git.proxmox.com Git - mirror_ubuntu-eoan-kernel.git/commit

arm64: Revert support for execute-only user mappings

BugLink: https://launchpad.net/bugs/1858815
The ARMv8 64-bit architecture supports execute-only user permissions by
clearing the PTE_USER and PTE_UXN bits, practically making it a mostly
privileged mapping but from which user running at EL0 can still execute.

The downside, however, is that the kernel at EL1 inadvertently reading
such mapping would not trip over the PAN (privileged access never)
protection.

Revert the relevant bits from commit cab15ce604e5 ("arm64: Introduce
execute-only page access permissions") so that PROT_EXEC implies
PROT_READ (and therefore PTE_USER) until the architecture gains proper
support for execute-only user mappings.

Fixes: cab15ce604e5 ("arm64: Introduce execute-only page access permissions")
Cc: <stable@vger.kernel.org> # 4.9.x-
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit 24cecc37746393432d994c0dbc251fb9ac7c5d72)
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
Acked-by: Connor Kuehl <connor.kuehl@canonical.com>
Signed-off-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>

author	Catalin Marinas <catalin.marinas@arm.com>
	Wed, 8 Jan 2020 17:20:59 +0000 (17:20 +0000)
committer	Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
	Tue, 14 Jan 2020 22:53:37 +0000 (19:53 -0300)
commit	bb2c329ad5411a1e05986177f8bf3e1da0e839bb
tree	573818880ce536dd84fe7790a0ecb58546f092ec	tree
parent	053aaf9831ab2ef147d20bd1ba730ac152469a8f	commit \| diff

arch/arm64/include/asm/pgtable-prot.h		diff \| blob \| blame \| history
arch/arm64/include/asm/pgtable.h		diff \| blob \| blame \| history
arch/arm64/mm/fault.c		diff \| blob \| blame \| history
mm/mmap.c		diff \| blob \| blame \| history