Received: by 2002:a05:7412:2a8a:b0:fc:a2b0:25d7 with SMTP id u10csp678262rdh;
        Wed, 7 Feb 2024 17:27:13 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCVIiz3bjE5I3DUAL1dgs5FFYi+1X4Sik4aH7i/93mX4GRTYrTAR3sB1s6mk6Jyu0Kl4fC7Ats6skDjC7mIXyWaUrkKLjeBcGEA74GnC3Q==
X-Google-Smtp-Source: AGHT+IH/FtEIu1BCOqfvH4i9U2G24lKJ7K1gkmrXM/U9v7HfFpb7VrfF6rUIgpwk989xFcd2JQbB
X-Received: by 2002:ac8:5247:0:b0:42c:4339:f317 with SMTP id y7-20020ac85247000000b0042c4339f317mr2636694qtn.43.1707355633704;
        Wed, 07 Feb 2024 17:27:13 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1707355633; cv=pass;
        d=google.com; s=arc-20160816;
        b=ZNTkiOSPBheetN28oqx8pj5Nz8CeEJSinjb27hOiN/QQgTRhYyQK79HcE3nU6ZCVRh
         rr5x4DghYsenMjHJkTkctCkywAkxRZHq9VW/KvLcSPULCe/X0zK82HRLCP7FSa3ffyft
         rLrE+ok8teWYIvBsUyXpCZX2zKDHNTXs+A4atNAZB5Ht5kaMXcsnA5ANl5NbeluQs75R
         KfWdzWyJ3Xsfg0T4r4a41SuwL2Bh/VnnJ9v1D4QuVrsWeb06cBH5URvOKj1YEe98E4ks
         suApYwa0rP2sMHlT5zO8tN1PUQS2tEWkByXFqVbdAAGD/lnA3lUvGIxrr/bzLHQi5Ag8
         tETQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=6ONNLssa/JJa3YO5Up1AtekZAzMtVDM0uR/O3aO7Adc=;
        fh=jpbb1O6yMyOAxGMv3U3UtBpfJba0XsVEUxi2AshChwg=;
        b=HXXmR1VtvPUSyIBin2Cr3FY/ns/cYpWCNeaq8vaWDBIzVqgfkvqJeMCN5oKbhk8Nws
         03MmCKKVxKfnx1wmOFq5FZIsbFtni79Ij2PqfY1SZDir7QQbOQy6aiOLvC6+D5U/pNPT
         PzYx+irMIAicvH6Dgz/v3Q3I3ZG4IySVufSbeDMYUvArztJ3oNoyrTXEkMd27mt+RqPM
         H23GFtPJG48wiWdfCWJE1D0HKJcl0atRKyhKKB/8dcUW/f4yFwIiJua9K7bgI7l8HSiz
         fgVvo7+WDLXOhilGCWRDyOEKB1CdYEUTJvyNCYvonnmed4cc0VQaDfw796ThkuI3W0Rs
         sHLA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@bewilderbeest.net header.s=thorn header.b=irSxI+Fu;
       arc=pass (i=1 spf=pass spfdomain=bewilderbeest.net dkim=pass dkdomain=bewilderbeest.net dmarc=pass fromdomain=bewilderbeest.net);
       spf=pass (google.com: domain of linux-kernel+bounces-57365-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-57365-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=bewilderbeest.net
X-Forwarded-Encrypted: i=2; AJvYcCWyw5r18ON4Sw8DY7ZyUNa6VdzPdedgKPfomA8yhJQCxv38fDPtcGLT6SAn0jpYBw29iEZnJD96BV/5n3dGx9mUcoV/gxgAGndJySvzTA==
Return-Path: <linux-kernel+bounces-57365-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id n17-20020a05622a041100b0042c41f92d06si2176241qtx.583.2024.02.07.17.27.13
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 07 Feb 2024 17:27:13 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-57365-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@bewilderbeest.net header.s=thorn header.b=irSxI+Fu;
       arc=pass (i=1 spf=pass spfdomain=bewilderbeest.net dkim=pass dkdomain=bewilderbeest.net dmarc=pass fromdomain=bewilderbeest.net);
       spf=pass (google.com: domain of linux-kernel+bounces-57365-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-57365-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=bewilderbeest.net
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 632151C22522
	for <linux.lists.archive@gmail.com>; Thu,  8 Feb 2024 01:27:13 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 7AED62030A;
	Thu,  8 Feb 2024 01:26:39 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=bewilderbeest.net header.i=@bewilderbeest.net header.b="irSxI+Fu"
Received: from thorn.bewilderbeest.net (thorn.bewilderbeest.net [71.19.156.171])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 982541D6AA;
	Thu,  8 Feb 2024 01:26:35 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=71.19.156.171
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1707355598; cv=none; b=dF3x15Z4GqfnUzdnEchVMEfvveN4lF1OcVNpOnrWuyjO2j2c2RCOJdeyq+bHF7IFQq5SKVjR7qrliD63y6OMgLj1ekdHa0abLAVpNqXg1OA2tUmIhb2UxLtwd9FkNJlkVZhz1HcAzuDkMo6gAzMDSRpBX6t2Gd3VMbeyLztAHoc=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1707355598; c=relaxed/simple;
	bh=j6d/T+9LmwknQyPw9UW66o8FfW4OYtd1tl4c1Kp289Y=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=Q8qDgyLVtcgomhI25XuNEoSQbnU0soaYie/qCsx0TA6haSXdrLukY3mJ7AcBr13cvV+xnnd7boMywTYrNepwj8KG6AwWW7ABeVPB8kJ+3sty1Xsrrvh9mlxiXD5NR1zNoOOYGi79wMTfIejfpwnwA1nJilS2NqDUAc4mAtSDU0c=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=bewilderbeest.net; spf=pass smtp.mailfrom=bewilderbeest.net; dkim=pass (1024-bit key) header.d=bewilderbeest.net header.i=@bewilderbeest.net header.b=irSxI+Fu; arc=none smtp.client-ip=71.19.156.171
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=bewilderbeest.net
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=bewilderbeest.net
Received: from hatter.bewilderbeest.net (unknown [IPv6:2602:61:712b:6300::2])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	(Authenticated sender: zev)
	by thorn.bewilderbeest.net (Postfix) with ESMTPSA id 44659C9;
	Wed,  7 Feb 2024 17:26:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bewilderbeest.net;
	s=thorn; t=1707355588;
	bh=6ONNLssa/JJa3YO5Up1AtekZAzMtVDM0uR/O3aO7Adc=;
	h=From:To:Cc:Subject:Date:From;
	b=irSxI+FuU1hFzLtneHeVJ0eyyzW/aD27p1URn43PrNZ3mCJTaF8gG/XgUnNZoO+A/
	 oZkd4fPJQiT+LDTivSrrTc7wgokOgZn9Kdqxjenj0Yik29OMCIppa5NAZ2AV3SPt0B
	 ma0+vsxmXVNd0y/4K0ylCCx3i+O8juWJez93rPa4=
From: Zev Weiss <zev@bewilderbeest.net>
To: linux-parisc@vger.kernel.org,
	linux-arm-kernel@lists.infradead.org,
	Helge Deller <deller@gmx.de>,
	Florent Revest <revest@chromium.org>
Cc: Zev Weiss <zev@bewilderbeest.net>,
	"James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>,
	"Mike Rapoport (IBM)" <rppt@kernel.org>,
	Rick Edgecombe <rick.p.edgecombe@intel.com>,
	"Borislav Petkov (AMD)" <bp@alien8.de>,
	Andrew Morton <akpm@linux-foundation.org>,
	Yang Shi <yang@os.amperecomputing.com>,
	Stefan Roesch <shr@devkernel.io>,
	Oleg Nesterov <oleg@redhat.com>,
	David Hildenbrand <david@redhat.com>,
	Josh Triplett <josh@joshtriplett.org>,
	Ondrej Mosnacek <omosnace@redhat.com>,
	Miguel Ojeda <ojeda@kernel.org>,
	openbmc@lists.ozlabs.org,
	linux-kernel@vger.kernel.org,
	Russell King <linux@armlinux.org.uk>,
	Sam James <sam@gentoo.org>,
	stable@vger.kernel.org
Subject: [PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported
Date: Wed,  7 Feb 2024 17:26:18 -0800
Message-ID: <20240208012620.32604-4-zev@bewilderbeest.net>
X-Mailer: git-send-email 2.43.0
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Hello,

