arch/arm/include/asm/mman.h
@@ -0,0 +1,14 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __ASM_MMAN_H__
+#define __ASM_MMAN_H__
+
+#include <asm/system_info.h>
+#include <uapi/asm/mman.h>
+
+static inline bool arch_memory_deny_write_exec_supported(void)
+{
+	return cpu_architecture() >= CPU_ARCH_ARMv6;
+}
+#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported
+
+#endif /* __ASM_MMAN_H__ */
-- 
2.43.0

Re: [PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

[Helge Deller]

Hi Zev,

On 2/8/24 02:26, Zev Weiss wrote:
> Hello,
>
> I noticed after a recent kernel update that my ARM926 system started
> segfaulting on any execve() after calling prctl(PR_SET_MDWE).  After
> some investigation it appears that ARMv5 is incapable of providing the
> appropriate protections for MDWE, since any readable memory is also
> implicitly executable.
>
> (Note that I'm not an expert in either ARM arch details or the mm
> subsystem, so please bear with me if I've botched something in the
> above analysis.)
>
> The prctl_set_mdwe() function already had some special-case logic
> added disabling it on PARISC (commit 793838138c15, "prctl: Disable
> prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
> check to use an arch_*() function, and (2) adds a corresponding
> override for ARM to disable MDWE on pre-ARMv6 CPUs.

Instead of splitting it out to a new function in mman.h,
I'd prefer having it as config option, e.g. ARCH_HAS_NO_MDWE_SUPPORT (?)
which could be checked instead.
For parisc we still want to allow mdwe in the future, we just have
to wait until most user-space programs have updated to the latest
binaries which don't need an executable stack any longer.

> With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
> subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
> succeed instead of unconditionally failing; on ARMv6 the prctl works
> as it did previously.
>
> Since this was effectively a userspace-breaking change in v6.3 (with
> newer MDWE-aware userspace on older pre-MDWE kernels the prctl would
> simply fail safely) I've CCed -stable for v6.3+, though since the
> patches depend on the PARISC one above it will only apply cleanly on
> the linux-6.6.y and linux-6.7.y branches, since at least at time of
> writing the 6.3 through 6.5 branches don't have that patch backported
> (due to further missing dependencies [0]).
> [0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/

I think you don't need to worry about that, since stable kernel series
for 6.3 up to 6.5 were stopped...

> Zev Weiss (2):
>    prctl: Generalize PR_SET_MDWE support check to be per-arch
>    ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6
>
>   arch/arm/include/asm/mman.h    | 14 ++++++++++++++
>   arch/parisc/include/asm/mman.h | 14 ++++++++++++++
>   include/linux/mman.h           |  8 ++++++++
>   kernel/sys.c                   |  7 +++++--
>   4 files changed, 41 insertions(+), 2 deletions(-)
>   create mode 100644 arch/arm/include/asm/mman.h
>   create mode 100644 arch/parisc/include/asm/mman.h
>


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

[Helge Deller]

Hi Zev,

On 2/8/24 02:26, Zev Weiss wrote:
> Hello,
>
> I noticed after a recent kernel update that my ARM926 system started
> segfaulting on any execve() after calling prctl(PR_SET_MDWE).  After
> some investigation it appears that ARMv5 is incapable of providing the
> appropriate protections for MDWE, since any readable memory is also
> implicitly executable.
>
> (Note that I'm not an expert in either ARM arch details or the mm
> subsystem, so please bear with me if I've botched something in the
> above analysis.)
>
> The prctl_set_mdwe() function already had some special-case logic
> added disabling it on PARISC (commit 793838138c15, "prctl: Disable
> prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
> check to use an arch_*() function, and (2) adds a corresponding
> override for ARM to disable MDWE on pre-ARMv6 CPUs.

Instead of splitting it out to a new function in mman.h,
I'd prefer having it as config option, e.g. ARCH_HAS_NO_MDWE_SUPPORT (?)
which could be checked instead.
For parisc we still want to allow mdwe in the future, we just have
to wait until most user-space programs have updated to the latest
binaries which don't need an executable stack any longer.

