Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1855036ybh;
        Fri, 17 Jul 2020 03:03:33 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJx51HE4xIoTcpdtWMXfdaTtLrJY78MsDDHlemQadUmzZECbyN4gIJXixanxSWiEQNKw7emJ
X-Received: by 2002:a50:fe0c:: with SMTP id f12mr8256308edt.360.1594980213187;
        Fri, 17 Jul 2020 03:03:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1594980213; cv=none;
        d=google.com; s=arc-20160816;
        b=Z8gTMaXSj43MHHkDjYkYxOqG38xXW6jb0dEOBlm6+kCt7Copx6i4hunzGLVG3mEE/G
         Vhc8R40w3d2IP2iVw9GNc+snZGeil1s+ZPygd8EIfiP8A9G7QZfiVcjauUpidCYJDiZr
         DmjG+Xl6snO32uh97jIIU8ty9Ams176D9akNYmzp0X66Ca2KQDSazOviMf5XSDHSAaJD
         8v2JNpq+SIm98mVog9s1Q7kYMXLTXDLbUHT8UosnA3hYjKPLHM0/7p51jzcnmEgMuzTq
         3TTpSjes7EccOgh3q0HWAZnZKSUARTeeBOnD/9kfw20GW6BE5cXdKvUS9rJm9bytvWhD
         YZdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date:wdcironportexception
         :ironport-sdr:ironport-sdr:ironport-sdr:dkim-signature;
        bh=Ua2MohSBBJDOWRQQ6sKQaN3WjxoER4q806yNR2N7968=;
        b=H299KpXN/eZLaSnx8pgM9J4Jispqct5pHCAIQH/+DRFAI8OyDvP6TR5r+14oU7B4hG
         ptvpZwavAfdDYvReDECGdX/h5cipgVHeFd/IrjjvrvxXDUF4bweNcJFfZ/wQjaUG31HF
         WUtcI0SPGO9ElDGSs+BzUYhLoC+JeON/fV7+IZNEzj76NLXiXW+6gK0rSTAW7eO3APLH
         aZyfokKbp8gA/b/TY+hyW67CH3el+e/C0D0PoOkNWQ6JlOJZ5EHO9FAl1G9uUcSGE1Mc
         7oCUE7jY8RdcP2MPpnMy2icTgaOdRCN2HB5BpbZk0kkt/5itLWubOfVkD9z+FsITmjEF
         otIg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@wdc.com header.s=dkim.wdc.com header.b=mRHQH2YH;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=wdc.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id mj20si4700966ejb.504.2020.07.17.03.03.10;
        Fri, 17 Jul 2020 03:03:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@wdc.com header.s=dkim.wdc.com header.b=mRHQH2YH;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=wdc.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726201AbgGQKAY (ORCPT <rfc822;zzmahb@gmail.com> + 99 others);
        Fri, 17 Jul 2020 06:00:24 -0400
Received: from esa1.hgst.iphmx.com ([68.232.141.245]:30532 "EHLO
        esa1.hgst.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725864AbgGQKAX (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 17 Jul 2020 06:00:23 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
  d=wdc.com; i=@wdc.com; q=dns/txt; s=dkim.wdc.com;
  t=1594980022; x=1626516022;
  h=date:from:to:cc:subject:in-reply-to:message-id:
   references:mime-version;
  bh=vQ2ImtfRZyj0kAtoB4fUjN5q3ds0AJVtdj0mCNHOPw8=;
  b=mRHQH2YHwIi17bE30SzNOkO6Osj7dUCH4U+yPwKO/eMlBZOMSL9JNVwY
   N0fCYE6a54bpv+XVRyEU0NeiIsicZxr32MTsCXYpsSg/GXKmaojC1t7fY
   2iF9R1+4+vcwsgYkpJkvk+naRjfKY3vIhxJLM+IC3J2yvT1yYQJzLDExG
   F/wK4M/UfEuT1OgjtmwOKNqvzKg1Kj2hbY0b3lI2qgx89pJWKfjBHAWN0
   D82izDheKxH1ytFZPUDeh76LPqpQvb/vHoa6Nao4uuDNzbd9sWdd0+Ye6
   IwRMb56ergYudwaOpT2jxYNcK2mLDyYyBrQLhX4LDy5001wStmlyfZRHy
   w==;
IronPort-SDR: A1UpebW7/PWJ6JLdUyFI7rQX4qZyGjpeQD33D4uTqS44rt+BfepdRBh8XUYfACx9EbdKYk/Y2c
 3vtsWoYBzuTaJLG220LBxr7568mVNSLKAAraPjR6dR9UzHKO+bADvE6zcXQJC1sakToN62vo5q
 NgbeiyvBm87JPPUCUxFtmnQ666fS+65aUbaNTcnZkyFIImA4/SOJ6L/1mSip2xCoTzf5QnWozc
 5yqm1N8mVC49V27cM5E1vGSCGqeyhffyvKWeGVGUi0dWx+YioAbN0t2lQmmPrhsNCoLxJCcY17
 udU=
X-IronPort-AV: E=Sophos;i="5.75,362,1589212800"; 
   d="scan'208";a="251971917"
Received: from uls-op-cesaip02.wdc.com (HELO uls-op-cesaep02.wdc.com) ([199.255.45.15])
  by ob1.hgst.iphmx.com with ESMTP; 17 Jul 2020 18:00:22 +0800
IronPort-SDR: f9vfUf2pFQWJ8+lNQ04XXBbuhljU2nuLirptshi7O7+2iWJSHKEb0ZldaqpO5YoQHH4B87NSyj
 2aH+BnDRDA07sX6hY9oSpvpmHYthkqk70=
Received: from uls-op-cesaip01.wdc.com ([10.248.3.36])
  by uls-op-cesaep02.wdc.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jul 2020 02:48:11 -0700
IronPort-SDR: Few0pq9UDnEi1rkPglf8o17OfuANd9zMmPZqD5dk+SyOrI9wD0xwtIiGehCM8iIdlFweLIXJ/l
 aZH7rRhluDzA==
WDCIronportException: Internal
Received: from unknown (HELO redsun52) ([10.149.66.28])
  by uls-op-cesaip01.wdc.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jul 2020 03:00:21 -0700
Date:   Fri, 17 Jul 2020 11:00:18 +0100 (BST)
From:   "Maciej W. Rozycki" <macro@wdc.com>
To:     Tiezhu Yang <yangtiezhu@loongson.cn>
cc:     Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
        linux-mips@vger.kernel.org, linux-kernel@vger.kernel.org,
        Kees Cook <keescook@chromium.org>,
        Xuefeng Li <lixuefeng@loongson.cn>,
        Juxin Gao <gaojuxin@loongson.cn>,
        "Maciej W. Rozycki" <macro@linux-mips.org>
Subject: Re: [PATCH] MIPS: Prevent READ_IMPLIES_EXEC propagation
In-Reply-To: <b62c76c5-3548-c3d5-ad3e-5664c463a52f@loongson.cn>
Message-ID: <alpine.LFD.2.21.2007171044320.24175@redsun52.ssa.fujisawa.hgst.com>
References: <1594114741-26852-1-git-send-email-yangtiezhu@loongson.cn> <alpine.LFD.2.21.2007072043250.31807@redsun52.ssa.fujisawa.hgst.com> <b62c76c5-3548-c3d5-ad3e-5664c463a52f@loongson.cn>
User-Agent: Alpine 2.21 (LFD 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 8 Jul 2020, Tiezhu Yang wrote:

