arm64: Revert support for execute-only user mappings
authorCatalin Marinas <catalin.marinas@arm.com>
Mon, 6 Jan 2020 14:35:39 +0000 (14:35 +0000)
committerLinus Torvalds <torvalds@linux-foundation.org>
Mon, 6 Jan 2020 18:10:07 +0000 (10:10 -0800)
commit24cecc37746393432d994c0dbc251fb9ac7c5d72
tree31d0263e96ab98623c738299c27293fb7597dd97
parentc79f46a282390e0f5b306007bf7b11a46d529538
arm64: Revert support for execute-only user mappings

The ARMv8 64-bit architecture supports execute-only user permissions by
clearing the PTE_USER and PTE_UXN bits, practically making it a mostly
privileged mapping but from which user running at EL0 can still execute.

The downside, however, is that the kernel at EL1 inadvertently reading
such mapping would not trip over the PAN (privileged access never)
protection.

Revert the relevant bits from commit cab15ce604e5 ("arm64: Introduce
execute-only page access permissions") so that PROT_EXEC implies
PROT_READ (and therefore PTE_USER) until the architecture gains proper
support for execute-only user mappings.

Fixes: cab15ce604e5 ("arm64: Introduce execute-only page access permissions")
Cc: <stable@vger.kernel.org> # 4.9.x-
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
arch/arm64/include/asm/pgtable-prot.h
arch/arm64/include/asm/pgtable.h
arch/arm64/mm/fault.c
mm/mmap.c