> With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
> subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
> succeed instead of unconditionally failing; on ARMv6 the prctl works
> as it did previously.
>
> Since this was effectively a userspace-breaking change in v6.3 (with
> newer MDWE-aware userspace on older pre-MDWE kernels the prctl would
> simply fail safely) I've CCed -stable for v6.3+, though since the
> patches depend on the PARISC one above it will only apply cleanly on
> the linux-6.6.y and linux-6.7.y branches, since at least at time of
> writing the 6.3 through 6.5 branches don't have that patch backported
> (due to further missing dependencies [0]).
> [0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/

I think you don't need to worry about that, since stable kernel series
for 6.3 up to 6.5 were stopped...

> Zev Weiss (2):
>    prctl: Generalize PR_SET_MDWE support check to be per-arch
>    ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6
>
>   arch/arm/include/asm/mman.h    | 14 ++++++++++++++
>   arch/parisc/include/asm/mman.h | 14 ++++++++++++++
>   include/linux/mman.h           |  8 ++++++++
>   kernel/sys.c                   |  7 +++++--
>   4 files changed, 41 insertions(+), 2 deletions(-)
>   create mode 100644 arch/arm/include/asm/mman.h
>   create mode 100644 arch/parisc/include/asm/mman.h
>

Re: [PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

[Helge Deller]

Hi Zev,

On 2/8/24 02:26, Zev Weiss wrote:
> Hello,
>
> I noticed after a recent kernel update that my ARM926 system started
> segfaulting on any execve() after calling prctl(PR_SET_MDWE).  After
> some investigation it appears that ARMv5 is incapable of providing the
> appropriate protections for MDWE, since any readable memory is also
> implicitly executable.
>
> (Note that I'm not an expert in either ARM arch details or the mm
> subsystem, so please bear with me if I've botched something in the
> above analysis.)
>
> The prctl_set_mdwe() function already had some special-case logic
> added disabling it on PARISC (commit 793838138c15, "prctl: Disable
> prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
> check to use an arch_*() function, and (2) adds a corresponding
> override for ARM to disable MDWE on pre-ARMv6 CPUs.

Instead of splitting it out to a new function in mman.h,
I'd prefer having it as config option, e.g. ARCH_HAS_NO_MDWE_SUPPORT (?)
which could be checked instead.
For parisc we still want to allow mdwe in the future, we just have
to wait until most user-space programs have updated to the latest
binaries which don't need an executable stack any longer.

> With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
> subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
> succeed instead of unconditionally failing; on ARMv6 the prctl works
> as it did previously.
>
> Since this was effectively a userspace-breaking change in v6.3 (with
> newer MDWE-aware userspace on older pre-MDWE kernels the prctl would
> simply fail safely) I've CCed -stable for v6.3+, though since the
> patches depend on the PARISC one above it will only apply cleanly on
> the linux-6.6.y and linux-6.7.y branches, since at least at time of
> writing the 6.3 through 6.5 branches don't have that patch backported
> (due to further missing dependencies [0]).
> [0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/

I think you don't need to worry about that, since stable kernel series
for 6.3 up to 6.5 were stopped...

> Zev Weiss (2):
>    prctl: Generalize PR_SET_MDWE support check to be per-arch
>    ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6
>
>   arch/arm/include/asm/mman.h    | 14 ++++++++++++++
>   arch/parisc/include/asm/mman.h | 14 ++++++++++++++
>   include/linux/mman.h           |  8 ++++++++
>   kernel/sys.c                   |  7 +++++--
>   4 files changed, 41 insertions(+), 2 deletions(-)
>   create mode 100644 arch/arm/include/asm/mman.h
>   create mode 100644 arch/parisc/include/asm/mman.h
>

Re: [PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

[Zev Weiss]

Hi Helge,

Thanks for taking a look!

