git.baikalelectronics.ru Git - kernel.git/commit

author	Dong Bo <dongbo4@huawei.com>
	Tue, 25 Apr 2017 06:11:29 +0000 (14:11 +0800)
committer	Will Deacon <will.deacon@arm.com>
	Tue, 30 May 2017 10:07:41 +0000 (11:07 +0100)
commit	16adb5981ac9cff7c9f7458ed94b4a1425b099fb
tree	a61ab57045e1c1e367453038788073d3d0333d55	tree \| snapshot
parent	119f76e1edafdb577ef46976251463fc185d8b27	commit \| diff

arm64: Preventing READ_IMPLIES_EXEC propagation

Like arch/arm/, we inherit the READ_IMPLIES_EXEC personality flag across
fork(). This is undesirable for a number of reasons:

  * ELF files that don't require executable stack can end up with it
    anyway

  * We end up performing un-necessary I-cache maintenance when mapping
    what should be non-executable pages

  * Restricting what is executable is generally desirable when defending
    against overflow attacks

This patch clears the personality flag when setting up the personality for
newly spwaned native tasks. Given that semi-recent AArch64 toolchains emit
a non-executable PT_GNU_STACK header, userspace applications can already
not rely on READ_IMPLIES_EXEC so shouldn't be adversely affected by this
change.

Cc: <stable@vger.kernel.org>
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Dong Bo <dongbo4@huawei.com>
[will: added comment to compat code, rewrote commit message]
Signed-off-by: Will Deacon <will.deacon@arm.com>