[PATCH 0/2] arm64: Implement WXN using MDWE hook

Ard Biesheuvel ardb+git at google.com
Thu Mar 14 02:48:05 PDT 2024 

From: Ard Biesheuvel <ardb at kernel.org>

While the patches to implement WXN support were under review, the kernel
grew another hook in the mmap()/mprotect() code that is more suitable
for introducing a check against an arch-defined policy whether mappings
that are both writable and executable are permitted at all.

So add this hook, and wire up WXN support on top of it.

This supersedes

cb1a393c40ee mm: add arch hook to validate mmap() prot flag
50e3ed0f93f4 arm64: mm: add support for WXN memory translation attribute

which have been reverted in the arm64/for-next core tree.

Catalin raised the question how this is supposed to interoperate with
Permission Indirection and Permission Overlays, and -while those new CPU
features are entirely undocumented as of yet- the conclusion seems to be
that WXN is only useful on cores that lack those new features, as they
are mutually exclusive with WXN, and disabling them just in favor of WXN
seems unwise. Given that WXN is too coarse grained to honour the
existing user space ABI seamlessly, PIE/POE seem better suited to harden
the use of RW vs RX mappings in user space (but WXN would seem more
appropriate for the kernel if it were limited to EL1 only).

However, Linux/arm64 is deployed widely on systems running vertically
integrated software stacks, where the ability to harden both the kernel
and user space in this manner is believed to be a useful feature.

Link: https://lore.kernel.org/all/ZfHG0oeDcF8N0ZOX@arm.com/T/#u

Cc: Joey Gouly <joey.gouly at arm.com>
Cc: Catalin Marinas <catalin.marinas at arm.com>
Cc: Will Deacon <will at kernel.org>
Cc: Marc Zyngier <maz at kernel.org>
Cc: Mark Rutland <mark.rutland at arm.com>
Cc: Ryan Roberts <ryan.roberts at arm.com>
Cc: Anshuman Khandual <anshuman.khandual at arm.com>
Cc: Kees Cook <keescook at chromium.org>

Ard Biesheuvel (2):
  mm: Add arch hook to map_deny_write_exec()
  arm64: mm: add support for WXN memory translation attribute

 arch/arm64/Kconfig                    | 11 +++++++
 arch/arm64/include/asm/cpufeature.h   |  8 +++++
 arch/arm64/include/asm/mman.h         | 16 ++++++++++
 arch/arm64/include/asm/mmu_context.h  | 30 +++++++++++++++++-
 arch/arm64/kernel/pi/idreg-override.c |  4 ++-
 arch/arm64/kernel/pi/map_kernel.c     | 23 ++++++++++++++
 arch/arm64/mm/proc.S                  |  6 ++++
 include/linux/mman.h                  | 32 ++++++++++++++------
 8 files changed, 119 insertions(+), 11 deletions(-)

-- 
2.44.0.278.ge034bb2e1d-goog

More information about the linux-arm-kernel mailing list