On Wed, Feb 07, 2024 at 11:02:24PM PST, Helge Deller wrote:
>Hi Zev,
>
>On 2/8/24 02:26, Zev Weiss wrote:
>>Hello,
>>
>>I noticed after a recent kernel update that my ARM926 system started
>>segfaulting on any execve() after calling prctl(PR_SET_MDWE).  After
>>some investigation it appears that ARMv5 is incapable of providing the
>>appropriate protections for MDWE, since any readable memory is also
>>implicitly executable.
>>
>>(Note that I'm not an expert in either ARM arch details or the mm
>>subsystem, so please bear with me if I've botched something in the
>>above analysis.)
>>
>>The prctl_set_mdwe() function already had some special-case logic
>>added disabling it on PARISC (commit 793838138c15, "prctl: Disable
>>prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
>>check to use an arch_*() function, and (2) adds a corresponding
>>override for ARM to disable MDWE on pre-ARMv6 CPUs.
>
>Instead of splitting it out to a new function in mman.h,
>I'd prefer having it as config option, e.g. ARCH_HAS_NO_MDWE_SUPPORT (?)
>which could be checked instead.
>For parisc we still want to allow mdwe in the future, we just have
>to wait until most user-space programs have updated to the latest
>binaries which don't need an executable stack any longer.
>

I considered that, but it seems that ARM kernels at least may not know 
the answer to that question at compile-time -- see patch 2, where the 
ARM implementation does a runtime check on cpu_architecture().

>>With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
>>subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
>>succeed instead of unconditionally failing; on ARMv6 the prctl works
>>as it did previously.
>>
>>Since this was effectively a userspace-breaking change in v6.3 (with
>>newer MDWE-aware userspace on older pre-MDWE kernels the prctl would
>>simply fail safely) I've CCed -stable for v6.3+, though since the
>>patches depend on the PARISC one above it will only apply cleanly on
>>the linux-6.6.y and linux-6.7.y branches, since at least at time of
>>writing the 6.3 through 6.5 branches don't have that patch backported
>>(due to further missing dependencies [0]).
>>[0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/
>
>I think you don't need to worry about that, since stable kernel series
>for 6.3 up to 6.5 were stopped...
>

Ah, hadn't realized that -- thanks for the tip.


Zev

Re: [PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

[Zev Weiss]

Hi Helge,

Thanks for taking a look!

On Wed, Feb 07, 2024 at 11:02:24PM PST, Helge Deller wrote:
>Hi Zev,
>
>On 2/8/24 02:26, Zev Weiss wrote:
>>Hello,
>>
>>I noticed after a recent kernel update that my ARM926 system started
>>segfaulting on any execve() after calling prctl(PR_SET_MDWE).  After
>>some investigation it appears that ARMv5 is incapable of providing the
>>appropriate protections for MDWE, since any readable memory is also
>>implicitly executable.
>>
>>(Note that I'm not an expert in either ARM arch details or the mm
>>subsystem, so please bear with me if I've botched something in the
>>above analysis.)
>>
>>The prctl_set_mdwe() function already had some special-case logic
>>added disabling it on PARISC (commit 793838138c15, "prctl: Disable
>>prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
>>check to use an arch_*() function, and (2) adds a corresponding
>>override for ARM to disable MDWE on pre-ARMv6 CPUs.
>
>Instead of splitting it out to a new function in mman.h,
>I'd prefer having it as config option, e.g. ARCH_HAS_NO_MDWE_SUPPORT (?)
>which could be checked instead.
>For parisc we still want to allow mdwe in the future, we just have
>to wait until most user-space programs have updated to the latest
>binaries which don't need an executable stack any longer.
>

I considered that, but it seems that ARM kernels at least may not know 
the answer to that question at compile-time -- see patch 2, where the 
ARM implementation does a runtime check on cpu_architecture().

