diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-10-08 22:42:49 +0200 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-10-08 22:42:49 +0200 |
commit | 635d320abfa6dc3c0e1d00e3ceae567dd0e55a5b (patch) | |
tree | dcd42fafb9189d3be13ef3d95f9ce6f4f5cfa267 /recipes-kernel/linux/linux-hierofalcon/03-arm64-don-t-set-READ_IMPLIES_EXEC-for-EM_AARCH64-ELF.patch | |
download | meta-hierofalcon-635d320abfa6dc3c0e1d00e3ceae567dd0e55a5b.tar.gz |
initial commit for Enea Linux 5.0 arm
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'recipes-kernel/linux/linux-hierofalcon/03-arm64-don-t-set-READ_IMPLIES_EXEC-for-EM_AARCH64-ELF.patch')
-rw-r--r-- | recipes-kernel/linux/linux-hierofalcon/03-arm64-don-t-set-READ_IMPLIES_EXEC-for-EM_AARCH64-ELF.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-hierofalcon/03-arm64-don-t-set-READ_IMPLIES_EXEC-for-EM_AARCH64-ELF.patch b/recipes-kernel/linux/linux-hierofalcon/03-arm64-don-t-set-READ_IMPLIES_EXEC-for-EM_AARCH64-ELF.patch new file mode 100644 index 0000000..01701a9 --- /dev/null +++ b/recipes-kernel/linux/linux-hierofalcon/03-arm64-don-t-set-READ_IMPLIES_EXEC-for-EM_AARCH64-ELF.patch | |||
@@ -0,0 +1,54 @@ | |||
1 | From b2072dba2431de0cfef3e6fb9823537a812dd90b Mon Sep 17 00:00:00 2001 | ||
2 | From: Adrian Calianu <adrian.calianu@enea.com> | ||
3 | Date: Mon, 23 Feb 2015 16:48:43 +0100 | ||
4 | Subject: [PATCH 1/1] arm64: don't set READ_IMPLIES_EXEC for EM_AARCH64 ELF | ||
5 | objects | ||
6 | |||
7 | Currently, we're accidentally ending up with executable stacks on | ||
8 | AArch64 when the ABI says we shouldn't be, and relying on glibc to | ||
9 | fix things up for us when we're loaded. However, SELinux will deny us | ||
10 | mucking with the stack, and hit us with execmem AVCs. | ||
11 | |||
12 | current->personality & READ_IMPLIES_EXEC is currently being set for | ||
13 | AArch64 binaries, resulting in an executable stack, when no explicit | ||
14 | PT_GNU_STACK header is present. | ||
15 | |||
16 | [kmcmarti@sedition ~]$ uname -p | ||
17 | aarch64 | ||
18 | [kmcmarti@sedition ~]$ cat /proc/$$/personality | ||
19 | 00400000 | ||
20 | The reason for this is, without an explicit PT_GNU_STACK entry in the | ||
21 | binary, stk is still set to EXSTACK_DEFAULT (which should be | ||
22 | non-executable on AArch64.) As a result, elf_read_implies_exec is true, | ||
23 | and we set READ_IMPLIES_EXEC in binfmt_elf.c:load_elf_binary. | ||
24 | |||
25 | Fix this to return 0 in the native case, and parrot the logic from | ||
26 | arch/arm/kernel/elf.c otherwise. With this patch, binaries correctly | ||
27 | don't have READ_IMPLIES_EXEC set, and we can let PT_GNU_STACK change | ||
28 | things if it's explicitly requested. | ||
29 | |||
30 | Patch provided by: | ||
31 | Signed-off-by: Kyle McMartin <kyle@redhat.com> | ||
32 | |||
33 | Signed-off-by: Adrian Calianu <adrian.calianu@enea.com> | ||
34 | --- | ||
35 | arch/arm64/include/asm/elf.h | 3 ++- | ||
36 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
37 | |||
38 | diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h | ||
39 | index 1f65be3..dbc9888 100644 | ||
40 | --- a/arch/arm64/include/asm/elf.h | ||
41 | +++ b/arch/arm64/include/asm/elf.h | ||
42 | @@ -114,7 +114,8 @@ typedef struct user_fpsimd_state elf_fpregset_t; | ||
43 | */ | ||
44 | #define elf_check_arch(x) ((x)->e_machine == EM_AARCH64) | ||
45 | |||
46 | -#define elf_read_implies_exec(ex,stk) (stk != EXSTACK_DISABLE_X) | ||
47 | +#define elf_read_implies_exec(ex,stk) (test_thread_flag(TIF_32BIT) \ | ||
48 | + ? (stk == EXSTACK_ENABLE_X) : 0) | ||
49 | |||
50 | #define CORE_DUMP_USE_REGSET | ||
51 | #define ELF_EXEC_PAGESIZE PAGE_SIZE | ||
52 | -- | ||
53 | 1.9.1 | ||
54 | |||