> >> In the MIPS architecture, we should clear the security-relevant
> >> flag READ_IMPLIES_EXEC in the function SET_PERSONALITY2() of the
> >> file arch/mips/include/asm/elf.h.
> >>
> >> Otherwise, with this flag set, PROT_READ implies PROT_EXEC for
> >> mmap to make memory executable that is not safe, because this
> >> condition allows an attacker to simply jump to and execute bytes
> >> that are considered to be just data [1].
> >   Why isn't the arrangement made with `mips_elf_read_implies_exec'
> > sufficient?
> 
> We inherit the READ_IMPLIES_EXEC personality flag across fork().
> If we do not explicitly clear this flag in SET_PERSONALITY2(),
> PROT_READ implies PROT_EXEC for mmap to make memory executable
> even if used with the GCC option "-z noexecstack" when compile.

 It makes no sense to me to repeat this across all the architectures, and 
even less so to do it individually one by one as people rediscover this 
issue.

 Why don't we maintain the flag globally in `fs/binfmt_elf.c' which is 
where we already set it?  E.g.:

	SET_PERSONALITY2(*elf_ex, &arch_state);
	if (elf_read_implies_exec(*elf_ex, executable_stack))
		current->personality |= READ_IMPLIES_EXEC;
	else
		current->personality &= ~READ_IMPLIES_EXEC;

  Maciej