>>With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
>>subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
>>succeed instead of unconditionally failing; on ARMv6 the prctl works
>>as it did previously.
>>
>>Since this was effectively a userspace-breaking change in v6.3 (with
>>newer MDWE-aware userspace on older pre-MDWE kernels the prctl would
>>simply fail safely) I've CCed -stable for v6.3+, though since the
>>patches depend on the PARISC one above it will only apply cleanly on
>>the linux-6.6.y and linux-6.7.y branches, since at least at time of
>>writing the 6.3 through 6.5 branches don't have that patch backported
>>(due to further missing dependencies [0]).
>>[0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/
>
>I think you don't need to worry about that, since stable kernel series
>for 6.3 up to 6.5 were stopped...
>

Ah, hadn't realized that -- thanks for the tip.


Zev

Re: [PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

[Zev Weiss]

Hi Helge,

Thanks for taking a look!

On Wed, Feb 07, 2024 at 11:02:24PM PST, Helge Deller wrote:
>Hi Zev,
>
>On 2/8/24 02:26, Zev Weiss wrote:
>>Hello,
>>
>>I noticed after a recent kernel update that my ARM926 system started
>>segfaulting on any execve() after calling prctl(PR_SET_MDWE).  After
>>some investigation it appears that ARMv5 is incapable of providing the
>>appropriate protections for MDWE, since any readable memory is also
>>implicitly executable.
>>
>>(Note that I'm not an expert in either ARM arch details or the mm
>>subsystem, so please bear with me if I've botched something in the
>>above analysis.)
>>
>>The prctl_set_mdwe() function already had some special-case logic
>>added disabling it on PARISC (commit 793838138c15, "prctl: Disable
>>prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
>>check to use an arch_*() function, and (2) adds a corresponding
>>override for ARM to disable MDWE on pre-ARMv6 CPUs.
>
>Instead of splitting it out to a new function in mman.h,
>I'd prefer having it as config option, e.g. ARCH_HAS_NO_MDWE_SUPPORT (?)
>which could be checked instead.
>For parisc we still want to allow mdwe in the future, we just have
>to wait until most user-space programs have updated to the latest
>binaries which don't need an executable stack any longer.
>

I considered that, but it seems that ARM kernels at least may not know 
the answer to that question at compile-time -- see patch 2, where the 
ARM implementation does a runtime check on cpu_architecture().

>>With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
>>subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
>>succeed instead of unconditionally failing; on ARMv6 the prctl works
>>as it did previously.
>>
>>Since this was effectively a userspace-breaking change in v6.3 (with
>>newer MDWE-aware userspace on older pre-MDWE kernels the prctl would
>>simply fail safely) I've CCed -stable for v6.3+, though since the
>>patches depend on the PARISC one above it will only apply cleanly on
>>the linux-6.6.y and linux-6.7.y branches, since at least at time of
>>writing the 6.3 through 6.5 branches don't have that patch backported
>>(due to further missing dependencies [0]).
>>[0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/
>
>I think you don't need to worry about that, since stable kernel series
>for 6.3 up to 6.5 were stopped...
>

Ah, hadn't realized that -- thanks for the tip.


Zev


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

[Russell King (Oracle)]

Hi,

Where is patch 1 of this series? It doesn't seem to have been Cc'd to
linux-arm-kernel. Therefore, this can't be reviewed.

Thanks.

