arm64/elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces
With arm64 64-bit environments, there should never be a need for automatic READ_IMPLIES_EXEC, as the architecture has always been execute-bit aware (as in, the default memory protection should be NX unless a region explicitly requests to be executable). Suggested-by: Hector Marco-Gisbert <hecmargi@upv.es> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Jason Gunthorpe <jgg@mellanox.com> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> Link: https://lkml.kernel.org/r/20200327064820.12602-7-keescook@chromium.org
This commit is contained in:
parent
eaf3f9e618
commit
6e0d6ac5f3
|
@ -105,7 +105,7 @@
|
||||||
* CPU*: | arm32 | arm64 |
|
* CPU*: | arm32 | arm64 |
|
||||||
* ELF: | | |
|
* ELF: | | |
|
||||||
* ---------------------|------------|------------|
|
* ---------------------|------------|------------|
|
||||||
* missing PT_GNU_STACK | exec-all | exec-all |
|
* missing PT_GNU_STACK | exec-all | exec-none |
|
||||||
* PT_GNU_STACK == RWX | exec-stack | exec-stack |
|
* PT_GNU_STACK == RWX | exec-stack | exec-stack |
|
||||||
* PT_GNU_STACK == RW | exec-none | exec-none |
|
* PT_GNU_STACK == RW | exec-none | exec-none |
|
||||||
*
|
*
|
||||||
|
@ -117,7 +117,7 @@
|
||||||
* *all arm64 CPUs support NX, so there is no "lacks NX" column.
|
* *all arm64 CPUs support NX, so there is no "lacks NX" column.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
#define elf_read_implies_exec(ex, stk) (stk == EXSTACK_DEFAULT)
|
#define compat_elf_read_implies_exec(ex, stk) (stk == EXSTACK_DEFAULT)
|
||||||
|
|
||||||
#define CORE_DUMP_USE_REGSET
|
#define CORE_DUMP_USE_REGSET
|
||||||
#define ELF_EXEC_PAGESIZE PAGE_SIZE
|
#define ELF_EXEC_PAGESIZE PAGE_SIZE
|
||||||
|
|
|
@ -113,6 +113,11 @@
|
||||||
#define arch_setup_additional_pages compat_arch_setup_additional_pages
|
#define arch_setup_additional_pages compat_arch_setup_additional_pages
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef compat_elf_read_implies_exec
|
||||||
|
#undef elf_read_implies_exec
|
||||||
|
#define elf_read_implies_exec compat_elf_read_implies_exec
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Rename a few of the symbols that binfmt_elf.c will define.
|
* Rename a few of the symbols that binfmt_elf.c will define.
|
||||||
* These are all local so the names don't really matter, but it
|
* These are all local so the names don't really matter, but it
|
||||||
|
|
Loading…
Reference in New Issue
Block a user