* [PATCH] arm: mm: Kconfig: Disable KUSER_HELPERS in ARMv6 or later as default
@ 2018-03-06 11:22 Jinbum Park
2018-03-06 11:28 ` Russell King - ARM Linux
0 siblings, 1 reply; 2+ messages in thread
From: Jinbum Park @ 2018-03-06 11:22 UTC (permalink / raw)
To: linux-arm-kernel, linux-kernel, kernel-hardening
Cc: gregkh, vladimir.murzin, keescook, will.deacon, mark.rutland,
catalin.marinas
Codes for KUSER_HELPERS can be abused as ROP gadaget,
So that It's better to disable that as if possible.
Since over ARMv6 has ldrex/strex at user-space,
NEED_KUSER_HELPERS is not selected for over ARMv6.
But, Even though NEED_KUSER_HELPERS is not selected,
current configuration enable KUSER_HELPERS as default.
* as-is
- Enable KUSER_HELPERS as default even though over ARMv6.
- User can disable KUSER_HELPERS.
* to-be
- Disable KUSER_HELPERS in ARMv6 or later as default.
- User can enable KUSER_HELPERS for compatibility.
This change removes the unnecessary configuration that has security-risk.
Signed-off-by: Jinbum Park <jinb.park7@gmail.com>
---
arch/arm/mm/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
index 7f14acf..40e5fe5 100644
--- a/arch/arm/mm/Kconfig
+++ b/arch/arm/mm/Kconfig
@@ -840,7 +840,7 @@ config NEED_KUSER_HELPERS
config KUSER_HELPERS
bool "Enable kuser helpers in vector page" if !NEED_KUSER_HELPERS
depends on MMU
- default y
+ default y if NEED_KUSER_HELPERS
help
Warning: disabling this option may break user programs.
--
1.9.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] arm: mm: Kconfig: Disable KUSER_HELPERS in ARMv6 or later as default
2018-03-06 11:22 [PATCH] arm: mm: Kconfig: Disable KUSER_HELPERS in ARMv6 or later as default Jinbum Park
@ 2018-03-06 11:28 ` Russell King - ARM Linux
0 siblings, 0 replies; 2+ messages in thread
From: Russell King - ARM Linux @ 2018-03-06 11:28 UTC (permalink / raw)
To: Jinbum Park
Cc: linux-arm-kernel, linux-kernel, kernel-hardening, mark.rutland,
vladimir.murzin, keescook, gregkh, will.deacon, catalin.marinas
On Tue, Mar 06, 2018 at 08:22:41PM +0900, Jinbum Park wrote:
> Codes for KUSER_HELPERS can be abused as ROP gadaget,
> So that It's better to disable that as if possible.
>
> Since over ARMv6 has ldrex/strex at user-space,
> NEED_KUSER_HELPERS is not selected for over ARMv6.
>
> But, Even though NEED_KUSER_HELPERS is not selected,
> current configuration enable KUSER_HELPERS as default.
>
> * as-is
>
> - Enable KUSER_HELPERS as default even though over ARMv6.
> - User can disable KUSER_HELPERS.
>
> * to-be
>
> - Disable KUSER_HELPERS in ARMv6 or later as default.
> - User can enable KUSER_HELPERS for compatibility.
>
> This change removes the unnecessary configuration that has security-risk.
NAK.
It is not this trivial or easy to make this change - you are assuming
that userspace does not use these, which is in incorrect assumption -
there are armhf distros out there that make use of the kuser helpers,
which means we can't disable it by default without causing userspace
regressions.
Therefore, it defaults to being enabled, unless someone decides to
disable it and knows for certain that their userspace does not depend
on this - it's a choice that distros have to make when building their
kernels with the knowledge of how their distro userspace is configured.
--
RMK's Patch system: http://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line in suburbia: sync at 8.8Mbps down 630kbps up
According to speedtest.net: 8.21Mbps down 510kbps up
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-03-06 11:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-06 11:22 [PATCH] arm: mm: Kconfig: Disable KUSER_HELPERS in ARMv6 or later as default Jinbum Park
2018-03-06 11:28 ` Russell King - ARM Linux
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).