On Wed, Feb 07, 2024 at 05:26:18PM -0800, Zev Weiss wrote:
> Hello,
> 
> I noticed after a recent kernel update that my ARM926 system started
> segfaulting on any execve() after calling prctl(PR_SET_MDWE).  After
> some investigation it appears that ARMv5 is incapable of providing the
> appropriate protections for MDWE, since any readable memory is also
> implicitly executable.
> 
> (Note that I'm not an expert in either ARM arch details or the mm
> subsystem, so please bear with me if I've botched something in the
> above analysis.)
> 
> The prctl_set_mdwe() function already had some special-case logic
> added disabling it on PARISC (commit 793838138c15, "prctl: Disable
> prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
> check to use an arch_*() function, and (2) adds a corresponding
> override for ARM to disable MDWE on pre-ARMv6 CPUs.
> 
> With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
> subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
> succeed instead of unconditionally failing; on ARMv6 the prctl works
> as it did previously.
> 
> Since this was effectively a userspace-breaking change in v6.3 (with
> newer MDWE-aware userspace on older pre-MDWE kernels the prctl would
> simply fail safely) I've CCed -stable for v6.3+, though since the
> patches depend on the PARISC one above it will only apply cleanly on
> the linux-6.6.y and linux-6.7.y branches, since at least at time of
> writing the 6.3 through 6.5 branches don't have that patch backported
> (due to further missing dependencies [0]).
> 
> 
> Thanks,
> Zev
> 
> [0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/
> 
> Zev Weiss (2):
>   prctl: Generalize PR_SET_MDWE support check to be per-arch
>   ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6
> 
>  arch/arm/include/asm/mman.h    | 14 ++++++++++++++
>  arch/parisc/include/asm/mman.h | 14 ++++++++++++++
>  include/linux/mman.h           |  8 ++++++++
>  kernel/sys.c                   |  7 +++++--
>  4 files changed, 41 insertions(+), 2 deletions(-)
>  create mode 100644 arch/arm/include/asm/mman.h
>  create mode 100644 arch/parisc/include/asm/mman.h
> 
> -- 
> 2.43.0
> 
> 
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
> 

-- 
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

[Russell King (Oracle)]

Hi,

Where is patch 1 of this series? It doesn't seem to have been Cc'd to
linux-arm-kernel. Therefore, this can't be reviewed.

Thanks.

On Wed, Feb 07, 2024 at 05:26:18PM -0800, Zev Weiss wrote:
> Hello,
> 
> I noticed after a recent kernel update that my ARM926 system started
> segfaulting on any execve() after calling prctl(PR_SET_MDWE).  After
> some investigation it appears that ARMv5 is incapable of providing the
> appropriate protections for MDWE, since any readable memory is also
> implicitly executable.
> 
> (Note that I'm not an expert in either ARM arch details or the mm
> subsystem, so please bear with me if I've botched something in the
> above analysis.)
> 
> The prctl_set_mdwe() function already had some special-case logic
> added disabling it on PARISC (commit 793838138c15, "prctl: Disable
> prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
> check to use an arch_*() function, and (2) adds a corresponding
> override for ARM to disable MDWE on pre-ARMv6 CPUs.
> 
> With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
> subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
> succeed instead of unconditionally failing; on ARMv6 the prctl works
> as it did previously.
> 
> Since this was effectively a userspace-breaking change in v6.3 (with
> newer MDWE-aware userspace on older pre-MDWE kernels the prctl would
> simply fail safely) I've CCed -stable for v6.3+, though since the
> patches depend on the PARISC one above it will only apply cleanly on
> the linux-6.6.y and linux-6.7.y branches, since at least at time of
> writing the 6.3 through 6.5 branches don't have that patch backported
> (due to further missing dependencies [0]).
> 
> 
> Thanks,
> Zev
> 
> [0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/
> 
> Zev Weiss (2):
>   prctl: Generalize PR_SET_MDWE support check to be per-arch
>   ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6
> 
>  arch/arm/include/asm/mman.h    | 14 ++++++++++++++
>  arch/parisc/include/asm/mman.h | 14 ++++++++++++++
>  include/linux/mman.h           |  8 ++++++++
>  kernel/sys.c                   |  7 +++++--
>  4 files changed, 41 insertions(+), 2 deletions(-)
>  create mode 100644 arch/arm/include/asm/mman.h
>  create mode 100644 arch/parisc/include/asm/mman.h
> 
> -- 
> 2.43.0
> 
> 
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
> 

-- 
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!

Re: [PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

[Russell King (Oracle)]

Hi,

Where is patch 1 of this series? It doesn't seem to have been Cc'd to
linux-arm-kernel. Therefore, this can't be reviewed.

Thanks.

