ACK: [PATCH 0/1][SRU][B] PAN is broken for execute-only user mappings on ARMv8
Connor Kuehl
connor.kuehl at canonical.com
Wed Jan 8 18:47:40 UTC 2020
On 1/8/20 9:21 AM, Tyler Hicks wrote:
> BugLink: https://launchpad.net/bugs/1858815
>
> Simple backport that is only build tested at this time. I'm relying on
> our SRU tests for regression testing.
>
> [Impact]
>
> It was discovered that upstream kernel commit cab15ce604e5 ("arm64:
> Introduce execute-only page access permissions"), which introduced
> execute-only user mappings, subverted the Privileged Access Never
> protections.
>
> The fix is to effectively revert commit cab15ce604e5. This is done in
> upstream kernel commit 24cecc377463 ("arm64: Revert support for
> execute-only user mappings").
>
> [Test Case]
>
> I'm not aware of any PAN test cases. Booting our arm64 kernels on an
> ARMv8 device and running through our typical regression tests is
> probably the best we can do at this time.
>
> [Regression Potential]
>
> Touching the page handling code always carries significant risk.
> However, the fix is simply reverting the change that added the
> execute-only user mappings feature in v4.9.
>
> Tyler
>
> Catalin Marinas (1):
> arm64: Revert support for execute-only user mappings
>
> arch/arm64/include/asm/pgtable-prot.h | 5 ++---
> arch/arm64/include/asm/pgtable.h | 10 +++-------
> arch/arm64/mm/fault.c | 2 +-
> mm/mmap.c | 6 ------
> 4 files changed, 6 insertions(+), 17 deletions(-)
>
Acked-by: Connor Kuehl <connor.kuehl at canonical.com>
More information about the kernel-team
mailing list