[PATCH 0/1][SRU][B] PAN is broken for execute-only user mappings on ARMv8
Tyler Hicks
tyhicks at canonical.com
Wed Jan 8 17:21:47 UTC 2020
BugLink: https://launchpad.net/bugs/1858815
Simple backport that is only build tested at this time. I'm relying on
our SRU tests for regression testing.
[Impact]
It was discovered that upstream kernel commit cab15ce604e5 ("arm64:
Introduce execute-only page access permissions"), which introduced
execute-only user mappings, subverted the Privileged Access Never
protections.
The fix is to effectively revert commit cab15ce604e5. This is done in
upstream kernel commit 24cecc377463 ("arm64: Revert support for
execute-only user mappings").
[Test Case]
I'm not aware of any PAN test cases. Booting our arm64 kernels on an
ARMv8 device and running through our typical regression tests is
probably the best we can do at this time.
[Regression Potential]
Touching the page handling code always carries significant risk.
However, the fix is simply reverting the change that added the
execute-only user mappings feature in v4.9.
Tyler
Catalin Marinas (1):
arm64: Revert support for execute-only user mappings
arch/arm64/include/asm/pgtable-prot.h | 5 ++---
arch/arm64/include/asm/pgtable.h | 10 +++-------
arch/arm64/mm/fault.c | 2 +-
mm/mmap.c | 6 ------
4 files changed, 6 insertions(+), 17 deletions(-)
--
2.17.1
More information about the kernel-team
mailing list