On Wed, Feb 07, 2024 at 05:26:18PM -0800, Zev Weiss wrote:
> Hello,
> 
> I noticed after a recent kernel update that my ARM926 system started
> segfaulting on any execve() after calling prctl(PR_SET_MDWE).  After
> some investigation it appears that ARMv5 is incapable of providing the
> appropriate protections for MDWE, since any readable memory is also
> implicitly executable.
> 
> (Note that I'm not an expert in either ARM arch details or the mm
> subsystem, so please bear with me if I've botched something in the
> above analysis.)
> 
> The prctl_set_mdwe() function already had some special-case logic
> added disabling it on PARISC (commit 793838138c15, "prctl: Disable
> prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
> check to use an arch_*() function, and (2) adds a corresponding
> override for ARM to disable MDWE on pre-ARMv6 CPUs.
> 
> With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
> subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
> succeed instead of unconditionally failing; on ARMv6 the prctl works
> as it did previously.
> 
> Since this was effectively a userspace-breaking change in v6.3 (with
> newer MDWE-aware userspace on older pre-MDWE kernels the prctl would
> simply fail safely) I've CCed -stable for v6.3+, though since the
> patches depend on the PARISC one above it will only apply cleanly on
> the linux-6.6.y and linux-6.7.y branches, since at least at time of
> writing the 6.3 through 6.5 branches don't have that patch backported
> (due to further missing dependencies [0]).
> 
> 
> Thanks,
> Zev
> 
> [0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/
> 
> Zev Weiss (2):
>   prctl: Generalize PR_SET_MDWE support check to be per-arch
>   ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6
> 
>  arch/arm/include/asm/mman.h    | 14 ++++++++++++++
>  arch/parisc/include/asm/mman.h | 14 ++++++++++++++
>  include/linux/mman.h           |  8 ++++++++
>  kernel/sys.c                   |  7 +++++--
>  4 files changed, 41 insertions(+), 2 deletions(-)
>  create mode 100644 arch/arm/include/asm/mman.h
>  create mode 100644 arch/parisc/include/asm/mman.h
> 
> -- 
> 2.43.0
> 
> 
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
> 

-- 
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!

Re: [PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

[Zev Weiss]

On Thu, Feb 08, 2024 at 01:20:57AM PST, Russell King (Oracle) wrote:
>Hi,
>
>Where is patch 1 of this series? It doesn't seem to have been Cc'd to
>linux-arm-kernel. Therefore, this can't be reviewed.
>

It went to (among others) the linux-parisc list, but not 
linux-arm-kernel as scripts/get_maintainers.pl didn't list it for that 
patch:
https://lore.kernel.org/lkml/20240208012620.32604-5-zev@bewilderbeest.net/

I think I've gotten differing opinions from different subsystem 
maintainers on this, but FWIW my usual default approach is to use 
scripts/get_maintainer.pl on each patch and then add the set-union of 
them all to the cover letter for context; I'll try to remember the 
preference for linux-arm-kernel though.

Is the link above sufficient for now, or shall I resend the series?


