| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <D92VG9GT3W5D.2B71FBI67EYJ6@ventanamicro.com>
Date: Thu, 10 Apr 2025 12:03:44 +0200
From: Radim Krčmář <rkrcmar@...tanamicro.com>
To: "Deepak Gupta" <debug@...osinc.com>, "Thomas Gleixner"
<tglx@...utronix.de>, "Ingo Molnar" <mingo@...hat.com>, "Borislav Petkov"
<bp@...en8.de>, "Dave Hansen" <dave.hansen@...ux.intel.com>,
<x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>, "Andrew Morton"
<akpm@...ux-foundation.org>, "Liam R. Howlett" <Liam.Howlett@...cle.com>,
"Vlastimil Babka" <vbabka@...e.cz>, "Lorenzo Stoakes"
<lorenzo.stoakes@...cle.com>, "Paul Walmsley" <paul.walmsley@...ive.com>,
"Palmer Dabbelt" <palmer@...belt.com>, "Albert Ou" <aou@...s.berkeley.edu>,
"Conor Dooley" <conor@...nel.org>, "Rob Herring" <robh@...nel.org>,
"Krzysztof Kozlowski" <krzk+dt@...nel.org>, "Arnd Bergmann"
<arnd@...db.de>, "Christian Brauner" <brauner@...nel.org>, "Peter Zijlstra"
<peterz@...radead.org>, "Oleg Nesterov" <oleg@...hat.com>, "Eric Biederman"
<ebiederm@...ssion.com>, "Kees Cook" <kees@...nel.org>, "Jonathan Corbet"
<corbet@....net>, "Shuah Khan" <shuah@...nel.org>, "Jann Horn"
<jannh@...gle.com>, "Conor Dooley" <conor+dt@...nel.org>
Cc: <linux-kernel@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>,
<linux-mm@...ck.org>, <linux-riscv@...ts.infradead.org>,
<devicetree@...r.kernel.org>, <linux-arch@...r.kernel.org>,
<linux-doc@...r.kernel.org>, <linux-kselftest@...r.kernel.org>,
<alistair.francis@....com>, <richard.henderson@...aro.org>,
<jim.shu@...ive.com>, <andybnac@...il.com>, <kito.cheng@...ive.com>,
<charlie@...osinc.com>, <atishp@...osinc.com>, <evan@...osinc.com>,
<cleger@...osinc.com>, <alexghiti@...osinc.com>, <samitolvanen@...gle.com>,
<broonie@...nel.org>, <rick.p.edgecombe@...el.com>, "Zong Li"
<zong.li@...ive.com>, "linux-riscv"
<linux-riscv-bounces@...ts.infradead.org>
Subject: Re: [PATCH v12 06/28] riscv/mm : ensure PROT_WRITE leads to VM_READ
| VM_WRITE
2025-03-14T14:39:25-07:00, Deepak Gupta <debug@...osinc.com>:
> diff --git a/arch/riscv/include/asm/mman.h b/arch/riscv/include/asm/mman.h
> +static inline unsigned long arch_calc_vm_prot_bits(unsigned long prot,
> + unsigned long pkey __always_unused)
> +{
> + unsigned long ret = 0;
> +
> + /*
> + * If PROT_WRITE was specified, force it to VM_READ | VM_WRITE.
> + * Only VM_WRITE means shadow stack.
> + */
This function also changes PROT_WX to VM_RWX, which is effectively not
changing anything, but I think it deserves an explicit intent.
(At least in the commit message.)
> + if (prot & PROT_WRITE)
> + ret = (VM_READ | VM_WRITE);
> + return ret;
> +}
> diff --git a/arch/riscv/kernel/sys_riscv.c b/arch/riscv/kernel/sys_riscv.c
> @@ -16,6 +17,15 @@ static long riscv_sys_mmap(unsigned long addr, unsigned long len,
> + /*
> + * If PROT_WRITE is specified then extend that to PROT_READ
> + * protection_map[VM_WRITE] is now going to select shadow stack encodings.
> + * So specifying PROT_WRITE actually should select protection_map [VM_WRITE | VM_READ]
> + * If user wants to create shadow stack then they should use `map_shadow_stack` syscall.
> + */
> + if (unlikely((prot & PROT_WRITE) && !(prot & PROT_READ)))
> + prot |= PROT_READ;
Why isn't the previous hunk be enough? (Or why don't we do just this?)
riscv_sys_mmap() eventually calls arch_calc_vm_prot_bits(), so I'd
rather fix each code path just once.
Thanks.
Powered by blists - more mailing lists