• Dong Bo's avatar
    arm64: Preventing READ_IMPLIES_EXEC propagation · 48f99c8e
    Dong Bo authored
    Like arch/arm/, we inherit the READ_IMPLIES_EXEC personality flag across
    fork(). This is undesirable for a number of reasons:
    
      * ELF files that don't require executable stack can end up with it
        anyway
    
      * We end up performing un-necessary I-cache maintenance when mapping
        what should be non-executable pages
    
      * Restricting what is executable is generally desirable when defending
        against overflow attacks
    
    This patch clears the personality flag when setting up the personality for
    newly spwaned native tasks. Given that semi-recent AArch64 toolchains emit
    a non-executable PT_GNU_STACK header, userspace applications can already
    not rely on READ_IMPLIES_EXEC so shouldn't be adversely affected by this
    change.
    
    Cc: <stable@vger.kernel.org>
    Reported-by: default avatarPeter Maydell <peter.maydell@linaro.org>
    Signed-off-by: default avatarDong Bo <dongbo4@huawei.com>
    [will: added comment to compat code, rewrote commit message]
    Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
    48f99c8e
elf.h 5.84 KB