Thanks,
Zev


>Thanks.
>
>On Wed, Feb 07, 2024 at 05:26:18PM -0800, Zev Weiss wrote:
>> Hello,
>>
>> I noticed after a recent kernel update that my ARM926 system started
>> segfaulting on any execve() after calling prctl(PR_SET_MDWE).  After
>> some investigation it appears that ARMv5 is incapable of providing the
>> appropriate protections for MDWE, since any readable memory is also
>> implicitly executable.
>>
>> (Note that I'm not an expert in either ARM arch details or the mm
>> subsystem, so please bear with me if I've botched something in the
>> above analysis.)
>>
>> The prctl_set_mdwe() function already had some special-case logic
>> added disabling it on PARISC (commit 793838138c15, "prctl: Disable
>> prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
>> check to use an arch_*() function, and (2) adds a corresponding
>> override for ARM to disable MDWE on pre-ARMv6 CPUs.
>>
>> With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
>> subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
>> succeed instead of unconditionally failing; on ARMv6 the prctl works
>> as it did previously.
>>
>> Since this was effectively a userspace-breaking change in v6.3 (with
>> newer MDWE-aware userspace on older pre-MDWE kernels the prctl would
>> simply fail safely) I've CCed -stable for v6.3+, though since the
>> patches depend on the PARISC one above it will only apply cleanly on
>> the linux-6.6.y and linux-6.7.y branches, since at least at time of
>> writing the 6.3 through 6.5 branches don't have that patch backported
>> (due to further missing dependencies [0]).
>>
>>
>> Thanks,
>> Zev
>>
>> [0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/
>>
>> Zev Weiss (2):
>>   prctl: Generalize PR_SET_MDWE support check to be per-arch
>>   ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6
>>
>>  arch/arm/include/asm/mman.h    | 14 ++++++++++++++
>>  arch/parisc/include/asm/mman.h | 14 ++++++++++++++
>>  include/linux/mman.h           |  8 ++++++++
>>  kernel/sys.c                   |  7 +++++--
>>  4 files changed, 41 insertions(+), 2 deletions(-)
>>  create mode 100644 arch/arm/include/asm/mman.h
>>  create mode 100644 arch/parisc/include/asm/mman.h
>>
>> --
>> 2.43.0
>>
>>
>> _______________________________________________
>> linux-arm-kernel mailing list
>> linux-arm-kernel@lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
>>
>
>-- 
>RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
>FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!

Re: [PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

[Zev Weiss]

On Thu, Feb 08, 2024 at 01:20:57AM PST, Russell King (Oracle) wrote:
>Hi,
>
>Where is patch 1 of this series? It doesn't seem to have been Cc'd to
>linux-arm-kernel. Therefore, this can't be reviewed.
>

It went to (among others) the linux-parisc list, but not 
linux-arm-kernel as scripts/get_maintainers.pl didn't list it for that 
patch:
https://lore.kernel.org/lkml/20240208012620.32604-5-zev@bewilderbeest.net/

I think I've gotten differing opinions from different subsystem 
maintainers on this, but FWIW my usual default approach is to use 
scripts/get_maintainer.pl on each patch and then add the set-union of 
them all to the cover letter for context; I'll try to remember the 
preference for linux-arm-kernel though.

Is the link above sufficient for now, or shall I resend the series?


Thanks,
Zev


>Thanks.
>
>On Wed, Feb 07, 2024 at 05:26:18PM -0800, Zev Weiss wrote:
>> Hello,
>>
>> I noticed after a recent kernel update that my ARM926 system started
>> segfaulting on any execve() after calling prctl(PR_SET_MDWE).  After
>> some investigation it appears that ARMv5 is incapable of providing the
>> appropriate protections for MDWE, since any readable memory is also
>> implicitly executable.
>>
>> (Note that I'm not an expert in either ARM arch details or the mm
>> subsystem, so please bear with me if I've botched something in the
>> above analysis.)
>>
>> The prctl_set_mdwe() function already had some special-case logic
>> added disabling it on PARISC (commit 793838138c15, "prctl: Disable
>> prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
>> check to use an arch_*() function, and (2) adds a corresponding
>> override for ARM to disable MDWE on pre-ARMv6 CPUs.
>>
>> With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
>> subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
>> succeed instead of unconditionally failing; on ARMv6 the prctl works
>> as it did previously.
>>
>> Since this was effectively a userspace-breaking change in v6.3 (with
>> newer MDWE-aware userspace on older pre-MDWE kernels the prctl would
>> simply fail safely) I've CCed -stable for v6.3+, though since the
>> patches depend on the PARISC one above it will only apply cleanly on
>> the linux-6.6.y and linux-6.7.y branches, since at least at time of
>> writing the 6.3 through 6.5 branches don't have that patch backported
>> (due to further missing dependencies [0]).
>>
>>
>> Thanks,
>> Zev
>>
>> [0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/
>>
>> Zev Weiss (2):
>>   prctl: Generalize PR_SET_MDWE support check to be per-arch
>>   ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6
>>
>>  arch/arm/include/asm/mman.h    | 14 ++++++++++++++
>>  arch/parisc/include/asm/mman.h | 14 ++++++++++++++
>>  include/linux/mman.h           |  8 ++++++++
>>  kernel/sys.c                   |  7 +++++--
>>  4 files changed, 41 insertions(+), 2 deletions(-)
>>  create mode 100644 arch/arm/include/asm/mman.h
>>  create mode 100644 arch/parisc/include/asm/mman.h
>>
>> --
>> 2.43.0
>>
>>
>> _______________________________________________
>> linux-arm-kernel mailing list
>> linux-arm-kernel@lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
>>
>
>-- 
>RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
>FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!

