Commit 6e0d6ac5 authored Mar 26, 2020 by Kees Cook Committed by Borislav Petkov Apr 20, 2020

arm64/elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces



With arm64 64-bit environments, there should never be a need for automatic
READ_IMPLIES_EXEC, as the architecture has always been execute-bit aware
(as in, the default memory protection should be NX unless a region
explicitly requests to be executable).

Suggested-by: Hector Marco-Gisbert <hecmargi@upv.es>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Link: https://lkml.kernel.org/r/20200327064820.12602-7-keescook@chromium.org

parent eaf3f9e6

arch/arm64/include/asm/elf.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -105,7 +105,7 @@
		* CPU*: \| arm32 \| arm64 \|
		* ELF: \| \| \|
		* ---------------------\|------------\|------------\|
		* missing PT_GNU_STACK \| exec-all \| exec-all \|
		* missing PT_GNU_STACK \| exec-all \| exec-none \|
		* PT_GNU_STACK == RWX \| exec-stack \| exec-stack \|
		* PT_GNU_STACK == RW \| exec-none \| exec-none \|
		*
		@@ -117,7 +117,7 @@
		* *all arm64 CPUs support NX, so there is no "lacks NX" column.
		*
		*/
		#define elf_read_implies_exec(ex, stk) (stk == EXSTACK_DEFAULT)
		#define compat_elf_read_implies_exec(ex, stk) (stk == EXSTACK_DEFAULT)

		#define CORE_DUMP_USE_REGSET
		#define ELF_EXEC_PAGESIZE PAGE_SIZE

fs/compat_binfmt_elf.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -113,6 +113,11 @@
		#define arch_setup_additional_pages compat_arch_setup_additional_pages
		#endif

		#ifdef compat_elf_read_implies_exec
		#undef elf_read_implies_exec
		#define elf_read_implies_exec compat_elf_read_implies_exec
		#endif

		/*
		* Rename a few of the symbols that binfmt_elf.c will define.
		* These are all local so the names don't really matter, but it