I noticed after a recent kernel update that my ARM926 system started
segfaulting on any execve() after calling prctl(PR_SET_MDWE).  After
some investigation it appears that ARMv5 is incapable of providing the
appropriate protections for MDWE, since any readable memory is also
implicitly executable.

(Note that I'm not an expert in either ARM arch details or the mm
subsystem, so please bear with me if I've botched something in the
above analysis.)

The prctl_set_mdwe() function already had some special-case logic
added disabling it on PARISC (commit 793838138c15, "prctl: Disable
prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
check to use an arch_*() function, and (2) adds a corresponding
override for ARM to disable MDWE on pre-ARMv6 CPUs.

With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
succeed instead of unconditionally failing; on ARMv6 the prctl works
as it did previously.

Since this was effectively a userspace-breaking change in v6.3 (with
newer MDWE-aware userspace on older pre-MDWE kernels the prctl would
simply fail safely) I've CCed -stable for v6.3+, though since the
patches depend on the PARISC one above it will only apply cleanly on
the linux-6.6.y and linux-6.7.y branches, since at least at time of
writing the 6.3 through 6.5 branches don't have that patch backported
(due to further missing dependencies [0]).


Thanks,
Zev

[0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/

Zev Weiss (2):
  prctl: Generalize PR_SET_MDWE support check to be per-arch
  ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6

 arch/arm/include/asm/mman.h    | 14 ++++++++++++++
 arch/parisc/include/asm/mman.h | 14 ++++++++++++++
 include/linux/mman.h           |  8 ++++++++
 kernel/sys.c                   |  7 +++++--
 4 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 arch/arm/include/asm/mman.h
 create mode 100644 arch/parisc/include/asm/mman.h

-- 
2.43.0