Re: [PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

[Zev Weiss]

On Thu, Feb 08, 2024 at 01:20:57AM PST, Russell King (Oracle) wrote:
>Hi,
>
>Where is patch 1 of this series? It doesn't seem to have been Cc'd to
>linux-arm-kernel. Therefore, this can't be reviewed.
>

It went to (among others) the linux-parisc list, but not 
linux-arm-kernel as scripts/get_maintainers.pl didn't list it for that 
patch:
https://lore.kernel.org/lkml/20240208012620.32604-5-zev@bewilderbeest.net/

I think I've gotten differing opinions from different subsystem 
maintainers on this, but FWIW my usual default approach is to use 
scripts/get_maintainer.pl on each patch and then add the set-union of 
them all to the cover letter for context; I'll try to remember the 
preference for linux-arm-kernel though.

Is the link above sufficient for now, or shall I resend the series?


Thanks,
Zev


>Thanks.
>
>On Wed, Feb 07, 2024 at 05:26:18PM -0800, Zev Weiss wrote:
>> Hello,
>>
>> I noticed after a recent kernel update that my ARM926 system started
>> segfaulting on any execve() after calling prctl(PR_SET_MDWE).  After
>> some investigation it appears that ARMv5 is incapable of providing the
>> appropriate protections for MDWE, since any readable memory is also
>> implicitly executable.
>>
>> (Note that I'm not an expert in either ARM arch details or the mm
>> subsystem, so please bear with me if I've botched something in the
>> above analysis.)
>>
>> The prctl_set_mdwe() function already had some special-case logic
>> added disabling it on PARISC (commit 793838138c15, "prctl: Disable
>> prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
>> check to use an arch_*() function, and (2) adds a corresponding
>> override for ARM to disable MDWE on pre-ARMv6 CPUs.
>>
>> With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
>> subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
>> succeed instead of unconditionally failing; on ARMv6 the prctl works
>> as it did previously.
>>
>> Since this was effectively a userspace-breaking change in v6.3 (with
>> newer MDWE-aware userspace on older pre-MDWE kernels the prctl would
>> simply fail safely) I've CCed -stable for v6.3+, though since the
>> patches depend on the PARISC one above it will only apply cleanly on
>> the linux-6.6.y and linux-6.7.y branches, since at least at time of
>> writing the 6.3 through 6.5 branches don't have that patch backported
>> (due to further missing dependencies [0]).
>>
>>
>> Thanks,
>> Zev
>>
>> [0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/
>>
>> Zev Weiss (2):
>>   prctl: Generalize PR_SET_MDWE support check to be per-arch
>>   ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6
>>
>>  arch/arm/include/asm/mman.h    | 14 ++++++++++++++
>>  arch/parisc/include/asm/mman.h | 14 ++++++++++++++
>>  include/linux/mman.h           |  8 ++++++++
>>  kernel/sys.c                   |  7 +++++--
>>  4 files changed, 41 insertions(+), 2 deletions(-)
>>  create mode 100644 arch/arm/include/asm/mman.h
>>  create mode 100644 arch/parisc/include/asm/mman.h
>>
>> --
>> 2.43.0
>>
>>
>> _______________________________________________
>> linux-arm-kernel mailing list
>> linux-arm-kernel@lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
>>
>
>-- 
>RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
>FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel