diff options
| author |   Vincenzo Frascino <vincenzo.frascino@arm.com> | 2019-04-15 10:49:37 +0100 |
|---|---|---|
| committer |   Will Deacon <will.deacon@arm.com> | 2019-04-23 18:01:58 +0100 |
| commit | af1b3cf2c2a3f42bbb680812ff1bbd715ac8af69 (patch) | |
| tree | 67550d4018c6cc1e368214556d744317da53e689 /arch/arm64 | |
| parent | arm64: compat: Refactor aarch32_alloc_vdso_pages() (diff) | |
| download | linux-dev-af1b3cf2c2a3f42bbb680812ff1bbd715ac8af69.tar.xz linux-dev-af1b3cf2c2a3f42bbb680812ff1bbd715ac8af69.zip | |
arm64: compat: Add KUSER_HELPERS config option
When kuser helpers are enabled the kernel maps the relative code at
a fixed address (0xffff0000). Making configurable the option to disable
them means that the kernel can remove this mapping and any access to
this memory area results in a sigfault.
Add a KUSER_HELPERS config option that can be used to disable the
mapping when it is turned off.
This option can be turned off if and only if the applications are
designed specifically for the platform and they do not make use of the
kuser helpers code.
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
[will: Use IS_ENABLED() instead of #ifdef]
Signed-off-by: Will Deacon <will.deacon@arm.com>
Diffstat (limited to 'arch/arm64')
| -rw-r--r-- | arch/arm64/Kconfig | 28 | ||||
| -rw-r--r-- | arch/arm64/kernel/Makefile | 3 | ||||
| -rw-r--r-- | arch/arm64/kernel/kuser32.S | 7 | ||||
| -rw-r--r-- | arch/arm64/kernel/vdso.c | 6 |
4 files changed, 39 insertions, 5 deletions
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index c383625ec02c..0861a6f5ee4a 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1498,6 +1498,34 @@ config COMPAT If you want to execute 32-bit userspace applications, say Y. +config KUSER_HELPERS + bool "Enable kuser helpers page for 32 bit applications." + depends on COMPAT + default y + help + Warning: disabling this option may break 32-bit user programs. + + Provide kuser helpers to compat tasks. The kernel provides + helper code to userspace in read only form at a fixed location + to allow userspace to be independent of the CPU type fitted to + the system. This permits binaries to be run on ARMv4 through + to ARMv8 without modification. + + See Documentation/arm/kernel_user_helpers.txt for details. + + However, the fixed address nature of these helpers can be used + by ROP (return orientated programming) authors when creating + exploits. + + If all of the binaries and libraries which run on your platform + are built specifically for your platform, and make no use of + these helpers, then you can turn this option off to hinder + such exploits. However, in that case, if a binary or library + relying on those helpers is run, it will not function correctly. + + Say N here only if you are absolutely certain that you do not + need these helpers; otherwise, the safe option is to say Y. + config SYSVIPC_COMPAT def_bool y depends on COMPAT && SYSVIPC diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile index c18c34d56029..9e7dcb2c31c7 100644 --- a/arch/arm64/kernel/Makefile +++ b/arch/arm64/kernel/Makefile @@ -27,8 +27,9 @@ OBJCOPYFLAGS := --prefix-symbols=__efistub_ $(obj)/%.stub.o: $(obj)/%.o FORCE $(call if_changed,objcopy) -obj-$(CONFIG_COMPAT) += sys32.o kuser32.o signal32.o \ +obj-$(CONFIG_COMPAT) += sys32.o signal32.o \ sigreturn32.o sys_compat.o +obj-$(CONFIG_KUSER_HELPERS) += kuser32.o obj-$(CONFIG_FUNCTION_TRACER) += ftrace.o entry-ftrace.o obj-$(CONFIG_MODULES) += module.o obj-$(CONFIG_ARM64_MODULE_PLTS) += module-plts.o diff --git a/arch/arm64/kernel/kuser32.S b/arch/arm64/kernel/kuser32.S index c5f2bbafd723..49825e9e421e 100644 --- a/arch/arm64/kernel/kuser32.S +++ b/arch/arm64/kernel/kuser32.S @@ -6,10 +6,9 @@ * Copyright (C) 2005-2011 Nicolas Pitre <nico@fluxnic.net> * Copyright (C) 2012-2018 ARM Ltd. * - * Each segment is 32-byte aligned and will be moved to the top of the high - * vector page. New segments (if ever needed) must be added in front of - * existing ones. This mechanism should be used only for things that are - * really small and justified, and not be abused freely. + * The kuser helpers below are mapped at a fixed address by + * aarch32_setup_additional_pages() and are provided for compatibility + * reasons with 32 bit (aarch32) applications that need them. * * See Documentation/arm/kernel_user_helpers.txt for formal definitions. */ diff --git a/arch/arm64/kernel/vdso.c b/arch/arm64/kernel/vdso.c index 41f4d75bbc14..8074cbd3a3a8 100644 --- a/arch/arm64/kernel/vdso.c +++ b/arch/arm64/kernel/vdso.c @@ -74,6 +74,9 @@ static int aarch32_alloc_kuser_vdso_page(void) int kuser_sz = __kuser_helper_end - __kuser_helper_start; unsigned long vdso_page; + if (!IS_ENABLED(CONFIG_KUSER_HELPERS)) + return 0; + vdso_page = get_zeroed_page(GFP_ATOMIC); if (!vdso_page) return -ENOMEM; @@ -112,6 +115,9 @@ static int aarch32_kuser_helpers_setup(struct mm_struct *mm) { void *ret; + if (!IS_ENABLED(CONFIG_KUSER_HELPERS)) + return 0; + /* * Avoid VM_MAYWRITE for compatibility with arch/arm/, where it's * not safe to CoW the page containing the CPU exception vectors. |