| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <D9EV6ZHETDM6.36DJZQTQ487O1@ventanamicro.com> Date: Thu, 24 Apr 2025 14:23:37 +0200 From: Radim Krčmář <rkrcmar@...tanamicro.com> To: "Deepak Gupta" <debug@...osinc.com> Cc: "Thomas Gleixner" <tglx@...utronix.de>, "Ingo Molnar" <mingo@...hat.com>, "Borislav Petkov" <bp@...en8.de>, "Dave Hansen" <dave.hansen@...ux.intel.com>, <x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>, "Andrew Morton" <akpm@...ux-foundation.org>, "Liam R. Howlett" <Liam.Howlett@...cle.com>, "Vlastimil Babka" <vbabka@...e.cz>, "Lorenzo Stoakes" <lorenzo.stoakes@...cle.com>, "Paul Walmsley" <paul.walmsley@...ive.com>, "Palmer Dabbelt" <palmer@...belt.com>, "Albert Ou" <aou@...s.berkeley.edu>, "Conor Dooley" <conor@...nel.org>, "Rob Herring" <robh@...nel.org>, "Krzysztof Kozlowski" <krzk+dt@...nel.org>, "Arnd Bergmann" <arnd@...db.de>, "Christian Brauner" <brauner@...nel.org>, "Peter Zijlstra" <peterz@...radead.org>, "Oleg Nesterov" <oleg@...hat.com>, "Eric Biederman" <ebiederm@...ssion.com>, "Kees Cook" <kees@...nel.org>, "Jonathan Corbet" <corbet@....net>, "Shuah Khan" <shuah@...nel.org>, "Jann Horn" <jannh@...gle.com>, "Conor Dooley" <conor+dt@...nel.org>, <linux-kernel@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>, <linux-mm@...ck.org>, <linux-riscv@...ts.infradead.org>, <devicetree@...r.kernel.org>, <linux-arch@...r.kernel.org>, <linux-doc@...r.kernel.org>, <linux-kselftest@...r.kernel.org>, <alistair.francis@....com>, <richard.henderson@...aro.org>, <jim.shu@...ive.com>, <andybnac@...il.com>, <kito.cheng@...ive.com>, <charlie@...osinc.com>, <atishp@...osinc.com>, <evan@...osinc.com>, <cleger@...osinc.com>, <alexghiti@...osinc.com>, <samitolvanen@...gle.com>, <broonie@...nel.org>, <rick.p.edgecombe@...el.com>, "Zong Li" <zong.li@...ive.com>, "linux-riscv" <linux-riscv-bounces@...ts.infradead.org> Subject: Re: [PATCH v12 06/28] riscv/mm : ensure PROT_WRITE leads to VM_READ | VM_WRITE 2025-04-23T17:45:53-07:00, Deepak Gupta <debug@...osinc.com>: > On Thu, Apr 10, 2025 at 12:03:44PM +0200, Radim Krčmář wrote: >>2025-03-14T14:39:25-07:00, Deepak Gupta <debug@...osinc.com>: >>> diff --git a/arch/riscv/kernel/sys_riscv.c b/arch/riscv/kernel/sys_riscv.c >>> @@ -16,6 +17,15 @@ static long riscv_sys_mmap(unsigned long addr, unsigned long len, >>> + /* >>> + * If PROT_WRITE is specified then extend that to PROT_READ >>> + * protection_map[VM_WRITE] is now going to select shadow stack encodings. >>> + * So specifying PROT_WRITE actually should select protection_map [VM_WRITE | VM_READ] >>> + * If user wants to create shadow stack then they should use `map_shadow_stack` syscall. >>> + */ >>> + if (unlikely((prot & PROT_WRITE) && !(prot & PROT_READ))) >>> + prot |= PROT_READ; >> >>Why isn't the previous hunk be enough? (Or why don't we do just this?) >> >>riscv_sys_mmap() eventually calls arch_calc_vm_prot_bits(), so I'd >>rather fix each code path just once. > > You're right. Above hunk (arch/riscv/include/asm/mman.h) alone should be enough. > I did this change in `sys_riscv.c` out of caution. If it feels like un-necessary, > I'll remove it. No hard feelings either way. I think it makes the code harder to reason about. Here it is not clear why this caller of ksys_mmap_pgoff() has to do this, while others don't.
Powered by blists - more mailing lists